Bottom line – big problems – and it begins with accurately identifying where those problems come from. According to Josh Silverstein, a CDRH Regulatory Advisor, a majority of the comments, complaints, and adverse event reports received by the FDA that referred to inadequate “servicing” causing or contributing to adverse events or deaths actually related to “remanufacturing.”
What’s the difference? That is a key question, and much of the FDA presentation was focused on clarifying definitions. It’s not as simple as “repair.” The nuances are many and they are all important ranging from reprocessing, servicing, reconditioning and rebuilding, to remanufacturing and repairing.
Importantly, the FDA made it clear from the outset that the draft guidance is not intended to adopt significant policy changes, but to clarify the agency’s current thinking on applicable definitions and “clarify, not change” various regulatory requirements.
Translation – regulation of medical device remanufacturing and servicing is going to become more risk-based, robust and regular – and this will be particularly true when it comes to on-site inspections. This isn’t surprising since the best way to keep people honest is to keep them guessing as to when and where an inspection might happen.
CDRH laid out six “Guiding Principles” –
1- Assess whether there is a change to the intended use
2- Determine whether the activities, individually and cumulatively, significantly change the safety or performance specifications of a finished device
3- Evaluate whether any changes to a device require a new marketing submission
4- Assess component, part, or material dimensional and performance specifications
5- Employ a risk-based approach
6- Adequately document decision-making
In short – there’s going to be a lot more requirements for responsibility and accountability on the part of those medical device owners who oversee, operate and remediate problems When it comes to FDA-regulated medical devices, “Right to Repair," doesn’t mean “cheap and easy.” The FDA has made that very clear. Anyone who thinks otherwise isn’t paying attention – or doesn’t want to.
And that doesn’t even include the discussion of medical device cybersecurity. Per Katelyn Bittleman, CDRH Policy Analyst, “Cybersecurity is a shared responsibility among all stakeholders. The FDA expects manufacturers to appropriately secure their devices to continue to assure the devices’ safety and effectiveness. Non-OEM servicing entities play an important role in maintaining the quality, safety, and efficacy of medical devices without compromising cybersecurity."
Nullum gratuitum grandium.