A new European regulation was published enforcing significantly stricter compliance requirements for companies in the medical device sector. Businesses should challenge their product portfolios, review impacts on their IT landscape and quality management to become Medical Device Regulation (MDR) compliant
Big changes lie ahead for companies in the medical device sector. On 5 May 2017, a new European regulation [(EU) 2017/745] was published, imposing significantly stricter and more comprehensive compliance requirements.
COVID-19 forced the lawmakers to postpone the date of application to May 2021. This gives companies involved in the development of medical devices and medical software enough time to achieve more than just becoming Medical Device Regualtion compliant.
What should businesses do to become MDR compliant?
Companies should assess their product portfolio, identify obstacles within their IT landscape and get them fixed, update Quality Management policies and prepare their supply chain for COVID-19 robustness. Businesses can start these activities right now.
A second wave of COVID-19 infections may well be in the offing. Businesses would be well advised to prepare and equip themselves with adequate digital assets to enable compliance, such as MDR, IVDR or other regulations even in uncertain times. In doing so the company can become compliant even under adverse circumstances.
There are smart business supports to aid companies in becoming MDR compliant that also enable them to benefit from a wide range of further improvements. As an example, our online maturity assessment "MDR Compliance Quick Check" identifies and classifies the major aspects and dimensions where companies still have some homework to do in order to become MDR compliant.
How does the maturity assessment work?
The assessment has a regulatory and technical dimension. The regulatory perspective looks at aspects such as classification, conformity assessment, unique device identifiers, process validation, supply chain analysis, and post-market surveillance/safety. The technical perspective addresses aspects such as EUDAMED/FDA, quality management systems, surveillance assessments, additional IT components (DMS), data integrity and access management.
An explicitly crafted questionnaire helps businesses get an overview of what they have done already and determines the level of maturity of tasks completed and how much more needs to be done to become fully MDR compliant. This also has additional benefits, such as streamlining processes and identifying potential for automation. Businesses can even use this questionnaire to develop a roadmap as well as individual measures to address all identified issues. If needed, companies can enrich their team with experts from various fields, including medical devices, technical documentation, process design, IT security, post-market security, and more.
Compliance work draws resources away from daily business
So far, our experience shows that most of our clients have already begun to design, develop and implement processes as well as documentation, making for an enormous workload besides their daily business activities. The sheer complexity of this particular regulation in combination with wide-raging dependencies provides a breeding ground for mistakes and misinterpretations that might lead to costly sanctions or the (temporary) lockout from the European market.
Especially start-ups developing software to be used for diagnostic or therapeutic decisions (now considered class IIa MDR) face significant obstacles in adhering to the requirements as they usually require the investment for more pressing purposes (which does not mean that MDR is not important).
Manufacturers that now are subject to more intense clinical testing, are another example. Take in-vitro diagnostics (IVD), a field that previously did not have to perform comprehensive clinical tests, but now have to do so thanks to its reclassification. The clinical evidence required for IVDs is even more complex than that of many other medical devices. This is also a reason why the EU regulation will require a great deal of additional time, money and expertise than originally expected.