On Aug. 14, 2015, the FDA requirement of electronic submission of mandatory reporting of adverse events took effect. It came and went quietly. In fact, it was a momentous day—it ended more than 20 years of the cumbersome, inefficient, and expensive practice of submitting print copies of postmarket medical device reports (MDRs) through the mail. It heralded further modernization of regulatory compliance.
The FDA’s Center for Devices and Radiological Health (CDRH) itself acknowledged this pivotal milestone. “The eMDR Final Rule requiring the electronic submission to FDA of manufacturer and importer MDRs is an important step toward improving the agency’s systems for collecting and analyzing postmarket MDRs. When FDA receives data elements in a paper format, the information must be manually entered into our internal electronic database before it can be effectively reviewed and analyzed. This process is extremely time consuming, costly, and susceptible to data entry errors,” said the CDRH.1
Surviving the Manual Process
The advent of electronic MDR is a most welcome advancement in regulatory compliance. I say this as an industry veteran who not only survived the old days of paper MDRs and manual processes, but also lived to tell the tale. Literally. I wrote a book tracing the major technology-facilitated regulations, initiatives, and developments that revolutionized compliance for medical device and other life science companies.2
Why focus on compliance? It occurred to me that without compliance, there can be no product approval, which means no matter how cutting-edge your device or how innovative your product, it will not reach the people who need them. We achieved medical device and life science breakthroughs in the past decade partly because of faster and more efficient, technology-driven clinical trials, regulatory submissions, and approval processes.
To understand how technology has transformed the compliance process, it’s important to put this story in the right context. In my first job in a medical device firm, I was a product development engineer. The process for getting a new drawing through the system required a lot of time, effort, and patience. For many years, we endured the pains of the labor-intensive process, while trying to maintain compliance and stay competitive in the global market.
To newcomers, especially millennials, lucky enough to avoid a manual change control process, here is how it works in a nutshell:
- Get a change order (CO) number from the Document Control Department for inclusion in a new drawing.
- Fill out the Excel spreadsheet that serves as the CO form and print it.
- Start an informal redline of the paper drawing with other engineers and the manager. Incorporate the changes and print a new copy. Also, print an old copy and manually go through the drawing and redline it to reflect the changes in the new proposed copy.
- Take the CO form to the doc control area with a copy of the original, the proposed redlines, and the new drawing. Stamp each copy with the appropriate stamp. Attach your documents to the CO form and submit everything to doc control, cross your fingers, and hope you didn’t miss anything.
- If doc control takes issue with anything, you have to re-print the documents, re-stamp them, and re-submit the change packet.
- Once doc control is satisfied, the packet will go through a number of signatories for a round of questions and/or redlines, which will require making changes, printing new copies, and re-routing to any signatories who signed off prior to the change.
- Upon final approval of the packet, conduct a training for impacted employees to go over the changes. They must sign off to prove that they have been trained.
- Upon the release of the new (approved) drawing, doc control will keep the “official” copy and replace all controlled copies spread throughout the plant, including the manufacturing floor, quality control, and engineering. The Purchasing Department will send updated copies to any suppliers that may be producing that particular part for the company.
This is a simplified version of one aspect of one of the many manual quality processes. The eight steps above could easily be double depending on the size and the policies of an organization. I’m sure many med tech industry veterans have a few “battlefield” stories similar to mine, or worse.
Movement Toward Automation
The problem with a manual process is Murphy’s law itself—any number of things can go wrong and they will go wrong. I recall being in the midst of an FDA audit. The field investigator asked for a document that could not be found. We could find the electronic copy stored in the FileShare, but the hard copy with the wet signatures that should have been filed with doc control was missing. It could have been filed improperly, lost in the process, or accidentally discarded.
As bad as that experience was, there are worse things that could happen. What if someone accidentally puts a non-conforming product on the shelf? If the defective item gets out in the marketplace, you could injure a patient and face a recall.
I remember a case, in which customer complaints on a device were not dispositioned properly and an MDR was not filed. It was a common problem with a manual process. The slip-up resulted in an FDA warning letter for not filing reportable events.
The oppressive manual process compelled many life science companies to automate their quality systems, either partially or entirely. In the early 1990s, a group of pharmaceutical companies met with the FDA to find out how they could submit voluminous documents electronically. This eventually led to the development of 21 CFR Part 11.3 The watershed regulation established the criteria for the use of electronic records and electronic signatures by organizations under the jurisdiction of the FDA.
Technology has always been a cornerstone of R&D, so it’s only logical that it would transform regulatory compliance as well. How it happened and how long it took will be the subject of part two in the series of articles.
Matthew M. Lowe, executive vice president at MasterControl4, is the author of Convergence of Compliance and Technology: How Technology Has Changed Regulatory Compliance in the Past Decade. He is a mechanical engineer with over a dozen years of medical device experience in product development, product management, and regulatory compliance. He has successfully launched more than a dozen medical devices and has five patents issued. His regulatory compliance experience includes writing a 510(k) that was cleared by the FDA and managing a multisite, multiyear postmarket clinical study for orthopedic devices.
1“Questions and Answers about eMDR,” FDA/CDRH website:
2“Convergence of Compliance and Technology: How Technology Has Changed Regulatory Compliance in the Past Decade,” an enhanced e-book with illustrations and a video, was published by MasterControl in September 2016. Get a complimentary copy at, http://www.mastercontrol.com/ebook/convergence.html?source=pr-sb5
3“21 CFR Part 11—The Biggest Security Regulation You’ve Never Heard of” by Ben Rothke, page 16, ISSA Journal, March 2004 edition, published by the Information Systems Security Association.
4 MasterControl provides software and comprehensive services (quality and compliance consulting, education and training, validation, implementation and project management, technical support, and configuration) to regulated companies worldwide. The company, based in Salt Lake City, Utah, has offices in Europe and Asia, www.mastercontrol.com.