R&Q's Blog

Medical device industry news and trends - and the resources to understand and act on them.

 

Cybersecurity for Medical Devices: Questions and Answers

As the number of network connected medical devices increases, opportunities for improved patient care also increase. As a consequence, the vulnerability to cyber-attacks becomes a greater threat. Medical device cybersecurity threats can be dangerous for providers, networks, and device manufacturers. They can put patient safety at risk and/or create a breach of data. The FDA encourages manufacturers to consider potential cybersecurity risks and vulnerabilities “throughout the product lifecycle, including during the design, development, production, distribution, deployment and maintenance of the device.”

R&Q recently presented the webinar, Cybersecurity: Regulatory and quality ramifications. During the session we answered several of your questions, a sample of which are below. To see all of the questions and answers from the session, along with the slides and recording, check out the on-demand webinar.

MDUFA IV: More Than Just User Fees - FDA Reauthorization Act (FDARA) Passes Senate

Pending the expected signature of President Trump, MDUFA IV will be implemented (along with PDUFA VI and GDUFA II). Passage, including the associated rise in user fees for device manufacturers over the term of the act (FY18-22), was largely expected.

Legislative politics involve give-and-take, of course, and increased user fees are reasonably expected to result in systemic improvements in regulation, via industry favored initiatives. FDA has described their “give” portion of the give-and-take process in the document MDUFA Performance Goals and Procedures, Fiscal Years 2018 Through 2022. Unsurprisingly, focus remains on Total Time to Decision metrics for premarket submissions. The linked MDUFA Performance Goals document describes some of the approval or clearance process mechanisms by which improvements in Total Time to Decision might be achieved, as well as various cooperative review mechanisms planned. The Pre-Sub program will be continued, with specific requirements on response timing and meeting date options, and required publication of an updated version of the Request for Feedback on Pre-Market Submissions guidance document. Another provision of the bill requires annual reporting on the previous year’s inspection activities for device and drug facilities, including timing information. Those who have been subjected to lengthy or highly intermittent inspections, or delays in comment on response adequacy, are likely to welcome this additional scrutiny of inspection timelines.

Clarifying the Clinical Evaluation Requirements: A Case Study

About R&Q's Case Studies: We hope this Clinical Evaluation Report case study is valuable to you. Here are our currently available case studies. Subscribing to our blog is the best way to know when future case studies and other resources are available. Questions on this particular subject? Contact us.


Challenge

Design changes and MEDDEV 2.7/1 rev 4 compliance.

The client was implementing multiple design changes on a Class III implantable heart transplant device that required a submission to the Notified Body. As part of this submission, the Clinical Evaluation format needed to be updated to provide clarity and comply with MEDDEV 2.7/1 rev 4. The Notified Body provided feedback on the prior clinical evaluation reports and the client needed assistance in interpreting and addressing the feedback. The primary roadblocks / challenges were interpreting the information provided by the client, identifying and requesting any missing or insufficient documentation, and ensuring the information was comprehensive and understandable to the Notified Body once included in the Clinical Evaluation Report.

The Lowdown on Cybersecurity for Medical Devices

Every one of us has probably either been affected by or knows someone who has been affected by a cybersecurity vulnerability. Some attacks happen for the thrill, some to expose weaknesses between competitors, some for malicious intent, and some for money. We hear of these issues in our daily life - from computer viruses to financial incidents.

These types of threats have certainly surfaced in the medical device industry and we need to make sure we are positioned to address these early in the product development process and the post-market space. The ultimate goals are to make sure that a weakness in cybersecurity practices does not affect the functionality of a medical device in a harmful way, and to make sure sensitive patient data is protected as defined by region-specific regulations.

MDSAP: A Better Inspection Option for Device Manufacturers?

Note: This post is written by Jake O'Donnell, Senior FDA Compliance Principal at R&Q. Jake has more than 20 years of experience working for the FDA. Please join us for a free one-hour webinar on MDSAP, March 28th.

Medical device firms, are you looking forward to your next FDA inspection? I have conducted around 400 of them, and I am still trying to think of an instance when the firm was happy to see me. I never took it personally. FDA inspections can be stressful, not to mention they are very expensive and time consuming to support. Furthermore, FDA inspections are often followed by an unpleasant period of uncertainty regarding outcomes and adequacy of responses.

MDSAP: What is it? Is it for me? How will I get it done? [Webinar]

Part of your month, every month: R&Q Intelligence Series webinars are held on the fourth Tuesday of every month. These free webinars from some of the medical device industry's leading-most experts are designed for reporting on and analyzing the top industry trends and topics in the medical device space, each providing key and actionable takeaways for attendees. Slides and recordings will be made available to all registrants. Next up: April 25th, where we'll discuss EU MDR.

Review Controls Applied to Outgoing Data Streams (Because the FDA Might Be)

Medical device manufacturers need to carefully manage several important outward streams of information regarding their products. The regulatory community is generally most familiar with the data stream that relates to obtaining clearance to market devices, which involves communications directly with the FDA. The FDA data stream is customarily well integrated with a firm’s internal regulatory functions of review and approval. However, there are other data streams that are critical to the commercial success of device manufacturers.

Acquisition Regulatory Assessments: A Case Study

About R&Q's Case Studies: We hope this Acquisition Regulatory Assessments case study is valuable to you. Here are our currently available case studies. Subscribing to our blog is the best way to know when future case studies and other resources are available. Questions on this particular subject? Contact us.


Challenge

Investigating acquired products and associated FDA clearances.

A client took ownership of numerous products they had obtained through an acquisition. Remediation of the regulatory documents was needed, which included a review and evaluation of the 510(k) products to establish whether or not the current marketed products aligned with the existing FDA clearances. R&Q conducted a 510(k) inventory, which required a significant amount of investigation work to compile a list of all applicable products and associated 510(k) clearances, as well as non-filing justification (NFJ) with regard to design changes.

The REdI Fall 2016 Conference: Slides and Recordings

The Regulatory Education for Industry (REdI) Conference is an FDA-led forum that brings together the regulatory educators from FDA’s Center for Drug Evaluation and Research (CDER) and Center for Devices and Radiological Health (CDRH) to provide direct, relevant, and helpful information on the key aspects of drug and device regulations. The FDA holds these conferences only twice a year, which doesn't give medical device companies too much wiggle room when it comes to clearing their busy shedules to attend. So if you missed the conference, R&Q will fill you in!

Revamping Supplier Quality: A Case Study

About R&Q's Case Studies: We hope this Supplier Quality Remediation case study is valuable to you. Here are our currently available case studies. Subscribing to our blog is the best way to know when future case studies are available. Questions on supplier quality remediation? Contact us.


Challenge

The FDA found that not following your procedure is a problem.

A multibillion dollar client had a supplier quality process that was not being executed, and was not aligned to regulations (2CF820.50). Suppliers were not being audited at the prescribed regularity, some suppliers rated as low risk were making high risk parts, and others supplied product that did not meet current specifications. The results of an FDA inspection resulted in a Warning Letter that ultimately required third party audit certification. The organization had to react by proposing a plan to halt distribution of two product lines in order to focus on a permanent and comprehensive systemic solution.

Lists by Topic

see all