FDA’s Draft QMSR: 3 Experts Read More Stakeholder Comments So You Don’t Have To
Part Two Of Two
Executive Summary
The second of two parts: Industry experts Vincent Cafiso, Kim Trautman and Dennis Gucciardo spoke with Medtech Insight about noteworthy comments on the US FDA’s proposed Quality Management System Regulation.
As of 1 June the US Food and Drug Administration has released online 69 stakeholder comments on its draft Quality Management System Regulation. When finalized, the QMSR will replace the agency’s aging Quality System Regulation (QSR).
The QMSR is a result of the FDA’s years-long initiative to harmonize the QSR with international quality systems standard ISO 13485:2016. (Also see "10 Things You Need To Know About FDA’s Proposed Quality Management System Regulation" - Medtech Insight, 23 Feb, 2022.)
Industry experts recently spoke with Medtech Insight about comments they found particularly interesting or insightful. The experts include Vincent Cafiso, senior director of regulatory compliance & global audit at device maker Smith & Nephew; Kim Trautman, an ex-FDA official who was the lead author of the QSR in the 1990s; and Dennis Gucciardo, a partner at the law firm Morgan Lewis.
This feature, which is the second of two parts, looks at comments from Microbiologics, Hamilton Medical and Philips. (Part one can be found here.)
Comment From Microbiologics
Draft QMSR Says: “In addition to the requirements of clause 4.2.5 in ISO 13485, Control of Records, the manufacturer must obtain the signature for each individual who approved or reapproved the record, and the date of such approval, on that record and include the information in certain records as listed in proposed Sec. 820.35.”
Microbiologics’ Comment Says: “It was [our] understanding that this proposed rule would not include additional quality system requirements, but only a realignment with 13485. In reading the proposed language of Sec. 820.35, Control of Records, this new language is requiring signatures for approval of complaint records. The previous QSR language did not require signatures for complaint records (820.180 and 820.198). This would be a major change affecting the company I work for as our complaint system has 21 CFR, Part 11 compliant records, but not signatures. We have compliant audit trail that tracks the information regarding who does what, but we do not apply signatures to the record. We are asking that signatures not be a new requirement for complaint records. We will need to implement a new system and it will disrupt our business.”
Medtech Expert Weighs In: “I had not considered this increase in signature requirements by FDA,” says Smith & Nephew’s Cafiso, who also submitted a comment to the agency. “On first read of the proposed QMSR, my take was that FDA was attempting to bridge the gap between the new QMSR and ISO 13485, effectively pointing out where they believe ISO 13485 is either vague or lacking in requirements. My interpretation of proposed 820.35 initially was that signatures would be required for the records referred to in the proposed 820.35 (complaints and servicing). Upon reread, it appears FDA is attempting to correct a shortcoming in the current QSR and in the process increase regulatory burden on firms.
“It will be interesting to see how FDA responds to this comment. As written, it appears the imposed requirement is a significant increase above the current QSR in terms of the amount of quality records that will require signatures, which will strain firms further."
Medtech Expert Weighs In: “I would say Microbiologics is absolutely correct,” says Kim Trautman, who’s currently managing director and VP of consulting firm MEDIcept Inc. “But that's just one example of a record or sets of records that previously did not have signature and date requirements. And if you really go through the regulation, there's a whole lot of other ones too. It would be exponential to her comment.
“And with the FDA making that broad, sweeping statement about signatures, if you've got 500 FDA investigators out there taking it very, very literally, that means every single piece of paper has to be signed and dated. Now, here's the problem: Most records are electronic. Everybody does not have every record signed and dated; it’s never been required. So it’s a significant increase in work. But no matter what, most companies are going to have to really take their software, change it, revalidate their software, and that's a burden within itself.”
Comment From Hamilton Medical
Posted Online: 17 March
Draft QMSR Says: “Manufacturers of devices that support or sustain life, the failure of which to perform when properly used in accordance with instructions for use provided in the labeling can be reasonably expected to result in a significant injury, must comply with the requirements in Traceability for Implantable Devices, clause 7.5.9.2 in ISO 13485.”
Hamilton Medical’s Comment Says: “We argue that the postulated traceability is not purposeful and necessary, since it adds a huge documentation bearing the risk of an unmanageable workload. In addition, there is already an established process which covers all the intended effects in this context. Mechanical ventilators must be regarded as life-supporting or -sustaining devices, and they are constructed out of hundreds of parts – namely, they are monitored and controlled by a special software, which also has to comply to high-standard requirements. But next to built-in software, every part of a ventilator is evaluated in terms of its risk to fail and endanger a patient. This is required, eg, by IEC 60601-1 and related standards.
“A critical incident with such a medical device requires a report to the authorities, a response by the manufacturer containing the failure evaluation, and the analysis of contributing parts. By European law, manufacturers are furthermore required to trend and document all incidents and report this trend analysis to the authorities (Article 88, Regulation (EU) 2017/745). To our estimation this process already covers the above quoted passus in a very efficient way, therefore we conclude that an additional traceability does not bring further advantage.”
Proposal From Hamilton Medical: “We would suggest that for non-implantable devices, the process of trend reporting as described in the European regulation is sufficient.”
Medtech Expert Weighs In: “This requires a little bit of history,” Trautman says. “Back in the original GMPs, 1978, there were critical devices and critical components that were mentioned in the GMPs. And then FDA maintained a list of critical devices, and critical devices had those additional requirements. But they were still different from the handful of devices that required the most onerous tracking, if you will, which is found in 821. So you've got the tracking regulation – now I haven't checked recently, but there were only about eight devices, eight implantable devices that have to be tracked to the end user. This is where you have implant cards that have to follow the patient wherever they go. Very expensive, very burdensome for the manufacturer to implement, maintain, so forth. And because of that burden, it's a very, very small subset.
“So back in 1978, there was there was the tracking regulation, there was the GMP regulation. And this concept of critical devices and critical components for these critical devices, was kind of a medium ground where the agency says, ‘Well, we believe there are additional controls necessary, we're putting those additional controls on in the GMPs with respect to critical devices and their critical components. But they're not as burdensome as the tracking regulation.’
“So what happens when a new revision of the standard is issued? I think that is obviously a huge question for everyone considering FDA doesn't nearly move as fast as ISO.” – Dennis Gucciardo
“Now here's what happened when I came to work at the agency in the 1990s. Nobody was able to maintain that critical device list. Decades had gone by without anyone ever updating the critical device list. So the decision was made, FDA was not going to try to maintain that critical device list. So when it came to that requirement, we went back to the act that this provision was drawn from, and it talked about implantable and life-sustaining devices. And we pretty much pulled that language directly into the QSR in the 1990s. So it really kind of took the burden off FDA to maintain the list, but put the definition into the requirement, if you will. So that's what's that's what's there in the 1996 regulation.
“Now here’s why ISO 13485 handles this topic, so very, very lightly. It had to be handled very lightly [during the standard’s 2016 revision] because the EU MDR [Medical Device Regulation] and IVDR [In Vitro Diagnostics Regulation] – and the European Commission and notified bodies – were all out there talking about traceability to the end user. In the US, traceability to the end user really aligns with that very onerous tracking regulation requirement, where the EU MDR and IVDR were not meaning to that degree.
“But we had [the EU and the US] talking about things using different terms, but sounding similar. So ISO [the International Organization for Standardization] had to handle the traceability requirements gently in order to maintain the harmonization between the different regulators, and it basically kind of kicked the football down the road and says, ‘Yes, you have to trace it to the extent necessary depending on your class of device. FYI, make sure you understand country-specific requirements in this in this area.’ So 13485 is light, and purposely. So I'm not surprised that FDA wanted to go back and try to maintain that traceability requirement that is in the 1996 QSR. I just don't think they did a very good job of explaining it in the draft QMSR preamble.”
Comment From Philips
Posted Online: 18 May
Philips’ Comment Says: “What will be FDA’s plan as the standard is updated? [The 2016 version] is already six years old and norm in standards is every five years to update. Need to know how these will be handled by the FDA to ensure continued alignment.”
Medtech Expert Weighs In: “So what happens when a new revision of the standard is issued? I think that is obviously a huge question for everyone, considering FDA doesn't nearly move as fast as ISO,” says Morgan Lewis’ Dennis Gucciardo. “I think FDA’s presumption is that there will be new revisions to the standard, but they will not be so dramatic such that it's going to cause for the solution that this is supposedly addressing, which is that ISO 13485 and the QSR are not structured similarly.
“Now, obviously, if ISO changes its structure or does make significant changes, we’re back in the same problem, which is an entity is going to have to follow 13485:2016 and then something else that's out in the world. I expect the FDA’s rulemaking will not address this. I don't think you can incorporate by reference a standard that sort of evergreen. I suspect that FDA is going to say, ‘When the next revisions happen, we’ll review them and make any updates we have to,’ but realistically, how fast will that happen? I mean, look how long it took to get this draft QMSR out.”