Risk Management for Medical Device Manufacturerscancomdigital.com/epromos/Webinars/Qmed/FoF/ETQ/... · is presented using multiple examples of medical devices to demonstrate important
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
RISK MANAGEMENT FOR MEDICAL DEVICE MANUFACTURERS presented by: Michael Drues, Ph.D.
Risk management is an important and challenging topic for all medical device manufacturers. But what is risk and how do we manage it? There are many connotations of risk and many methods used to manage them. Although there are “industry standards” such as ISO14971 and others, risk remains a source of confusion for manufacturers and regulators alike. During this 3-part interactive webinar, a more systematic, engineering-minded approach to risk is presented using multiple examples of medical devices to demonstrate important concepts. Ultimately risk is not a simple matter! Following the webinar, participants will have a much better appreciation of the importance of risk and how to manage it.
Part I: Overview of Risk: Is risk really as simple as it seems?
What is risk, why is it important and what are the consequences of getting risk wrong? What are the different connotations of risk? What is regulatory risk and how is it factored this into the equation? How do we identify types of risk and estimate their importance?
Part II: Mechanics of Risk: What do we do with this information?
How does a risk mitigation strategy in a regulatory submission compare to a risk management plan in a quality system? Are they the same? What is a risk management file, what goes into it and how often should they be updated? What are the common approaches to risk management and the advantages/disadvantages of each? Is meeting the regulatory requirements or industry standards enough?
Part III: Advanced Topics in Risk: What are best practices and how do we avoid problems?
What’s the relationship between risk mitigation and product liability? How to handle risks in off-label uses without creating product liability nightmares? How do you identify risks in a truly new and novel medical device? How do we manage risk in combination products? What does the future hold?
What to know more? See:
Column: The Many Connotations of Risk in Device Development and Consequences Of Getting Them Wrong here. For more, visit my Guerilla Regulatory Strategy editorial homepage.
Speaker Biography Michael Drues, Ph.D., is President of Vascular Sciences, a consulting and training
company offering a broad range of services to medical device, pharmaceutical &
biotechnology companies including creative regulatory strategy & competitive regulatory intelligence, regulatory submission design, FDA presentation preparation
& defense.
Dr. Drues received his B.S., M.S., and Ph.D. degrees in Biomedical Engineering from
Iowa State University in Ames, Iowa. He has worked for and consulted with leading medical device, pharmaceutical and biotechnology companies ranging in size from
start-ups to Fortune 100 companies. He also works on a regular basis for the U.S.
Food and Drug Administration (FDA), Health Canada, the US and European Patent Offices, the Centers for Medicare and Medicaid Services (CMS) and other regulatory and governmental agencies around the world.
Dr. Drues is an internationally recognized expert and featured keynote speaker on cutting-edge medical technologies and regulatory affairs. He conducts seminars and short-courses for medical device, pharmaceutical and biotechnology
companies, the U.S. Food and Drug Administration (FDA), Health Canada, the US and European Patent Offices, the US
Centers for Medicare and Medicare Services (CMS) and other regulatory and governmental agencies around the world.
Finally, as an Adjunct Professor of Medicine, Biomedical Engineering & Biotechnology, Dr. Drues teaches graduate courses
in Regulatory Affairs & Clinical Trials, Clinical Trial Design, Medical Device Regulatory Affairs & Product Development, Combination Products, Pathophysiology, Medical Technology & Biotechnology at several universities & medical schools on-
Part I: Overview of Risk: Is risk really as simple as it seems?
What is risk, why is it important and what are the consequences of getting risk wrong? What are the different connotations of risk? What is regulatory risk and how is it factored this into the equation? How do we identify types of risk and estimate their importance?
Part II: Mechanics of Risk: What do we do with this information?
How does a risk mitigation strategy in a regulatory submission compare to a risk management plan in a quality system? Are they the same? What is a risk management file, what goes into it and how often should they be updated? What are the common approaches to risk management and the advantages/disadvantages of each? Is meeting the regulatory requirements or industry standards enough?
Part III: Adv. Topics in Risk: What are best practices and how do we avoid problems?
What’s the relationship between risk mitigation and product liability? How to handle risks in off-label uses without creating product liability nightmares? How do you identify risks in a truly new and novel medical device? How do we manage risk in combination products? What does the future hold?
What is Medical Device Risk Management?• Process for identifying, evaluating and mitigating risks associated with harm to people and
damage to property or the environment. Risk management is an integral part of medical device designand development, production processes and evaluation of field experience, and is applicable toall types of medical devices. The evidence of its application is required by most regulatorybodies such as FDA. The management of risks for medical devices is described by ISO 14971:2007 whichprovides a framework and requirements for management responsibilities, risk analysis and evaluation, riskcontrols and lifecycle risk management. – is meeting the requirements or standards enough?
• The European version of the risk management standard was updated in 2009 and again in 2012 to refer tothe Medical Devices Directive (MDD) and Active Implantable Medical Device Directive (AIMDD) revision in2007, as well as the In Vitro Medical Device Directive (IVDD). The requirements of EN 14971:2012 arenearly identical to ISO 14971:2007. The differences include three Z Annexes that refer to the new MDD,AIMDD, and IVDD. These annexes indicate content deviations that include the requirement for risks to bereduced as low as possible, and the requirement that risks be mitigated by design and not by labeling onthe medical device (i.e., labeling can no longer be used to mitigate risk). – not true!
• Typical risk analysis and evaluation techniques adopted by the device industry include hazard analysis,fault tree analysis (FTA), failure mode and effect analysis (FMEA), hazard and operability study(HAZOP), and risk traceability analysis for ensuring risk controls are implemented and effective. – safetyand efficacy of any device (risk tool) is a strong function of the skill level of the user!
• FDA introduced another method named "Safety Assurance Case" for medical device safetyassurance analysis. The safety assurance case is structured argument reasoning about systemsappropriate for scientists and engineers, supported by a body of evidence, that provides acompelling, comprehensible and valid case that a system is safe for a given application in agiven environment. A safety assurance case is expected for safety critical devices (e.g. infusiondevices) as part of the pre-market clearance (510k). – always been my approach!
Why is Risk Important?“At the time of premarket evaluation, however, it is not feasible toidentify all possible risks or to have absolute certainty regarding atechnology’s benefit-risk profile. Among other reasons, studiesrequired to do so would likely be prohibitively large in order tocapture less frequent and more unpredictable effects orconsequences. In addition, such larger studies still may not reflectthe true benefit-risk profile of the device. Once a device is on themarket, for example, doctors may use it beyond the FDA clearedintended use. In addition, subsequent modifications to the deviceor changes in how the device is used in practice can result in newsafety risks or greater frequency of known risks.”
Jeffrey Shuren, M.D., J.D., Director of FDA’s Center for Devices and Radiological Health
FDA is working with hospitals to modernize data collection about medical devices, FDA Voice (October 24, 2016) available here.
Tests that measure levels of CA 125 protein in the blood are widely used to screen for ovarian cancer, but an FDA review found that the tests are not an accurate, reliable method for screening asymptomatic women. The agency said there is no foolproof
method of screening ovarian cancer, and erroneous results may cause women to receive unnecessary care and follow-ups or forgo necessary treatment.
STAT News (Sept. 7, 2016) available here.
Why is this important to device companies?Hint: What’s the fastest growing segment of the medical device industry?
What risks bucket(s) are being considered (or not considered) here?
Risk Management should not be about a hard and fast set of rules… it’s about understanding the intent and
approaching the process in a logical and systematic fashion.
In other words…
Don’t just follow the rules… think!
“Rules are mostly made to be broken
and are too often for the lazy to hide behind.”General Douglas MacArthur (1880 –1964) was an American general in the US Army during the 1930s and played a prominent role in the Pacific theater during World War II. He was one of only five men
ever to rise to the rank of General of the Army in the U.S.
Part I: Overview of Risk: Is risk really as simple as it seems?
What is risk, why is it important and what are the consequences of getting risk wrong? What are the different connotations of risk? What is regulatory risk and how is it factored this into the equation? How do we identify types of risk and estimate their importance?
Part II: Mechanics of Risk: What do we do with this information?
How does a risk mitigation strategy in a regulatory submission compare to a risk management plan in a quality system? Are they the same? What is a risk management file, what goes into it and how often should they be updated? What are the common approaches to risk management and the advantages/disadvantages of each? Is meeting the regulatory requirements or industry standards enough?
Part III: Adv. Topics in Risk: What are best practices and how do we avoid problems?
What’s the relationship between risk mitigation and product liability? How to handle risks in off-label uses without creating product liability nightmares? How do you identify risks in a truly new and novel medical device? How do we manage risk in combination products? What does the future hold?
March, 2017
Risk Management
for Medical Device Manufacturers
14For additional information, www.linkedin.com/in/michaeldrues,call (508) 887-9486 or e-mail [email protected]
FTC cracks down on melanoma risk-detection apps with unsupported claims
FTC has taken action against two melanoma detection apps: MelApp and Mole Detective.
Both apps claim to provide an “automated analysis of moles and skin lesions for symptoms of melanoma and increase consumers’ chances of detecting melanoma in its early stages”
In 2011 FTC took similar action against two acne apps
FTC commissioner Maureen Ohlhausen dissented saying: “Health-related apps have enormous potential to improve access to health information for underserved populations and to enable individuals to monitor more effectively their own wellbeing, thereby improving health outcomes. Health-related apps need not be as accurate as professional care to provide significant value for many consumers. The [FTC] should not subject such apps to overly stringent substantiation requirements, so long as developers adequately convey the limitations of their products.
[FTC] should be very wary of concluding that consumers interpret marketing for health-related apps as claiming that those apps substitute for professional medical care, unless we can point to express claims, clearly implied claims, or extrinsic evidence. If FTC continues to adopt such conclusions without any evidence of consumers’ actual interpretations, and thus requires a very high level of substantiation for health-related apps, we are likely to chill innovation in such apps, limit the potential benefits of this innovation, and ultimately make consumers worse off.”
Summarized from Mobile Health News (Feb. 23, 2015) available here and Health Data Management (Feb. 24, 2015) available here.
Issues to Consider:
FDA vs. FTC (i.e., FTC View of Medical Claims ≠ FDA View of Medical Claims)
Case Study: PillCamGiven Imaging’s PillCam COLON Approved Via De Novo Pathway
Indication: incomplete colonoscopy for reasons other than inadequate preparation
Cleared via de novo pathway for low-risk devices with no [direct] predecessor on the market
Clinical trial of 884 patients, PillCam identified 69% of patients with ≥ 1 polyp measuring≥6mm and 65% with ≥ 1 polyp ≥ 10mm [Why a clinical trial?]
Device has video camera at either end and transmits 4-35 frames per second over a 10-hourperiod to a recording device worn by patient computer compiles video footage [video (10 sec)]
FDANews, Feb. 3, 2014
Why (how) was this de novo-able? Hint: risk mitigation is key!
Many connotations of risk:
• Probability of direct harm to the patient / Risk to user/operator
• Probability of not using the device/drug (other options?)
• Probability of providing the “wrong” information (all diagnostics!)
• Many other types of risk
Bottom line: must acknowledge and mitigate all to maximize probability of success!
How was this brought to market? More importantly… why?
Colon Capsule Imaging System Risks and Mitigation Measures
Identified risk Mitigation measure
Adverse tissue reaction Biocompatibility.
Equipment, malfunction leading to injuryElectrical safety, thermal and mechanical safety. Software validation, verification, and hazard analysis. Non-clinical testing. Labeling.
Interference with other devices and with this device (e.g., interference with image acquisition, patient information compromised)
Part I: Overview of Risk: Is risk really as simple as it seems?
What is risk, why is it important and what are the consequences of getting risk wrong? What are the different connotations of risk? What is regulatory risk and how is it factored this into the equation? How do we identify types of risk and estimate their importance?
Part II: Mechanics of Risk: What do we do with this information?
How does a risk mitigation strategy in a regulatory submission compare to a risk management plan in a quality system? Are they the same? What is a risk management file, what goes into it and how often should they be updated? What are the common approaches to risk management and the advantages/disadvantages of each? Is meeting the regulatory requirements or industry standards enough?
Part III: Adv. Topics in Risk: What are best practices and how do we avoid problems?
What’s the relationship between risk mitigation and product liability? How to handle risks in off-label uses without creating product liability nightmares? How do you identify risks in a truly new and novel medical device? How do we manage risk in combination products? What does the future hold?
‘Reprocessing Medical Devices in Health Care Settings: Validation Methods and Labeling’ (CDRH Guidance, March, 2015) available here.
US: Draft guidance 2011 Final March, 2015
literally days after UCLA story broke… coincidence?
By comparison, Health Canada final their guidance in 2011… long before the recent tragedies! Why?
‘Information to Be Provided by Manufacturers for the Reprocessing and Sterilization of Reusable Medical Devices’ (Health Canada, June, 2011) available here.
What types of devices are subject to this guidance?
• Bronchoscopes (flexible and rigid) and accessories• ENT endoscopes and accessories• GI and Urology Endoscopes with elevator channels (not including accessories) [e.g.,
duodenoscopes for ERCP]• Automated Endoscope Reprocessors (AERs)• Colonoscopes (not including accessories)• Neurological endoscopes (not including accessories)• Arthroscopes and accessories• Laparoscopic instruments and accessories
Note disclaimer at bottom:
“In the future this list may be updated as additional information regarding reprocessing medical devices becomes available.” – recommendation: don’t consider this an exhaustive list!
My recommendation:
“A well-designed and properly validated cleaning procedure likely will be a requirement of most, if not all, regulatory submissions in the future: 510(k)s, premarket approvals (PMAs), etc.” [Drues, 2015]
What about devices previously cleared or approved? – Don’t be surprised if you get a knock on your door…
Consult this guidance for all devices labeled for reuse!
Current reprocessing device list available here as of March, 2015
Taking inspiration from one of best…“Here's to the crazy ones. The misfits. The rebels. Thetroublemakers. The round pegs in the square holes. The oneswho see things differently. They're not fond of rules. And theyhave no respect for the status quo. You can quote them, disagreewith them, glorify or vilify them. About the only thing you can't dois ignore them. Because they change things. They push thehuman race forward. And while some may see them as the crazyones, we see genius. Because the people who are crazy enoughto think they can change the world, are the ones who do.”
Steve Jobs (1955 – 2011), entrepreneur, marketer and inventor, the co-founder of Apple Inc. and widely recognized as a pioneer of the personal computer revolution.
More importantly…
“Imagine where we could be if discontent for the status quo was the norm rather than the exception.”
Can you guess who said this?
Published in MED Device Online available here.
The Many Connotations Of Risk In Medtech Development — And The Consequences Of Getting Them Wrong
by Michael Drues, Ph.D., author of Guerilla Regulatory Strategy
Publication Date: August 6, 2015 Page 1 Copyright 2015 by Michael Drues, Ph.D. All rights reserved.
Risk assessment and risk management in the medical device industry typically start with a brainstorming session. Members of the product
development team sit down together, start randomly rattling off risks
as they come to mind, and write them all down on a piece of paper. I call this the ‘cherry-picking’ approach to risk, because it is an almost
haphazard process. Regardless of whether you spend an hour or a year brainstorming on risk, in the end you can never be certain you have
captured all the potential risks.
To help offset the inherent shortcomings of brainstorming sessions, I recommend a more systematic, engineering-minded approach. Start by
breaking risk down into three main types —or buckets — similar to the medical device classification system, where we have Class I, II, and III.
The first category of risk is what I call the “probability of direct harm.” This is the most obvious connotation of risk and the one most people think of first. What is the likelihood that somebody — usually the patient, although sometimes it is a
caregiver — experiences harm caused directly by the use of your medical device?
Bucket number two is the “probability of harm caused by not using your device.” In other words, what other options does the patient have if they don’t use your device? Are there other devices that could be used instead? Are there drugs or
surgical procedures that could be used? Or perhaps there are no alternatives at all.
Evaluating the probability of harm caused by not using the device is actually a requirement of FDA’s premarket approval
(PMA) process, but not the premarket notification, or 510(k), process – although there has been some discussion about
adding it to the 510(k) pathway, as well. In the PMA world, this form of risk is what the regulation calls “alternative practices or procedures.” Since PMA devices are, by their nature, more complicated — often life-sustaining or life-
supporting kinds of devices — it makes sense to take into account other options the patient might have.
From the manufacturer’s perspective, the least burdensome path is if you are working in an area where the patient is in
eminent danger of demise and there are no other options. At that point, you can argue that your device is better than
nothing. In this case, the bar for safety is set at its lowest level – as it should be in these types of situations – but this is not usually the case in the 510(k) world.
The third risk bucket is the “probability of providing the wrong information.” This type of risk is endemic in all diagnostic devices (i.e., patient monitors, imaging systems, and in vitro diagnostics, including companion diagnostics, just to name a
few). Any time your device is providing actionable information, especially diagnostic or treatment information, to either the physician or the patient, you must consider ‘what is the probability that your device is providing inaccurate or wrong
information?’
For example, in an in vitro diagnostic (IVD) device for cancer, what is the likelihood that your device says the patient has cancer when, in fact, they do not (i.e., a false positive)? Alternatively, what is the likelihood that your device says the
patient does not have cancer when, in fact, they do (i.e., a false negative)? Of course, in this example, the risk of a false negative is much more problematic than a false positive. Nonetheless, there are ways to mitigate both of these risks –
something that a savvy regulatory professional should always do.
These three types of risks are important in a regulatory sense, because you have to mitigate all of them in your submission, regardless of your regulatory pathway (i.e., 510(k), PMA, de novo). However, risk is also important from a
design control perspective.
Regulatory Risk vs. Design Control Risk
While there is certainly some overlap between risk presented in a regulatory submission and risk in the context of design controls, these risks are not carbon copies of one another. Unfortunately, I have seen companies literally copy and paste
the risk management plan from their design controls into their regulatory submission.
Such submissions are destined to fail, because the design control connotation of risk is narrower than the regulatory connotation of risk. In a design control context, the risk management plan is pretty much limited to the first bucket of
risk, the probability of direct harm. However, on the regulatory side, the risk mitigation strategy is a vital component of all regulatory submissions, especially 510(k) and de novo.
The Many Connotations Of Risk In Medtech Development — And The Consequences Of Getting Them Wrong
by Michael Drues, Ph.D., author of Guerilla Regulatory Strategy
Publication Date: August 6, 2015 Page 2 Copyright 2015 by Michael Drues, Ph.D. All rights reserved.
The two most important parts of a 510(k) are the substantial equivalence argument and the risk mitigation strategy. Quite frankly, it doesn’t matter if you fill out all the forms properly: Without a rock-solid substantial equivalent argument
and a bulletproof risk mitigation strategy, you probably will not be successful with your 510(k), and certainly not your first
attempt.
The de novo is even more straightforward than the 510(k) because, in the de novo, there is no substantial equivalence
argument – if there were, you would not be in the de novo pathway. So, a successful de novo submission comes down to only one thing: risk mitigation strategy. You have to mitigate all three categories of risk in order to be successful with the
de novo.
How To Address Risks You’d Rather Not Draw Attention To (In Your Submission)
In my opinion, there is a big difference between writing a regulatory submission and designing a submission. As an
engineer, it doesn’t matter if I’m designing a medical device, designing a clinical trial, or designing a regulatory submission — design is design. But, when it comes to regulatory submission design, the way you present your
information — not just what you say and how you say it, but what you don’t say and how you don’t say it — is critically important.
This is especially true of risks to which you might not want to draw attention. Take, for example, a very simple medical
device, like a hypodermic syringe. This device can be very useful for injecting drugs, taking blood samples, etc. But, without much imagination, you can imagine it causing a lot of harm, as well.
Which begs the question: hypodermic syringes have been around for a long time but, if you were developing the first hypodermic syringe today, would it get on the market? This is the medical device equivalent of asking “if Aspirin was new
today, would it get on the market?” This is not a simple question!
Most people present risks in some sort of order in a submission, either by frequency (from most frequent to least frequent) or severity (from most severe to least severe). But presenting risks in this manner draws attention to them —
something you may not wish to do.
So, take a different approach. The regulation does not tell you how to present risks in a submission. It doesn’t stipulate
that you list them in any particular order. It doesn’t specify how many risks to include. That’s up to you.
Why not present the risks in random order, rather than by frequency or severity? And why not include a lot more risks than you otherwise might, so as to not draw attention to certain other risks? This approach dilutes the pool, so to speak.
It is not dishonest, as the information is in the submission — you just aren’t drawing attention to it. This is just one way regulatory professionals can design a regulatory submission, rather than merely write one.
Conflicting Positions On Risk
Often, what we want to accomplish from a regulatory perspective is diametrically opposed to what we want to achieve
from another perspective. For example, consider the tension between risk mitigation and product liability. The underlying
assumption, in both regulatory submissions and design controls, is that the scope of the conversation is limited to risks associated with on-label use of the product.
Not long ago, a large medical device company invited me to help facilitate a brainstorming session to develop a risk management plan, as required by the design controls for their new device. We were going through the different buckets
of risk, and people were coming up with all the different risks they could imagine associated with the on-label use of this
device. Then, the topic of risk associated with off-label use came up. As soon as that happened, the ranking person in the room, a senior VP at this medical device company, said “this meeting is over.” Why? Because of product liability.
If a device causes harm to a patient, the manufacturer will undoubtedly get sued (I’ve been involved in several of these kinds of cases). And, if opposing counsel can show that the company knew, should have known, or even was thinking
about risks associated with off-label use of its device that were not sufficiently mitigated, the company can be held to a higher level of liability.
Massachusetts politician Martin Lomasney famously said, “Never write when you can speak; never speak when you can
nod; never nod when you can wink.” A more modern twist on this saying came from Elliot Spitzer, the former governor of New York, when he said, “Never talk when you can nod, never nod when you can wink, and never write an email,
The Many Connotations Of Risk In Medtech Development — And The Consequences Of Getting Them Wrong
by Michael Drues, Ph.D., author of Guerilla Regulatory Strategy
Publication Date: August 6, 2015 Page 3 Copyright 2015 by Michael Drues, Ph.D. All rights reserved.
because it’s death. You're giving prosecutors all the evidence they need!” The same discretion is necessary in medical device product liability.
Documenting risks associated with the off-label use of your device — which is basic engineering (common sense, one
might say) — can be the kiss of death if your device causes harm and you get sued. Opposing counsel simply will subpoena the email or meeting notes and say, “Back in August 2015, you had this brainstorming meeting and talked
about this particular form of risk….”
From a regulatory perspective, you want to document everything but, from a product liability perspective, you want to
document nothing! My advice to you, tongue in cheek, is to document everything and then, as soon as you do, shred
everything. Pragmatically speaking, though, after years of playing this game, here is my advice: At the beginning of your risk brainstorming meeting, agree to limit the discussion to risks associated with the on-label use of the device — but that
should never go into your meeting notes!
In a related example, the CEO of a company I recently worked with was presenting at a medical conference. He started
going a little bit off-script, discussing off-label uses for the company’s new medical device. To make a long story short, there were a couple of FDA staffers sitting in the audience. Talk about getting your hand caught in the cookie jar.
But here’s the thing: Every single person in the room, including the folks from FDA, knew that, in reality, the device was
going to be used in the off-label ways described. Unfortunately, this tension between regulatory and other priorities is incentivizing medical device companies to avoid asking important questions and addressing important issues. We have
become like ostriches sticking their heads in the sand, pretending these things don’t happen. From a humanitarian perspective, how does this make the world a better place?
Including Off-Label Uses In Risk Management — Without The Product Liability Headaches
Avoid creating product liability issues when developing your risk management plan by following this simple advice: Don’t design your regulatory strategy in isolation. You need to design your regulatory strategy in conjunction with your product
liability strategy, your reimbursement strategy, your intellectual property strategy, and everything else. Just like the human body, nothing in regulatory strategy exists in isolation — every part is in constant communication with everything
other part.
In addition, I would recommend designing your labeling, especially the high-level labeling — which includes label claims and indications for use — just like you would design your physical device. Again, to me, design is design.
For example, during a recent project, we designed the product labeling at the same time we designed the device. We designed them to be in sync with one another. Just like in product development, where we may come up with five or six
different prototype designs and evaluate the merits of each, we came up with five or six potential indication-for-use statements for the same device, and we did a regulatory burden assessment on each one. In other words, if we say this,
we must prove that; if we say that, we must prove this, and so on.
We presented the different indication-for-use statements to the senior management team, along with the regulatory burden assessment. Representatives from regulatory, reimbursement, marketing, legal, and other departments
participated in the discussion. We were able to decide, as a company, where the labelling “sweet spot” was for that particular company and that particular device. This process formed what the company would say from a regulatory
perspective, from a marketing perspective, from a product liability perspective, etc.
That sweet spot — that fulcrum, or balance point, or whatever you want to call it — will be different for every company. They key to finding it is getting context and input from all the different functional groups within the organization.
Another Form Of Risk To Consider
There is one more form of risk I would like to briefly touch upon: regulatory risk.
Unlike the three buckets of risk we discussed previously, regulatory risk is something I never talk about at FDA or any other regulatory agency because, frankly, it’s not their concern. It is, however, something I talk about a lot with the
medical device companies I work with.
Regulatory risk has two connotations. The first is the probability of being unsuccessful when trying to “sell” your regulatory strategy to a particular regulatory agency. Every regulatory strategy holds a certain degree of regulatory risk.
You can mitigate it, you can minimize it, but you cannot eliminate it.
The Many Connotations Of Risk In Medtech Development — And The Consequences Of Getting Them Wrong
by Michael Drues, Ph.D., author of Guerilla Regulatory Strategy
Publication Date: August 6, 2015 Page 4 Copyright 2015 by Michael Drues, Ph.D. All rights reserved.
When considering different regulatory strategy options, it is important to assess regulatory risk. Potential regulatory strategy one might carry a relatively low regulatory risk. Strategy two might be moderately risky, while strategy three is
high-risk. Although regulatory risk is nearly impossible to quantify precisely, you can assign an approximate value (low,
medium, or high, in this example).
The second connotation of regulatory risk is what I call “the probability of getting smacked.” For example, what is the
likelihood that you make a marketing claim and somebody (FDA or otherwise) comes back to you and says, “Hey, you’re saying this about your product. How do we know that’s true? Prove it.”?
You need to consider both the probability that someone will call you out on a claim and the likelihood you will be able to
defend it. This is more than a regulatory decision — it’s a business decision.
Some companies tend to be a little more aggressive. They push the envelope a little more, and make pretty bold claims
(Sometimes, you see these claims being advertised on TV!). On the other end of the spectrum, some companies are very, very conservative.
It’s important to understand the different options and their potential ramifications. If you make one claim, your risk of getting smacked may be pretty high, but it may also be easy to defend. With another claim, your risk may be low, but it
may be harder to defend.
To illustrate, consider a binky, also known as an infant pacifier. One manufacturer makes the label claim, displayed prominently on its package, “promotes healthy oral development”’ This is a very nebulous label claim but, in the
regulatory world, the more vague or non-specific the claim, the better. Why? Such a claim is very difficult to define (what does “promotes healthy oral development” mean?), and therefore the “probably of getting smacked” is low.
Furthermore, if you do get smacked, it is easy to defend yourself. If the manufacturer made a more specific medical
claim (i.e., use our binky and reduce the likelihood of gingivitis), that would be a completely different story and its regulatory risk would be much higher.
While publically, FDA is not fond of nebulous label claims, there are many examples of devices that have them. On the flipside, the Centers for Medicare and Medicaid Services (CMS) is not at all fond of nebulous label claims and typically will
not reimburse for them. This is another example of how regulatory strategy and reimbursement strategy can sometimes
be diametrically opposed, and it’s up to the manufacturer to find a “sweet spot” in between the two.
As an aside, some chuckle when I use very simple examples like pacifiers, but consider this: Albert Einstein said, “if you
can’t explain something simply, you don’t understand it well enough.” If we can’t explain the regulatory logic using a pacifier — something that everyone can understand — how can we apply the same logic to a much more complicated
medical device, like a vena cava filter?
Consider this: Recently, a manufacturer received an FDA warning letter because it claimed its wheel chair cushion would
“reduce causes of skin tissue trauma.” This is a relatively strong claim for a product that was never cleared or approved
by FDA and, as a result, the manufacturer got ‘smacked’ with an FDA warning letter.
Like many such manufacturer problems, this situation was totally avoidable! How? There are two choices: Make a more
nebulous claim (i.e., “Our cushion makes your rear-end feel better,”), or go through the clearance or approval process and prove the claim so you can use it to your competitive advantage.
Of course, there are advantages and disadvantages to both approaches but the lesson to be learned is this: It is not enough to be careful with what you say – you must also be careful with how you say it!
Key Takeaways
The most important thing to remember regarding risk is that it is not a simple matter. There are many different connotations of risk: We talked about several important ones in regulatory submissions and design controls, but obviously
there are other forms — financial risk, for example.
In addition, medical device manufacturers need to understand the impact of risk mitigation strategy on a regulatory
submission. As I said before, that can make or break your regulatory submission, especially if it’s a 510(k) or a de novo.
Your risk management plan is also very important, not just to meet the design control requirements, but in terms of product liability, as well.
The Many Connotations Of Risk In Medtech Development — And The Consequences Of Getting Them Wrong
by Michael Drues, Ph.D., author of Guerilla Regulatory Strategy
Publication Date: August 6, 2015 Page 5 Copyright 2015 by Michael Drues, Ph.D. All rights reserved.
Finally, I would urge you to carefully consider not only what you say regarding risk, but also what you don’t say. There are many shades of grey. Some people don’t like shades of grey, but I personally love them in regulations. The
ambiguities, the vagueness gives you the wiggle room to do what you think is necessary, as opposed to having regulation
that is very specific. Unambiguous regulation makes it more of a challenge (but not impossible) to argue the value of doing something in a new or different way.
About the Author
Michael Drues, Ph.D., is President of Vascular Sciences, an education, training, & consulting company offering a broad range of services to
medical device, pharmaceutical & biotechnology companies including (but not limited to): stimulating & innovative educational programing,
Published in MED Device Online (April, 30, 2015) available here. / Listen to the podcast available here.
Can We Design Medical Devices To Be Reprocessed Without Killing People?
by Michael Drues, Ph.D., author of Guerilla Regulatory Strategy
Publication Date: April 30, 2015 Page 1 Copyright 2015 by Vascular Sciences and Michael Drues, Ph.D. All rights reserved.
Author’s note: for those unfamiliar with this case, I suggest watching the news video UCLA Warns Nearly 180 Patients About Dangerous Superbug Exposure (NBC News, Feb. 18, 2015) available here.
Reprocessing has taken center stage in the medical device
industry over the past two months, thanks to several high-profile
“superbug” outbreaks that were linked to the use of
contaminated duodenoscopes (type of endoscope) at two
prominent U.S. hospitals.
First, UCLA's Ronald Reagan Medical Center reported that up to
179 of its patients may have been exposed to a drug-resistant
bacterium called carbapenem-resistant Enterobacteriaceae (CRE) during procedures involving duodenoscopes —
and two of those patients had died. Two weeks later, Cedars-Sinai Medical Center confirmed that at least four of its
patients, and as many as 71 — had contracted CRE during the same procedure involving the same brand of
endoscopes.
Much panic and finger-pointing ensued. The hospitals maintained that they had followed the manufacturer’s
instructions to a “T” when cleaning the devices. Several of the victims and victims’ families promptly filed lawsuits
against the manufacturer. The FDA issued a safety alert, which was followed almost immediately by final guidance
on the reprocessing of reusable medical devices. Even the White House got involved, announcing a five-year
roadmap to combat antibiotic-resistant bacteria in the United States.
How did we get to this point as an industry? What can we do to ensure this type of problem doesn’t occur with our
medical device designs? And what will the future hold when it comes to the reprocessing of medical devices? Let’s
explore these (and other) questions related to this significant and timely issue.
How We Got Here: The Regulatory Backdrop
The reprocessing of medical devices — or more specifically, the cleaning and sterilizing of devices that have been
previously used (e.g., surgical instruments) — has been happening since the earliest days of medicine. However,
the medical device industry has not been overly concerned about reprocessing, because it largely has been
conducted by hospitals and therefore lies outside the FDA’s oversight. As everybody knows, FDA does not regulate
the practice of medicine, and it can easily be argued that reprocessing (like usability, pharmaceutical compounding
and 3D printing) is the practice of medicine.
Obviously, that position quickly erodes in the face of an issue like the one that occurred with the duodenoscopes.
Believe it or not, back in 2011, FDA issued draft guidance on the reprocessing of medical devices in healthcare
settings, including endoscopes. The guidance was very controversial at the time, because it was another example of
regulatory expansion, or what I like to call the regulatory big bang, where FDA increases its reach into areas where,
historically, it didn’t have jurisdiction.
(Regulatory expansion like this is not necessarily a bad thing. However, it is not something FDA should do
unilaterally. Rather, what FDA regulates and what they do not is a matter of healthcare policy and therefore should
be discussed and debated as a society.)
Unfortunately, it took four years for that guidance to be finalized. Coincidentally, the final guidance was released in
March 2015, literally days after the UCLA story broke. For the sake of comparison, our friends in Ottawa, Health
Canada, put out their final guidance on the same topic back in 2011.
Why the heck did it take so long? More importantly, what does the guidance — or, indeed, any regulation — really
accomplish? One of my favorite adages is that we followed the regulation perfectly, but the patient died anyway.
Published in MED Device Online (April, 30, 2015) available here. / Listen to the podcast available here.
Can We Design Medical Devices To Be Reprocessed Without Killing People?
by Michael Drues, Ph.D., author of Guerilla Regulatory Strategy
Publication Date: April 30, 2015 Page 5 Copyright 2015 by Vascular Sciences and Michael Drues, Ph.D. All rights reserved.
We have to always look for similarities where no similarities seem to exist. Don’t think of this case in isolation. Don’t
think, “Gee, I don’t work with duodenoscopes, I don’t work with endoscopes. Therefore, these things are not
important to me.” On the contrary, they have the potential to drastically impact the medical device industry, across
the board.
And, with all the emphasis on cost savings in healthcare, why limit ourselves to the discussion of reusable medical
devices? There’s been an ongoing debate for the last several years about the challenges associated with
reprocessing single-use medical devices. The simple reality is that a medical device company can stamp in big
letters on their label, “Only use this device once, and throw it away,” but again, I think it’s naïve for us to believe
that everybody practices medicine that way. From a regulatory perspective, that is technically considered off-label
use, but can we really be so naïve as to think that it doesn’t happen?
Here is another way to address the problem: Design the single-use device so it becomes disabled or falls apart after
the first use. Then you won’t have to worry about single-use devices being reused. More importantly, you won’t
have to worry about whether anyone reads or follows your label. There is more than one way to skin a cat.
And what of the reprocessing challenges surrounding reusing permanent implants? Yes, you heard me right —
reusing permanent implants Think this couldn’t possible happen? It already has! Pacemakers, for example, have
been harvested from patients post mortem, “reprocessed,” and implanted into the next patient. Granted, this would
likely never happen in the United States, primarily for liability reasons, but in other parts of the world it is already
occurring. And liability aside, if a patient in a third-world country could not afford a pacemaker, would it be ethical
to withhold a device that could save their life simply because it has already been used?
To its credit FDA is hosting a two-day Gastroenterology and Urology Devices Panel meeting on May 14 to 15, 2015,
to address reprocessing issues. I will be one of several presenters at this meeting, and I hope it provides a forum
for an open, honest, and candid debate, where all stakeholders can express their concerns and come up with
practical solutions to prevent similar tragedies from occurring again in the future.
Medical devices, not just endoscopes, are becoming more complex, and similar problems will occur with other types
of devices in the future. It is incumbent on all of us — not just in the medical device industry, but in the regulatory
community, the healthcare community, and the lay public — to be not just reactive but proactive. We need to be
thinking ahead to similar problems and what can we do in the future to try to prevent them.
Editor’s Note: For additional information on the topics covered in this article, I would recommend you check out these online seminars the author will be leading in the coming weeks:
• Reprocessing Medical Devices: Final Guidance – How To Meet New Validation Requirements (June 25)
Additional upcoming webinars include:
• Medical Device Regulatory Affairs 101: Regulatory Affairs For Non-Regulatory Personnel (March 24) • Communication With FDA: What Do We Say And How Do We Say It? (April 28)
• De Novo Path to Device Approvals: Tips for Speedy, Successful Outcomes (July 8)
To learn more about the author, including his upcoming presentations and list of columns, podcasts and webinars, visit his LinkedIn page here or contact him directly at:
Vascular Sciences 246 Magill Drive Grafton, MA 01519