In 1993, the rock musician
Prince changed his name to an unpronounceable symbol, confusing record companies, concert venues, and even fans. It turned out to be one of the most productive times of Prince’s esteemed career, releasing two albums each year during this transition.
In 2020, the European Union is changing their Medical Device Directive (MDD) to the Medical Device Regulation (MDR). It’s confusing companies, distributers, and even auditors.
Yes, they’re related. Well… they’re related a little bit. This article is trying to help people understand the MDR by making it less daunting. The MDR is a 175 page document, with almost 191,000 words that include terms and concepts from other quality and regulatory standards. The best short summary I’ve been able to develop is:
Why:The former directive, MDD, allowed risky products to reach hundreds of thousands of European citizens; the MDR protects people
When:
May 2020, only MDR can be used for new products and “significant changes” to existing productsMay 2024, only MDR certified products can be sold in the European Union
What are some minor requirements
a qualified person must be dedicated to MDR compliance for each companyadditional and more strict pre-market classification; for example, some Class IIa devices will become Class IIb
What are some major changes:
Unique Device Identifiers (UDI) for all products throughout distributionComprehensive post-market surveillance and reporting according to strict methodsExtensive clinical data for each device or device class, depending on its risk categoryTechnical documentation replaces technical files; technical documentation includes all information from initial product requirements to post-market surveillance for each device or device class, depending on its risk categoryAll device risks must be reduced As Far As Possible (AFAP)
Let’s get back to Prince and the MDR.
In 1993, there was confusion about The Artist Formerly Known As Prince: How did you use a symbol to alphabetize his albums? How did you write his name on a contract? Why is he doing this? Despite that confusion he produced two albums per year, the record industry made millions of dollars, and everything turned out okay.
The transition from MDD to MDR will be the same. The companies that embrace change will become more effective and gain more market share. It will take 8-14 months for your transition, so I suggest starting as soon as possible. Don’t expect to understand every detail just yet; a first step could simply be appointing a qualified person who has existing knowledge, a desire to learn, and an ability to lead from within. Give them the time and resources to help your company while maintaining their work/life harmony.
This article digs deeper to help you prepare for the next steps.
BACKGROUND
Prince
In 1993, Prince, the rock musician, changed his name to a symbol.
At the time,
The Artist Formerly Known as Prince (
TAFKAP) was one of the world’s most famous musicians. But,
Warner Brothers Records owned his music and, practically, the name “Prince.” But, they did not own the new symbol, which he created and copyrighted it. Warner Brothers had to scramble to create fonts for the symbol, change contracts, explain the changes to record stores, vendors, etc. Concert venues didn’t know how to advertise his shows, Record stores were confused about how to alphabetize his albums, and lawyers didn’t know how to type his name on contracts.
From 1993-1996, TAFKAP released two albums per yer, accelerating the end of his contract with Warner Brothers Records, then signed to a different record company. In 2000, he changed his name back to Prince, after demonstrating that innovation and creativity can come from confusion.
Prince was one of the most creative musicians of our time, releasing 39 albums before he passed away in 2016. He died from an overdose of opioid-based pain medications. He
suffered from epilepsy, and
several sources reported that he had hip-replacement surgery due to pain. I wish him Peace.
Medical Devices in Europe
Why change?
An examples of patient risk under the former MDD are breast implants manufactured by a French company,
Poly Implant Prothèse (PIP). PIP used industrial silicone instead of medical-grade silicone; the industrial silicone was 7X cheaper than medical silicone, but was more prone to bursting, resulting in
harm and suffering for patients and lawsuits against the manufacturer and regulators. 400,000 women were affected, many of whom continue to suffer.
The MDR provides more safety regulations, re-classifies some devices to emphasize potential risk to patients, and creates a way to track each device through importers and distributors.
Time-Lines
2017: The MDR “entered into effect” already, which means that parts of it can be applied. This is nuanced, and beyond the scope of an overview article
May 2020: MDR is your only option for new products or “significant changes” to existing products; this is left ambiguous and it will be difficult to justify what’s not a “significant change”
May 2024: No product without MDR certification can be sold in European Union, even products that have been on the market for many years without changes; in other words, there’s no “grandfathering” and all products must comply with the MDR or they will be removed from sale
Minor Changes
Many requirements are the same as or not very different than previous directives.
Each manufacturer must designate at least one “qualified person” in their company who ensures compliance with MDR, and that person’s qualifications must be documented for review.Each distributor and importer must be trained and able to use the Unique Device Identifier system. These entities can be inspected by auditors, just like the manufacturer.”Technical documentation” replaces “technical files” as a more extensive list of documents that include pre-market planning, device design, manufacturing, and post-market surveillance; most of these documents should already exist for companies with ISO 13485 certified quality systemsMore products will be regulated. This won’t impact most companies, but products not previously considered medical devices, such as colored contact lenses and cosmetic implants, will require MDR compliance.Regulatory authorities and notified bodies can inspect any product at any stage of manufacturing or distribution to ensure it conforms to quality-system requirements for that stage.
The European Union is creating more agencies and programs to coordinate between countries and assist manufacturers with clarifications of requirements. This won’t significantly affect companies, but are useful to know because they’re for your benefit. For example:
Expert Panels provide technical and scientific expertise, and will be developing common specifications for some products to ensure uniformity between manufacturers.
Technical Working Groups are more focused than expert panels, offering classification of novel devices and detailing common specifications
EUDAMED database for Unique Device Identifiers (UDI), allowing full traceability of every medical device
Medium-Level Changes
There are several new regulations or additional requirements that may require more effort on your part, depending on your products and existing quality system.
More pre-market classification rules, and more strict risk classificationsUnique device indicators (UDI’s) for each product throughout its distribution chainAdditional post-market surveillance for for each device or device family that must be provided to the EU in Periodic Safety Update Report (PSUR)Additional clinical data requirements for each device or device group, depending on its classification
I’ll share details of these changes; skip to the next section if you’d rather not read them.
Pre-market classification
There will be a few changes to pre-market classifications. Don’t underestimate this step: the extent of your technical documentation and other time-consuming requirements all start with the device class, so ensure you’re on the right path before beginning any plan.
Class I products, which are the lowest-risk, such as bandages and thermometers, has these sub-categories:
Class I, generalClass IS, sterileClass IR, reusableClass IM, measure
Class IIa, IIb, and III categories haven’t changed, but they have additional rules and may be more strict than before; for example, some Class IIa devices are now Class Ib. Classifications are based on situations such as:
Duration of contact with the patient, such as a short procedure vs. a one-week implant vs. a permanent implantHow it’s introduced into the body, such as through a surgical procedure or natural oraficeIf the device is disposable or reusableWhere it’s used, such as on the skin vs. near the spinal chord.
Rather than list all of the situations, I created a “
MDR Game and Quiz“so that you can learn-by-doing. Classifications aren’t challenging, they just require going through the process a few times. My strongest advice is to do this step with a diverse team. Most mistakes I’ve seen were miscommunications from using medical terminology or interpreting the MDR, but a team would know more than any individual therefore teams should collaborate on this important step.
Unique Device Identifier (UDI)
A UDI will be required for all classes of medical devices, and must be on each device or the device’s label. UDI’s will be scanned and tracked, creating a record of each medical device throughout its distribution chain. Each UDI will be a combination of two parts:
A Device Identifier (DI), with the company’s identification and the device version or model
The Production Information (PI), unique to each, single device, which includes information such as:
Expiration dateManufacture dateManufacturing siteDistributors of each device, storage of each device, etc.
As I write this article, the European Union doesn’t have software in place to handle UDI’s, but it will eventually be hosted by the
European Databank on Medical Devices, EUDAMED. Further guidance is expected to unfold over the next year. European Union UDI’s will probably look like
FDA recommendations for UDI’s. In the example below, the UDI is given in a bar code, in addition to other information required.
The barcode uses a standard format, allowing automated scanning by all distributors, hospitals, etc., and can be read by a people without needing scanners.
In this example, the numbers in the parentheses indicate the different parts of the UDI.
Device Identifier (DI) – 12345678901234
Production Identifiers (PI):
Expiration Date: 140102Manufacturing Date: 100102Lot Number: A1234Serial Number: 1234
It’s important to re-emphasize that a UDI will be scanned by distributors, allowing complete traceability of medical devices. Currently, it won’t be required on external packaging, which seems to go against guidelines for traceability, so UDI requirements may evolve.
One difference between the European Union’s planned UDI process and the existing FDA process is that the FDA doesn’t require UDI’s for low-risk devices, but the EU will require them for all device classifications.
Post-market surveillance
Post-market surveillance means that a company proactively monitors real-world data of their products and similar, competitive products, reports adverse events to regulatory agencies, and uses all information to continuously improve products and company quality system processes, especially risk-management methods.
The MDR requires more diligent post-market surveillance than previous regulations, and prescribes how to to perform the surveillance. First, MDR requires a plan. This seemingly simple step is often overlooked by companies; specifically, it’s overlooked by project-planners and senior management in those companies. In my experience, companies that don’t focus on effective planning, which is different than extensive planning, have inefficient projects that are chaotic and introduce risk to patients.
More time sharpening an axe means less time chopping wood.
Good planning practices are a separate topic, but, generally speaking, a plan will describe be an exact, detailed, proactive process, including how to monitor adherence to the plan. That last step is often overlooked despite being critical for a process of continuous improvement: plan when and how to update and improve your plan based on real-world data and new regulations. The MDR gives specific, detailed requirements for what must be in your post-market plan in Annex III of the official regulation.
Each manufacturer must provide periodic reports for high-risk devices, which are Class III and implantable Class II devices, Classes IIa and IIb. This is through a Periodic Safety Update Report, or PSUR, which requires updates for Class III and IIb devices annually and to IIa devices at least every two years, or when there’s a “significant” change to the device risk through adverse event notifications or design changes.
Post-market surveillance also protects public safety: Each manufacturer must notify regulatory agencies of any serious incident within 15 days, and deaths within 10 days. If there’s a chance of public risk, this must be within 2 days.
The format and details of PSURs are out of scope for this article, but are easily found through your EU representative or an online search. What’s important is to know they will require more planning than previously, will be updated more frequently, and will be used with clinical data for technical documentation of each product or group of products, depending on the device classification.
Clinical data
Clinical data is a combination of medical literature review, current competitor information, and each product or product group’s unique information. The extent of clinical data depends on the device classification, and is ambiguous in the MDR. To help plan how much you need, consider that your clinical data will be submitted along with your post-market surveillance to justify if your product is “state of the art” and has reduced risk “As Far As Possible.”
Major Changes
In 1989 Chuck D, frontman of the hiphop band Public Enemy, asked the question: How low can you go?
In 2017 Europe replied: As Far As Possible.
I believe that most companies will struggle with the requirement that all medical devices must reduce risk As Far As Possible (AFAP). This is based on my experience consulting; your company may be an exception.
I wrote an article explaining AFAP based around the 80’s hiphop group Public Enemy, giving examples of where confusion may originate and steps you could take to gradually work towards complying, a technique from the Kaizen approach to continuous improvement.
The phrasing of AFAP guidelines in the MDR is almost identical to EN ISO 14971:2012, the European Union version of the international standard for risk management, ISO 14971:2007. In short, the MDR requires that for each product a company demonstrates:
All risks are reduced AFAP compared to state of the art, which is a combination of clinical data and post-market surveillanceCost can not be a factor in not reducing risk; if someone has found a solution to reduce risk you must, tooBenefit to the patient outweighs any residual risks
Reducing risk As Far As Possible requires understanding what is “state of the art.” In European law, this doesn’t mean the latest technology, it means the “generally accepted state of the art.” I demonstrate
how to make state of the art medical devices using a 1980’s television show about a self-driving, talking car. In 2018 we have self-driving cars, but that’s not “generally accepted state of the art” because there’s not enough history of driver safety yet. But safety features such as seatbelts, child safety seat connections, and anti-lock breaks are state of the art. Medical device state of the art is more complex than car safety features and I demonstrate this using case-studies from medical device failures that impacted society.
I consider reducing risk As Far As Possible a major change because it will impact all functions in a quality system. You can’t demonstrate AFAP if you don’t have a strong post-market surveillance system, clinical data process, or risk management policy that complies with EN ISO 14971. Also, and perhaps most importantly, many companies will not be able to comply with MDR risk requirements because they haven’t reduced risk As Far As Possible and will need to make design changes that require more time and resources than expected.
Challenges and Solutions
The MDR creates several challenges, not just in the work companies must perform, but in getting started. For example, the UDI database in EUDAMED doesn’t exist yet, which can be intimidating for anyone preparing for UDI’s. Also, “Common Standards” are still works-in-progress, “Notified Bodies” are over-scheduled and overwhelmed, and this is a new process for everyone, including consultants. But, just like everyone that adjusted to Prince’s new symbol, we’ll be fine.
The first few steps on your journey may look like this:
Designate a person in your company to be responsible for MDR complianceEnsure all of your distributors and importers are able to use the UDI bar-code system.
Create a list of your company’s internal documents that reference MDD by name, or by specific paragraphs, that will need to be updated as you re-certify your products
Create a list of your productsWrite their current MDD classificationWrite their new MDR classificationGive links to existing Technical Files (CE mark files)Give links to existing clinical data”Check off” things that haven’t changedMark things that have changed, such as a Class IIb becoming a Class IIICreate a Y/N column for “yes,” we may need more clinical data, or “no,” we definitely won’t need more clinical data.
Use the resources in this article to answer specific questions as they arise, or to find further training or consultants.Schedule internal audits as soon as possible.
My strongest advice is to start today, declare your intention, and put on earphones and
listen to Prince on Spotify while you maintain a positive attitude, focus on patient safety, and create work/life harmony for yourself and coworkers. If you do that, everything will be fine, and you’ll look back and realize you didn’t have to understand every detail if you have the right intention and the right method, which is a philosophical way to describe a quality system that continuously improves with the goal of reducing risk to patients.
Resources
We can’t all be Chuck Norris. I suggest reading the official regulations and online help guides, and hiring consultants who can help with concepts.
OFFICIAL REGULATIONS
PRIVATE-COMPANY SUMMARIES
PRIVATE-COMPANY TOOLS & FAQ’S
“Table of contents” for the EU MDR, which is, surprisingly, missing from the official document. This one includes a copy of the 175-page MDR, provided by Oriel STAT-A-MATRIX.
CONSULTING & TRAINING
AUDITING ORGANIZATIONS
IntertekBSI GroupTUV SUDUL
MY BLOG
Example:
Play Celebrity Jeopardy! to learn the MDR: I grouped celebrities that share common medical treatments and created a game where I give hints and you guess their treatment then classify the medical device under MDR rules.
If you found this useful, please “like” and share it so that others benefit.
MDR: the Medical Device Regulation formerly known as MDD
/in Uncategorized /by jasonpartinUse the resources in this article to answer specific questions as they arise, or to find further training or consultants.Schedule internal audits as soon as possible.
MaetricsLNE G-MedMDI Consultants
How Harry “The Hat” Anderson helped me learn Design, Risk, & Entrepreneurship
/in Uncategorized /by jasonpartinPlay Celebrity Jeopardy! to learn the European Medical Device Regulation
/in Uncategorized /by jasonpartinwith links in a table of contents
MaetricsLNE G-MedMDI Consultants
Understand the ISO process approach by using 1980’s pop-culture
/in Uncategorized /by jasonpartinwhich is based on the process approach.
is shown to link to all departments, because to monitor and control supply-chains so that things external to our quality system don’t become a weak link in our processes.
MaetricsLNE G-MedMDI Consultants
How 1980’s pop culture can help us make risk-based decisions in healthcare
/in Uncategorized /by jasonpartinand “Purchasing” surround all departments. The diagram shows that Purchasing is driven by Risk Management, which means that oversight of vendors is based on reducing risk, which requires information from all departments through a series of linked processes.
MaetricsLNE G-MedMDI Consultants
Steps away from addiction
/in Uncategorized /by jasonpartinDyslexia
/in Uncategorized /by jasonpartinemphasizing their creativity and ability to make complex connections that written words may have hindered.
Alysa MilanoJennifer Aniston
Cher
Mohamed AliTom CruiseJay Leno
International Dyslexia AssociationParent’s Education NetworkUniversity of Michigan’s Dyslexia tests
Remember:
Take these steps to increase your health & mental clarity
/in Uncategorized /by jasonpartinPractice being mindful of your breathing and mental clarity each day
OBEY, Charlie Brown
/in Uncategorized /by jasonpartinand learned that Nepal was recovering from a ten-year civil war, had a new democracy, and would be voting for the second time in their history.
His Obey logo became a popular clothing line. To be inexpensive, clothing was made in China, which borders Nepal and provides most of the cheap clothing worn by lower castes.
How to use ISO 14971 to improve a Risky Business
/in Uncategorized /by jasonpartin, which can include a dFMEA for design, a pFMEA for manufacturing processes, a system-level FMEA, a supplier FMEA, etc.
MaetricsLNE G-MedMDI ConsultantsGreenlight Guru
Common risk-analysis methods are: requires a company’s quality system to be a risk-driven process.