Baltimore – The main problem for medical device makers cited for regulatory issues is risk management. According to the keynote address presented by Keisha Thomas at the RAPS Quality Conference, where Ms. Thomas is currently Associate Director for Compliance and Quality at the FDA’s Center for Devices and Radiological Health (CDRH), firms should understand risk management as something dynamic and ongoing rather than static.
The agency has been closely tracking compliance under its revised inspection process, known as CPM 7382.850, which recently came into use in lieu of the QSIT program as the result of the new QMSR regulation.
The New Risk-Based Inspection Landscape
FDA’s present strategy completely transforms the way investigations take place for medical devices:
- No Fixed Sampling Technique: Investigators use individual company risks and pre-inspection data (like medical device reports, recalls, and complaints) to guide them in the right direction.
- Comprehensive Examination: Instead of examining one sector at a time, investigators have been asked to investigate all six major areas of QMS.
- Inspection Vs. Audit: Though QMSR complies with the international ISO 13485 standard, Thomas reminded the audience that the FDA investigation was an inspection to ensure legal compliance.
Top QMSR Citations to Date
While Thomas noted it is too early to declare definitive long-term trends, the same historical quality issues are resurfacing under the QMSR, albeit in a different order of frequency:
- Risk Management
- Corrective Action
- Risk-Based Approach
- Complaint Handling
- Purchasing Process
Key Areas of FDA Scrutiny
Risk Management Problems
Regulatory agencies are holding firms accountable for lack of process and documentation showing that risk management informs decision-making in day-to-day operations.
The Main Problem: Many firms have established risk management documents but do not use them comprehensively and systematically in all aspects of their QMS.
CAPA is Dead!
The idea of Corrective and Preventive Action (CAPA) in its usual form has finally been officially separated from each other under the new standard.
Separation of Duties: Preventive actions can and should be implemented independently in QMS systems and don’t have to follow corrective actions.
New Term: FDA has already banned usage of CAPA inside their organization. At present, investigators observe a great number of ineffective corrective actions that are totally separate from preventive ones.
MDSAP Participants Cannot Avoid Inspections
MDSAP participants are no exception when it comes to unannounced FDA inspections. Whenever FDA’s risk-based selection process shows negative data intelligence such as increased complaints, MDRs, or recalls, MDSAP firms will undergo FDA inspection.
Takeaway for Medtech Manufacturers
Regarding his advice on how best to define risk for each category of QMSR, Thomas stressed that the FDA wants the company to understand risk as an ongoing process.
“The risk management program needs to be dynamic, living and breathing,” said Thomas. “Risk management is something that has to evolve. There needs to be continuous improvement in it, because there are always risks introduced, whether it is systems risk, whether it is product risk, whether it is clinical risk.”