Medical device quality assurance and regulatory compliance in 2023: what you should know


    Maintaining an edge means staying ahead of the competition and regulatory bodies when it comes to medical device quality assurance and regulatory compliance. If you're not up-to-date on the latest changes, you'll get left behind, and your market share will evaporate.

    One major device manufacturer recently faced a product recall when their quality assurance (QA) processes overlooked a major cybersecurity vulnerability in two smart insulin pump products. A cybercriminal could hack into the device settings to stop the pumps from delivering life-saving insulin doses or overdose patients. In this case, no patient injuries or deaths were reported, but any recall is costly, time-consuming, and damages the brand's credibility.

    Don't get caught off guard by changes in the QA and regulatory landscape. It’s critical for medical device manufacturers to stay on top of quality trends in this fast-changing industry.

    Medical Device Quality Assurance and Regulatory Compliance in 2023

    Does it seem like medical device quality assurance and regulatory compliance change as often as the weather? Well, it's true. There is so much innovation in the medical device industry that QA and compliance have to continually evolve to keep up. The FDA’s regulatory requirements and quality guidelines are evolving to balance safety and innovation.

    The shifting landscape can be an advantage or a disadvantage to medical device manufacturers. Procrastinating is likely to result in compliance challenges or quality issues. The pace of innovation and regulatory change will continue to accelerate, so it’s necessary to take a proactive approach to these quality assurance and regulatory trends.

    Cybersecurity Is Evolving as a Quality Assurance Measure

    Just 5 or 10 years ago, researchers began to discover that it was possible to hack smart, connected medical devices and harm patients. The meteoric growth of internet of things (IoT) device innovation has introduced a host of new quality assurance and safety concerns. Cybersecurity threats demand entirely new approaches to design and quality assurance.

    "In traditional safety risk management, we're protecting people from malfunctioning devices," says GE Healthcare’s Steve Abrahamson. "When we think about cybersecurity risk management, we're protecting devices from malfunctioning people."

    Cybersecurity education is an enormous barrier to effective quality assurance. Biomedical engineering is a relatively new field of academic study, which emerged in the past two decades. In many cases, biomedical engineers have no formal training in cybersecurity. In many cases, device engineers lack the expertise to assess IoT security risks, which means professional education or consultants are necessary.

    Addressing security requirements is an engineering necessity, but it requires a new mindset on quality assurance throughout the device lifecycle. Security concerns are addressed most effectively with QA safeguards for secure product design, product management, and post-sales product support.

    CAPA Is Still King of Regulatory Compliance Problems

    Last year, the FDA issued a total of 966 483 observations to medical device manufacturers. 354 of these warnings addressed inadequate corrective and preventive action.

    In total, one-third of FDA warnings to manufacturers last year cite insufficient Corrective Action Preventive Action (CAPA) procedures, or a failure to consistently follow CAPA.

    An organization with too many CAPA, too few CAPA, or non-existent links between CAPA records is likely to raise an immediate red flag to an FDA inspector. Some of the most common causes of CAPA compliance warnings include:

    • Poorly linked quality processes
    • Reactive vs. proactive CAPA
    • Overuse or underuse of CAPA
    • Poor root cause determination efforts
    • Incomplete CAPA policies and procedures

    Simply having a CAPA process isn’t enough. Manufacturers are expected to use CAPA correctly, and perform in-depth root cause investigations to correct future issues. CAPA issues are rarely one-off events or genuinely caused by ‘human error.” More commonly, CAPA is the result of ineffective policy and procedure, and these issues are best corrected with a plan which involves SOP revision, better training, or similar steps.

    Manufacturers need a compliant CAPA procedure and quality management systems (QMS), which support compliance. Your QMS software should make it simple to perform comprehensive root cause investigations, instead of jumping to conclusions.

    Qualio is the first cloud QMS built specifically per FDA GMP and ISO standards for life sciences organizations. Our CAPA capabilities make it simple to get to the root cause of investigations by increasing visibility across linked quality processes. Request a demo of Qualio.

    Mom & Pop Companies Should Be Diligent

    The FDA has undergone strategic alignment in recent years to achieve goals of getting safe device products to market more quickly, which are outlined each year in the agency’s policy roadmap. In 2017-2018, the agency discovered that enterprise manufacturers were frequently receiving multiple inspections per year, while smaller “Mom & Pop” shops received far fewer inspections.

    The agency made moves to distribute inspections more equally, regardless of company size. As a result, overall inspections have dropped slightly, and smaller manufacturers are more likely to receive a surprise visit. This change isn’t about penalizing small companies or ignoring compliance issues at larger manufacturers. Instead, it’s about the agency’s blanket commitment to ensuring “safe and effective” medical devices by conducting more randomized inspections.

    The lesson is that it’s risky to ever assume you’re safe, especially if you think you won't face an audit due to size. Compliance issues can occur at companies of any size, and it’s more important than ever for pre-market manufacturers to create a solid baseline for compliance before an FDA inspector arrives on site.

    Learn more about the latest inspection trends in Why Did Medical Device FDA 483 Observations Drop 6.2% Last Year?


    The FDA Will Look Hard at Post-Approval Data

    The FDA is currently undergoing efforts to overhaul the 510(k) clearance pathway for medical devices, following a series of highly publicized safety concerns. The 510(k) clause allows devices to obtain market clearance if the manufacturer is able to demonstrate device safety through “substantial equivalence” to a predicate, or similar, approved device.

    The 510(k) pathway isn’t disappearing. Instead, it’s being refined and likely renamed as the “Safety and Performance” pathway. In the future, it will be more difficult to gain substantial equivalence approval if a predicate device was approved longer than 10 years ago. In addition, the FDA has committed to more rigorous oversight of product safety data based on clinical, billing, and research sources.

    A recent report by the agency on device safety addressed several steps the FDA is taking to monitor devices approved for market:

    • Establishing and strengthening the Unique Device Identification System (UDI)
    • Improving regulatory requirements for real-world safety evidence
    • Developing the National Evaluation System for Health Technology (NEST)
    • The Signal Management Program for adverse events
    • Recalibrating the benefit-risk framework for approved devices

    These initiatives show it's smart to prepare for stronger scrutiny of device safety long before your device is on the market.

    Get Ahead of Quality Assurance and Regulatory Compliance Trends

    The QA and regulatory landscape for medical device manufacturers is certainly challenging. There’s a lot of pressure to maintain speed-to-market while balancing strict new regulatory requirements and comprehensive QA. Failure to thrive under pressure can result in an FDA warning, product safety issues, or similar problems that threaten your company’s profitability and reputation.

    A proactive approach to developing transparent, linked quality processes is key. Adopting a purpose-built eQMS can enable greater visibility into the product lifecycle and quality, so you can focus on creating a safe, effective medical device.

    If you're still paper-based or unsatisfied with your current eQMS, give Qualio a look. As a company, we keep our eye on quality assurance and regulatory compliance trends and build features into our product, which make staying on top of these changes as simple as possible. On the foundation of "Simple, Scalable, and Smart," our platform is built with the needs of medical device manufacturers with 5-500 employees in mind.

    Get a demo today.