Regulatory and Quality Assurance | Michelle Lott | lean RAQA

Medical Device Compliance Do’s and Don’t’s

The medical device regulatory and quality realm is dense, confusing, and ever-evolving. Trying to navigate it alone can become overwhelming, and mistakes are more likely to occur. Don't set yourself up to take the wrong turn–let the leanRAQA team show you our map created over years of experience.

Contact us

The Roadmap of Medical Device Risk Management

For the purposes of this flowchart, we will be walking you through a real-life scenario involving a medical device that caused immense harm and thus became labeled as adulterated and misbranded due to the company’s lack of a proper risk management plan. During this FDA investigation, FDA got deeper and deeper into the quality management system. Ultimately, resulting in a whole lot of 483’s and money (lots and lots of money).

CAPA – Corrective And Preventive Actions

The FDA began investigating this medical device due to an increasing number of reported events resulting in inadequate product performance. During the initial inspection, FDA noted a particular CAPA that remained open for three years. When the CAPA was finally closed it didn’t identify any corrective actions so it was impossible to verify corrective actions or even determine if the issue was addressed at all. Uh-oh.

This prompted a review of process documentation.

Process Validation

The door was now open for the FDA to further inspect–creating more opportunities for other mistakes to be found.

(Validation Reports and DHR (Device History Record)

During the review of the product’s device history record, information on rejected product was discovered–It included nearly 60 rejected stylets during in-process testing. This finding changed the testing and inspection criteria completely. Additionally, the process validation reports did not document the rejected product identified during the validation process. Now, a 100% inspection had to be performed. This prompted a review of the NCR (non-conformance report) process.

Nonconforming Product

Scrap

About 4,000 stylets that failed in-process functional testing were identified and scrapped.

Non-Conformance Report (NCR)

However, NCRs were not initiated despite the unusually high failure rate.This ultimately led FDA to circle back to the CAPA process as a whole.

CAPA

Unfortunately for this MedTech company, no documented plan was in place addressing how the identified problem was going to be corrected. With no nonconformance or CAPA initiated, FDA could’t find evidence it needed so they dug even deeper.

Medical Device Risk Management

This was due to not having a proper medical device risk management plan in place. Complaints, nonconformance, CAPA, none of these systems were connected like they should be. There was no process for feeding the necessary information back into the quality system i.e. no clear path on how to handle rejected products.

Design Controls

The product issue was never addressed during design, and the medical device consequently caused fatal harm. This very unfortunate event prompted a review of complaints.

Complaints

(Complaints were being filed, but again, no system was in place to actually review this data. The complaints were filed and just sat there.

In fact, nine complaints were filed in just ten months. Including one involving a collapsed lung. These complaints should have prompted the company to address all available information associated with

  • The medical device
  • The clinical procedures
  • The resulting injuries

Yet again, no plan was in place to address how the information gained from complaints would address the root cause of the medical device’s issues. This prompted a review of postmarket surveillance.

Postmarket Surveillance (PMS)

The postmarket data (i.e. filed complaints) demonstrated a change in frequency for the associated failure modes. However, no one evaluated them, which is an important part of a product’s risk management process.

Risk Assessment

This company failed to take into consideration the severity of the injury reported during the PMS data acquisition. The complaint labeled the event as a “death,” the MDR (medical device reporting) described it as a serious “injury.”

This prompted a review of the MDR.

Medical Device Reporting

There were a lot of issues. First, there were no internal systems in place for the timely identification and evaluation of events that may be subject to the medical device reporting requirements. As a result, there were no available records to show the implementation of the MDR procedure, proving that no action was taken. Second, incorrect decisions were made when evaluating the complaints for reportable status. Finally, the information in the complaint records did not align with the information in the MDR.

All of this led to the conclusion that this medical device was adulterated and misbranded, and the company suffered the consequences.

Had a qualified RAQA team member been on board with this project, the company would have never found itself so far into this dark, scary, tragic (not to mention, expensive) place.

Assess Available Information – The leanRAQA Map

If the leanRAQA team was involved this scary trail could have been avoided.

Medical Device Compliance and Risk Management – Helps Keep Everyone Safe

Ready to learn how the leanRAQA team can help your company avoid these mistakes and make the correct decisions? Let’s talk. Schedule some time on my calendar, (button to Google calendar) and we can chat about other quality assurance and risk management horror stories we’ve seen as well as share some of leanRAQA’s successes.