Medical Devices' Big Regulatory Shake-Up: What Now?

The significant step changes in medical device transparency and traceability requirements, under new international regulations, don’t just affect manufacturers. Notified bodies, competent authorities, importers and distributors will also have to prepare for continuous surveillance and improved rigor around product safety. Ben Jacoby assesses the scope for disruption and advises on a practical response.

Ben Jacoby

Although today medical technology represents just seven per cent of healthcare spend in Europe, this includes some significant products which, if faulty or wrongly applied, could have catastrophic consequences for patients. It makes sense, then, that devices should be subject to more rigorous checks and controls which in some respects move closer to those that apply to medicinal products. And this is what is happening now. New EU Regulations for medical devices (MDR) are due to apply from mid-2020, and, for in vitro diagnostic medical devices (IVDR) two years later. 

While the new measures may feel fairly onerous to the medical device industry, few could object to the need for the sector to have greater safety surveillance. But what’s involved, and what should medical device manufacturers be doing now?

Rising to new rigorous standards

The challenge for the medical device industry is that, from now on, the sector is going to be forced through more stringent regulatory hoops which thus far it has largely escaped; and some organizations are ill-prepared for compliance. 

At a manufacturing level, for instance, pre-market clinical investigations in the past have tended to be the exception rather than the rule, compared with the extensive clinical trials required of most human medicines. Historically some safety checks and after-market vigilance have tended to be finite events – risk management before delivery, then perhaps a one-off post-market surveillance exercise a few years down the line to ensure that all is as it should be. But now, as outgoing European directives give way to formal and significantly updated regulations, all sorts of formal checks and continuous monitoring will be needed across a medical device’s entire lifecycle. 

Those manufacturers and other parties across the supply chain and regulatory ecosystem without a track record of these kinds of measures have a lot of catching up to do. As the typical medical device manufacturer in Europe tends to be fairly small in scale compared to the major pharma players, such companies may well lack sufficient infrastructure, IT systems and human resources to conduct the increased monitoring and reporting that now needs to happen.

Similarly, notified bodies, competent authorities, the European Commission itself, in addition to economic operators and especially importers and distributors of medical devices (who were not previously addressed specifically by medical device directives), must also get their own checks, controls and reporting facilities in order, so that everything joins up and patients are reliably protected.

Keeping public perception in mind

There is a lot of work to do, then; and there is no time to lose if all of these industry stakeholders are to be ready to comply with the new regulations within the next few years--and, more importantly, able to maintain and raise public confidence.

After all, the impact of all of this on patients, and those supplying or using higher-risk devices (clinicians, hospital operating theatres, nurses and so on), will be that they are able to look up complete, standardized information on a specific device, in a central database (‘Eudamed’, in Europe), and trace that product right back to its source. 

By assigning greater accountability to all of the parties along the supply chain for performing due diligence/risk management checks, this is ultimately what will drive up patient safety – that and the ability to quickly trace and recall products in the event of a problem.

In the US, which has taken a lead on medical device controls by specifying that high-risk devices carry standardized unique device identifiers, measures to formally improve industry traceability are advancing too. Meanwhile other regions around the world have already pledged to accept and uphold these international standards, even if they add their own nuances and proceed at a different pace toward these shared goals. So the pressures on getting this right are growing globally.

With the clock ticking, how should device manufacturers and organizations across the wider supply ecosystem proceed, to ensure they are compliant by the time they need to be?

Preparing the way

Although the Commission has yet to publish some of the required delegated and implementing acts, common specifications, and guidance, there is still plenty that the industry could-and should-be doing now.

A good first step is to seek the right advice. And while a consultant would say that, joining an appropriate trade association would serve this purpose just as well-a regional body like MedTech Europe, perhaps, or a national equivalent. 

Organizations will also need to assess where they are now, and where the main gaps in visibility or capability are, so that they can formulate a plan of attack. Whichever path they take, industry stakeholders need to move quickly now because the requirements under MDR (and IVDR) are extensive, and complex. 

For example, even a small manufacturer could have anything from 10 to 50 distributors, whose contracts may now have to be reviewed­­-all of which will take considerable time. From a systems perspective, meanwhile, companies must ask themselves how they will meet criteria including ‘readily searchable’ technical documentation. If such records do not yet exist in a standardized electronic form already, they will need to very soon. With all of the interdependencies between all of a company’s regulated information, it would certainly make sense to apply some kind of intelligence to its management, using appropriate software. (The regulations are very clear about the need for extensive reporting.)

Another consideration is that the adjacent pharmaceutical industry has been through very similar regulatory compliance preparations over the last 10-20 years, and jumped through many of the same hoops. So, for examples of best approaches - and what not to do - medicinal product companies and their technology/service providers could provide a valuable reference point; even if the scale of operations are likely to differ between the two sectors. 

Borrowing some of the lessons learnt could save reinventing the wheel, and enable some cost and efficiency benefits if medical device organizations can skip straight to the approaches that work well - avoiding data silos, and working towards a comprehensive, live and evolving record of the product ‘truth’ across a device’s lifecycle, which could serve the whole business in multiple ways in future.

Ultimately, regulatory vigilance is on an upward trajectory now, so the sooner the medical device industry can plan and take decisive, pre-emptive action, the greater the chance that organizations will be fully prepared as the compliance deadlines draw in.

Ben Jacoby PhD is an experienced regulatory consultant at Sensus Group Ltd. He recently presented his reflections and advice on medical device industry regulatory compliance at AMPLEXOR’s annual BE THE EXPERT industry forum in France.