Effective planning is the key to success for any business but to an even greater degree in the medical device manufacturing industry.
This article covers the top 4 challenges faced by the medical device manufacturing industry, and how effective requirements planning allows organizations to proactively position themselves to meet these unique challenges.
1. High Costs of Product Design and Development
The primary driver behind the high cost of new product development is the amount of time required to take an idea from conception to realization. By setting a solid foundation for a design project with clear and concise requirements specifications, these costs can be reduced, and organizations will realize faster “to-market” times and improved ROI.
Nothing throws a design project off schedule and budget more quickly than learning too late about an ill-defined requirement, or one that was entirely overlooked. The first key to avoiding such scenarios is ensuring that you include all stakeholders in the requirements process. To do this, you need to broaden your understanding of “requirements.”
Typical product design requirements focus most heavily on user needs – both ISO 13485:2016 “Quality management systems – Requirements for Regulatory Purposes” and FDA’s Quality System Regulation (21 CFR 820) focus on “the needs of the user and patient.”
While these are critical requirements to address, other, often less considered requirements are equally important, particularly in light of the desire to keep costs down. Other requirements that are often overlooked include:
- Regulatory strategy requirements
- Requirements surrounding technology and data integrity
- Sales and Marketing Requirements (especially any claims substantiation considerations – these need to be known upfront to establish any additional testing requirements)
- Other “customer” needs, such as those required by health care providers and insurers as the healthcare industry focuses more heavily on outcomes and demonstrating effectiveness
- Interoperability with other devices or information systems
- Education of customers regarding the device, technology, data security, advantages and cost savings
- Potential intellectual property roadblocks
As stated previously in a blog on most common mistakes when implementing ISO 13485, “Essentially, 13485 is about viewing your business as a series of interrelated processes and functions. Implementation should never be about checking a box because this is too narrow of a view.”
With a now more broadly defined understanding of “requirements,” you will now also have a more broadly defined understanding of “stakeholders.” Stakeholders no longer are limited to only engineering, Operations and Management – others, such as Quality, Regulatory, Sales, Marketing, IT, etc. will also be able to contribute to the success of the project by helping to identify key requirements from the beginning. This “requirements planning” team will need to work together from the beginning to identify all key requirements for the project.
To help identify all key requirements, a good place to start is risk management. ISO 14971:2007 “Medical Devices – Application of Risk Management to Medical Devices” provides useful guidance for this process. Identified risks are then easily translated into requirements, allowing you to more easily and thoroughly capture all of these important considerations.
ISO 14971 focuses on risk as it applies to safety, but your risk management process should also include other types of risks, including regulatory and business risks. This is where your team of stakeholders will be important contributors.
Finally, the requirements planning stakeholders need to ensure that the requirements are written clearly and concisely to provide a solid base for the design project. QRA has developed a guidance document that outlines The 10 Essentials for Writing a Clear Product Requirements Document. This guidance document clearly and easily explains the best practices for developing effective requirements specifications, allowing you to do it right the first time.
By streamlining the requirements process and using tools that ensure accurately defined requirements are developed from the beginning, time and effort are reduced, which reduces the cost for the organization and consumers.
2. Regulations and Government
We’ve discussed the importance of understanding who the design requirements process stakeholders are and including them early in the process. Your Regulatory and Quality team are essential contributors when it comes to addressing the challenges presented by the current medical device regulatory environment.
However, it’s important for all members of the team, especially engineers and project leads to have at least a high-level understanding of the requirements, as you will likely encounter issues impacted by the regulations throughout the design process.
Becoming familiar with internationally recognized standards such as ISO 13485 and ISO 14971 and any applicable governmental regulations prepares you for issues that may arise if only knowing that you need to stop and ask the right people for guidance.
When reviewing the regulations, seek to understand the intent of the requirement, rather than just the literal interpretation, which is intentionally vague to allow a wide range of applicability. The FDA requirements for design control are outlined simply by the following diagram:
Determine company-wide standards for referencing requirements. By enforcing standards for terminology and its use, current and future stakeholders will easily be able to accurately understand requirements. This reduces ambiguities and miscommunications since everyone is using a common language.
Use templates and requirements authoring tools that ensure the design process follows the compliance standards. This ensures requirements authors have the resources to properly follow regulations while writing requirements, rather than completing them just to have to go back and edit or rewrite previously completed documents. Again, doing it right the first time.
3. Technology and Security
As the Internet-of-Things (IoT) becomes more and more integrated into society and more devices are carrying consumers’ important personal data, privacy and trust is an increasing security challenge for medical device companies.
Requirements surrounding technology and data integrity were also noted in section 1., above, as an example of an important consideration for the early stages of the product design/requirements process from a cost-savings perspective.
Citing trends in medical device recalls, "Since 2014, software issues have replaced device design issues as the primary cause of FDA medical device recalls. “An analysis from 2011–2015 identified 627 software related recalls affecting 1.4 million units…”
To ensure regulatory compliance and customer confidence and trust, organizations need to address this challenge with a “security by design” mindset – i.e., designing technology and security considerations from the start, instead of as a post-design requirement. This is why including IT on the design requirements stakeholder team from the beginning is key.
Incorporating privacy and security measures into the embedded software systems in the earliest phases (requirements authoring) is the first step in ensuring consumer privacy is protected at the core of the device. By incorporating security as functionality, it mitigates a number of privacy issues that may occur further along in the development process. Requirements also allow authors to incorporate contingency plans for what to do if/when a breach occurs.
4. Product Quality and High Recall Rates
Along with regulatory agency enforcement actions and data breaches, product recalls are another way in which a company’s brand and bottom-line can be quickly and devastatingly damaged. More significantly, poor product quality can lead to serious end-user injuries or even death. While even the most basic medical devices face these challenges, newer, more technologically-advanced products are at an even greater risk.
According to a McKinsey Business Case for Medical Device Quality,
Non-routine quality events—such as major observations, recalls, warning letters, and consent decrees, along with associated warranties and lawsuits—cost the industry between $2.5 billion and $5 billion per year on average. This includes $1.5 billion to $3 billion per year on non-routine costs, plus $1 billion to $2 billion in lost sales of new and existing products…
Traditional requirements planning will not adequately address these concerns – today’s product requirements planning processes must be robust and controlled, by addressing, among other considerations:
- Including appropriate stakeholders throughout the process to ensure consideration of the wide scope of requirements
- Ensuring requirements “inputs” are clear, measurable and are able to be verified/validated
- Incorporating risk management in the requirements planning process
- Including the application of usability engineering, as outlined in IEC62366-1” Medical devices – Application of usability engineering to medical devices” and FDA’s “Applying Human Factors and Usability Engineering to Medical Devices – Guidance for Industry and Food and Drug Administration Staff”
- Revisiting your requirements post-market (including risk management), with the additional information gained from customer complaints, post-market clinical follow-up, etc.
- Transferring new knowledge gained through the process to already existing products, as applicable
According to the Medical Recall Report FY2003 to FY2012 published by the Office of Compliance, Division of Analysis and Program Operations of the CDRH, “The most frequent causes for recalls are related to Design, Software, and Non-Conforming Materials/Components.”
Having a clearly defined, efficient process for requirements planning is even more important in today’s highly competitive medical device industry – organizations need to be more responsive to customer needs in a more efficient and effective manner than their competition. The keys to making this happen are to ensure you include all those who have a stake in the process, along with streamlining the requirements process and using tools that ensure accurately defined requirements are developed from the beginning.
This original post was published on QRA Corp blog and is being republished here with permission.
Looking for a design control solution to help you bring safer medical devices to market faster with less risk? Click here to take a quick tour of Greenlight Guru's Medical Device QMS software →