Article on FDA 21 CFR Part 11 Compliance

FDA-regulated industries electronic signatures and other records are considered authentic. From 2007, a strong body of opinion has emerged challenging the stringency of these requirements, but nothing major has been diluted from these.

The regulations under FDA 21 CFR Part 11 Compliance set out criteria that the Food and Drug Agency (FDA) considers in order to deem electronic signatures authentic. The electronic records, electronic signatures, and handwritten signatures executed to electronic records of several FDA 21 CFR Part 11 Compliance sets out benchmarks by which FDA-regulated industries have to be compliant with the standards set out in FDA 21 CFR Part 11 Compliance to prove that these are authentic, safe and trustworthy. The operative factor is that the FDA has to consider these signatures as being on par with those done on paper.

Which industries are included in FDA 21 CFR Part 11 Compliance?

FDA 21 CFR Part 11 Compliance applies to nearly all FDA-regulated industries, including but not restricted to:

  • Medical device manufacturers
  • Drug makers
  • CROs
  • Biotech companies, and
  • Biologics developers

The Aim of FDA 21 CFR Part 11 Compliance

The aim of FDA 21 CFR Part 11 Compliance is to ensure that specified FDA-regulated industries such as those mentioned above (with specific exceptions) implement controls -which could include audits, audit trails, documentation, system validations, and electronic signatures -for software and systems involved in processing electronic data that are:

  • Required to be maintained by the FDA predicate rules or
  • Used to demonstrate compliance to a predicate rule. The FDA describes a predicate rule as any requirement set forth in the Federal Food, Drug and Cosmetic Act, the Public Health Service Act, or any FDA regulation other than Part 11. FDA 21 CFR Part 11 Compliance also applies to submissions made to the FDA in electronic format, such as a new drug application.

Which industries are exempt from FDA 21 CFR Part 11 Compliance?

Interestingly, exceptions are allowed within the same industry, based on the format of filing. For example, while FDA 21 CFR Part 11 Compliance applies to submissions made to the FDA in electronic format; it does not apply to a paper submission for the same made in electronic format, such as fax.

Also, FDA 21 CFR Part 11 compliance is not required for record retention for trace backs by food manufacturers. Similar to the logic used in the mode of filing as noted above; most food manufacturers are not otherwise explicitly required to keep detailed records, but when organizations keep electronic documentation for HACCP and similar requirements; this documentation must meet these requirements.

Learn more on this topic by visiting : http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900774SEMINAR?linkedin-SEO

Preparing premarket submissions that win regulatory approval

Preparing premarket submissions that win regulatory approval is a complex task, even for the most seasoned professional in the medical devices industry. This is because of the highly stringent nature of the regulatory approval pathways, namely the Premarket Approval (PMA) process and FDA regulatory 510(k) clearance.

What makes preparing premarket submissions that win regulatory approval challenging? It is the fact, acknowledged by the FDA itself, that the PMA is the most stringent type of device marketing application required by the FDA. The PMA should be secured from the FDA before the company markets the medical device. The FDA gives its approval of the PMA for a Class II medical device only after it determines that all the elements necessary for assuring that the application has enough scientific confirmation that it is safe and effective for the intended uses it is going to be put to. Preparing premarket submissions thus is an onerous task by any stretch of imagination.

Another element of preparing premarket submissions that win regulatory approval

Another aspect of preparing premarket submissions is the 510 (k). The 510 (k) is essentially a kind of premarket submission that is made to the FDA to show that the device that a manufacturer intends to market is at least as effective and safe as a legally marketed device of its equivalence, already in the market, that is not subject to PMA. The FDA calls this principle the substantial equivalency (SE) and the device that is used as the reference for equivalence, the predicate device. The requirements governing SE are contained in 21 CFR 807.92(a) (3).

On top of all these, regulatory professionals have the responsibility of creating preparing premarket submissions that should not only convincingly demonstrate the ways of stating and explaining regulatory arguments for their device to the U.S. FDA reviewer for getting the approval; they should also be presentable and well-organized, without being cluttered or confusing.

Professional trainings for preparing premarket submissions that win regulatory approval

Given all these, it goes without saying that a completely thorough understanding and knowledge of the relevant U.S. FDA laws, regulations and requirements is absolutely necessary for regulatory professionals. This in-depth understanding can be had only from thorough training, which is indispensable if the medical device company is to win a clearance or approval.

The ways by which to do this is the core learning a two-day seminar from GlobalCompliancePanel, a leading provider of professional trainings for the regulatory compliance areas, will impart. The Director of this seminar is Subhash Patel, a very senior regulatory professional and founder of New Jersey-based MD Reg Consulting LLC, which serves medical device industry clients in all aspects of global regulatory affairs specific to their needs.

To enroll for this highly valuable training session on how to successfully prepare 510(k)/Pre-IDE/IDE and PMA premarket submissions that secure clearances and approvals from the FDA, please register for this seminar by visiting http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900776SEMINAR?wordpress-SEO .  This seminar has been pre-approved by RAPS as eligible for up to 12 credits towards a participant’s RAC recertification upon full completion.

The grasp needed for preparing premarket submission that win regulatory approval

At this seminar, Patel will demonstrate the grasp that regulatory professionals in the medical devices industry need for working with the FDA officials during the review and approval process of their submission. He will offer a complete understanding of the major aspects of FDA premarket submissions.

While knowledge of the regulatory process is one thing; medical device companies also need to know how to set and state regulatory arguments for their device in a most convincing manner to the FDA reviewer. This knowledge will be part of this course. In the process of explaining how to prepare premarket submissions that win regulatory approval; Patel will also offer tips and suggestions to participants on how to work effectively with the U.S. FDA officials during review and approval process of their submission.

During the course of these two days, Patel will cover the following core elements of how to prepare premarket submissions. He will explain the following:

o  History and background of U.S FDA Laws and Regulations

o  Classify Your Device

o  Choose the Correct Premarket Submission for your device

o  Compile the Appropriate Information for your Premarket Submission

o  Author and Prepare your Premarket Submission

o  Submit your Premarket Submission to the FDA

o  Interact with FDA Staff during Review and Approval

o  Complete the Establishment Registration and Device Listing

http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/HowtoMarketYourDevice/PremarketSubmissions/PremarketApprovalPMA/default.htm

http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/HowtoMarketYourDevice/PremarketSubmissions/PremarketNotification510k/default.htm

Management for Medical Device Industry

 

A look at these gigantic figures perhaps gives some perspective of the importance of document management for the medical device industry: The US total market for medical devices is valued at over $110 billion annually. It makes up nearly two fifths of the global market, and is expected to grow by over 20 percent by 2016.

While many global players sell into the American market, the over 6500 American medical device companies too, on their part, sell in the US and other markets.

It goes without saying that a market whose products are often complex and play a critical role in sustaining life for patients has to be highly regulated. For products sold in the American market, irrespective of whether they are manufactured domestically or overseas, a slew of regulations exist for a number of activities. Document management for the medical device industry is one of the core areas for which the FDA has regulations.

FDA and other regulations for document management for medical device industryThe FDA and other regulatory bodies have regulations and standards for GxP processes in the medical device industry. These include:

  • Quality System Regulation (QSR), which is outlined in 21 CFR Part 820, Current Good Manufacturing Practices (CGMP)
  • 21 CFR Part 11
  • ISO 13485, which relates to Quality Management System Requirements for medical devices
  • ISO 14971
  • Relevant sections of SOX, and
  • ISO 9000 standards.
What should a document management system for medical devices be like?Ideally, an electronic document management system for the medical device industry should integrate process management and document management in a simple and seamless manner. This is the real purpose of document management for the medical device industry. This document suite should be customizable and configurable. It should serve the following purposes:

  • It should help companies achieve regulatory compliance with required regulatory bodies and standards such as FDA, ISO and other regulations.
  • It should do this by automating and managing GxP processes in an efficient and cost-effective manner.
  • Communication between the functions of the company should be quick and efficient, and should allow access by designated persons.
  • Document management for medical device industry should be designed to ensure quality compliance and help companies enhance the performance of the GxP processes all through the product development lifecycle. The document management system for medical device industry should help companies have control over critical activities such as:
    • Design Control
    • Device history record
    • Mechanism for receiving and addressing complaints
    • A record of the corrective actions the company takes of these complaints
    • Note of nonconformances

Read More :  http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900830SEMINAR?wordpress_SEO

Management systems should be expansive and versatile

Management systems should be expansive and versatile, as having such a system makes sense for organizations. A management system is a mechanism that helps streamline an organization’s day to day functioning without hassles. It should put the organization on the path it chooses to take by putting in place a set of documents that is prescriptive and hierarchical, and well-defined. Although all these processes can be put in place for only one function; it makes better business and economic sense to have a management system that performs and carries out its objectives across a spectrum of functions and activities.

Organizations should ideally build a comprehensive and thorough management system that should be a set of standards and practices that addresses the organization’s safety, health and environment management aspects. A major advantage having such a system brings is that it makes the entire process efficient, consistent, cost effective and timely.

Creating a fulcrum for health and environment management systems

An effective and proven way of making management systems work effectively is for corporations to use the business asset to set and create inputs for the various standards around the functions. The standards and practices that are put in place in such a manner become the basis and edifice on which decisions relative to resources and dollars spent within the Safety, Health & Environment (SH&E) scope of business are made. In other words, a management system works best and most effectively when it becomes a pivot around which a host of functions can be performed.

Safety, health and environment are the core issues of a sound management system. If organizations have to build an SH&E system that is designed along the lines described above; they need to have the ability to properly assess their requirements first. They need to also have the foresight to anticipate the changes that these functions will undergo in the future, and should build a management system that has the robustness, flexibility and resilience to accommodate and ingest these changes. The financial consequences of building a management system that fails to take these factors into consideration are huge.

A management system that takes SH&E into consideration can achieve a lot

This process accomplishes the following:

o  Identifies the things that need to be managed within the function

o  Constructs a process, tool, or mechanism that best manages each of those things identified. They are usually a set of standards, practices and programs that are built specifically for a particular function

o  Builds the standard, practice or program so that it can be adjusted according to results

o  Builds a measuring metric, benchmark or scorecard with both lagging and leading indicators

o  Builds the management system in a way that is hierarchal in structure within the organization – (corporate sets and standards and the business unit builds the practice around the standard)

Trainings for inculcating the mindset for building a strong management system

The principles to adapt and the thinking needed to cultivate the outlook for building such a management system will be the core part of a seminar that is being organized by GlobalCompliancePanel, a leading provider of professional trainings for the regulatory compliance areas.

James J. Thatcher, President and Owner, Global Safety Solutions LLC., who is listed as an expert witness for operational as well as safety, health, environmental, training and security issues in the Oil and Gas industry and the mining, minerals and chemical industry; will be the Director at this learning session. Please log on to http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900842SEMINAR?wordpress_SEO    to register for this highly valuable learning session.

This seminar has been pre-approved by RAPS as eligible for up to 12 credits towards a participant’s RAC recertification upon full completion.

In-depth exploration of SH&E management systems

This seminar will make an in-depth exploration of management systems in the health and environmental areas. James will offer a detailed understanding of SH&E, plus Training and Security (TS), which are the functions around which standards and practices are built. He will describe the 16 functions that cover the SHE & TS world in detail, which will help participants understand ways by which to build a standard and practice around all these 16 functions.

The 16 functions that will have a standard and practice specific to the function are:

o  Hazard identification & control

o  Occupational health & industrial hygiene

o  Incident management

o  Emergency preparedness

o  Environmental

o  Regulatory compliance

o  Reporting performance

o  Managing risk

o  Managing safety

o  Management security

o  Verification & audits

o  Document & record management

o  Contractor & service provider management

o  Competency management (training)

o  Commitment, communication and implementation

o  Managing change

The Director of this seminar will also explain the role of supporting documents, associated programs, procedures or Standard Operating Procedures (SOP) that are a part of the particular function being managed, to enable clear understanding of the topics.

HIPAA survival needs intimate knowledge of the nuances of the law

HIPAA survival is one of the great challenges for a healthcare entity. HIPAA audits are complex, and they need understanding of the jargon and the semantics of the words mentioned in the document to survive. Both the Covered Entity and the Business Associate need to know exactly what to do in order to pass a HIPAA audit. This is all the more important and necessary considering that the federal budget has plans of raising the budget for the OCR in 2017 by about 10% over 2016, reflecting just how serious the OCR is about HIPAA audits.

When one considers that Phase 2 of HIPAA requires compliance with something like 180 areas and allows just 10 days for response; it goes without saying that HIPAA survival is a high priority for Covered Entities and their Business Associates. Moreover, the OCR’s audit protocol clearly states that those entities that are being audited have to furnish the exact documents required and not offer broad references to policy documents.

Being even slightly lax in being prepared for Phase 2 HIPAA audits can lead to difficulties at the audit. So, HIPAA survival entails having to be one’s toes all the time and having all the edges covered and leaving nothing to chance. HIPAA survival is about putting a process in place and overseeing and implementing it with utmost diligence and attentiveness all the time.

Covered Entities and Business Associates are the target of HIPAA audits

So, where do all these place Covered Entities and Business Associates that are the target of HIPAA audits? There is simply no room for complacence. They have to be absolutely on their guard when facing HIPAA audits. HIPAA survival has to be cultivated as a means for this. The more they hard-wire the art of HIPAA survival into their practice, the better.

The ways by which Covered Entities and Business Associates deal with HIPAA survival is the subject of a two-day seminar that GlobalCompliancePanel, a highly popular provider of professional trainings for the areas of regulatory compliance, will be organizing. To enroll for this highly useful and important session on HIPAA survival, jus log on to http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900780SEMINAR?HIPAA-survival-Chicago-IL.

At this seminar, Brian L Tuttle, a senior Compliance Consultant & IT Manager at InGauge Healthcare Solutions, will educate regulatory compliance professionals about how practice managers need to prepare for HIPAA audits. This seminar will address major changes under the Omnibus Rule and any other applicable updates for 2017. Brian will also cover other related, critical areas such as:

o  Texting

o  Email

o  Encryption

o  Medical messaging

o  Voice data, and

o  Risk factors as they relate to IT.

Brian will dispel many of the myths covering this convoluted law. He will discuss the do’s and don’ts of HIPAA survival, and will also cover the critical area of the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures.

During the course of this seminar, Brian will cover the following areas:

o  History of HIPAA

o  HITECH

o  HIPAA Omnibus Rule

o  How to perform a HIPAA Security Risk Assessment

o  What is involved in a Federal audit and how is it conducted

o  Risk factors for a federal audit

o  EHR and HIPAA

o  Business Continuity/Disaster Recovery Planning

o  Business Associates and HIPAA

o  In depth discussions on IT down to the nuts and bolts

o  BYOD

o  Risk factors that can cause an audit (low hanging fruit)

o  New rules which grant states ability to sue citing HIPAA on behalf of a patient

o  New funding measures

https://www.onr.com/blog/hipaa-audits-increase-2016-2017/

ISO 14971: 2012 and IEC 62304: 2006 mitigate risks in medical device software

ISO 14971:2012 and IEC 62304:2006 are related but different global standards for risk management pertaining to software used in medical devices. Judicious application of these two standards is the way to go for medical device companies.

ISO 14971 and IEC 62304:2006 are global standards that govern risk management and lay out regulations and guidelines for software used in medical devices. The need for regulation of software in medical devices arises from the fact that software is the heart of a medical device. It is the medical device’s software that ensures that the device performs its intended purposes. Hence regulation is of utmost importance to enable medical device and software organizations facilitate this in their products.

The ISO 14971: 2012 -a brief understanding

  • The primary aim of ISO 14971, the global regulatory compliance standard is to ensure that a medical device carries medical safety into it
  • This standard requires medical device manufacturers to undertake steps and measures by which they can foresee and eliminate risks in a medical device in the optimal manner
  • Taking off from the above point, ISO 14971 requires medical devices to take steps to at least mitigate risks to the best extent. The ISO 14971standard prescribes the processes necessary for enabling this.

The ISO 14971’s update in 2012

In 2012, the ISO carried out an update to the application of this standard within the European regulatory framework. This amendment to ISO 14971: 2012 is at the periphery and not at the core. Annex ZA is the main area in which this standard has been updated:

The use of the “As Low as Reasonably Practicable” (ALARP) approach is from now excluded in the risk acceptance process. This standard proscribes labelling as a risk control measure that can play a role in decreasing risk occurrence.

The IEC 62304:2006

The requirements for medical device software’s life cycle are stated in IEC 62304:2006. This standard’s group of activities, processes and tasks creates a common basis for the software life cycle processes in a medical device.

When it comes to the risk management aspect, IEC 62304:2006 supplements and strengthens ISO 14971. If ISO 14971 is the global standard for the development of medical software; IEC 62304:2006 standard is concerned with medical device software and their software lifecycle processes.

The following tripod of software-related issues forms the IEC 62304:2006’s foundation:

These three attributes form the backbone of the test of a medical device company’s successful compliance with the regulatory requirements. For a medical device company to be successful in applying ISO 14971:2012 and IEC 62304:2006; it has to implement a cross-standard and resourceful way of integrating activities covering these requirements documents.

Read More

Dealing with medical device reporting and recalls

Medical device reporting and recalls have enormous benefits for the medical device company and the public if implemented properly. They can prevent use of defective devices and can be an important inoculation against stringent FDA actions.

Medical device reporting and recalls are a major FDA activity. Medical device companies have clear instructions on how to initiate medical device reporting (MDR) and recalls.

What is medical device reporting?

Procedures for medical device reporting are governed by 21 CFR 803, which has details regarding how a medical device company should go about its MDR.

Who have to make MDR?

The FDA deems it mandatory for these entities to report certain types of adverse events and product problems:

For the following entities, MDR is voluntary and is to be done when serious adverse events are detected in the medical devices they use:

  • Professionals
  • Patients
  • Caregivers, and
  • Consumers

These categories can also report issues relating to product quality, therapeutic errors and use errors.

What is a recall?

A recall can be either of these:

  • When a firm voluntarily removes or corrects an already marketed device that is found by the FDA to be in violation of its governing act on these devices, namely the Federal Food, Drug, and Cosmetic Act. Seizure of a medical device is an example of this kind of action.
  • A recall also happens when a firm voluntarily determines, after investigation, that a device is adulterated in some way. An example of this instance is misbranding, when a manufacturer discovers that the device is not fulfilling its intended use.

A recall is important for two reasons:

How does a medical device company report a recall?

Firms have to follow 21 CFR Part 806 when they have to reporting Medical Devices Recalls, as set out by The Center for Devices and Radiological Health. The Center makes it a requirement for a firm to report when the medical device is posing a risk to health. This has to be reported to the FDA District Office in which the firm is located.

Our webinars can help you gain more comprehensive knowledge of this topic and related ones. Click here (link) for details.

Read More information