The aim for any medical device company is always to ensure that the devices they make are safe and effective.
How do you ensure that those devices remain both effective and safe once on the market? One key way is through implementing post-market surveillance.
This is a key source of data that should be integrated with your risk management system. This data is used to keep your product risk management systems updated - perhaps adding new or previously unseen hazards, or adjusting the risk level applied to hazards previously identified.
Here’s what you should know:
What is post-market data?
Post-market data is gathered through a range of post-market surveillance activities that are expected of medical device developers.
Many medical device companies regard clinical studies and other methods of gathering data in the realm of pre-market activities, but in reality, not only are post-market surveillance activities valuable for informing the company, but they’re expected by regulatory bodies.
Here’s an extract from the FDA:
“Medical device manufacturers as well as other firms involved in the distribution of devices must follow certain requirements and regulations once devices are on the market. These include such things as tracking systems, reporting of device malfunctions, serious injuries or deaths, and registering the establishments where devices are produced or distributed. Postmarket requirements also include postmarket surveillance studies required under section 522 of the act as well as post-approval studies required at the time of approval of a premarket approval (PMA), humanitarian device exemption (HDE), or product development protocol (PDP) application.”
Post-market surveillance should be seen as more than just a regulatory requirement - it’s actually good business practice to keep tabs on the performance of your device once it has gone to market. Feedback is one of your best informants for maintaining product quality, keeping consumers happy and protecting the reputation of your company.
Importantly, keeping a close eye on post-market data can help you to minimize your exposure to incidents, by having effective early warning systems. It’s much better to recall a product and fix a defect prior to a really serious incident happening!
Bottom line: This approach is about being proactive instead of just reacting to events.
Post-market surveillance activities
Post-market surveillance activities might include:
- Complaints - Whether these come from end-users, clinical teams or others associated with the use of the product, you need a robust system to manage complaints and ensure that the information gets fed to your risk management files.
- Customer surveys - These may or may not involve complaints, but it’s important to note any suggestions or concerns and proactively seeking feedback is a great way to do it.
- 522 post-market surveillance studies - As the FDA puts it, “the 522 Postmarket Surveillance Studies Program encompasses design, tracking, oversight, and review responsibilities for studies mandated under section 522 of the Federal Food, Drug and Cosmetic Act. The program helps ensure that well-designed 522 postmarket surveillance (PS) studies are conducted effectively and efficiently and in the least burdensome manner.”The Act authorizes the FDA to require postmarket surveillance for a class II or class III device at the time of approval or clearance of a device or at any time thereafter, in the following instances:- Failure of the device would be reasonably likely to have a serious adverse health consequence;- The device is intended to be implanted in the body for more than one year;- The device is expected to have significant use in pediatric populations;- The device is intended to be life-supporting or life-sustaining and used outside of a user facility.
- Control of nonconforming materials material or products.
- Servicing reports - Is there new information coming from service technicians?
- CAPA - The findings from CAPA investigations and the monitoring of any solutions put in place.
Product risks can never be entirely eliminated, so continuous monitoring of post-market data helps companies adjust and manage risk to acceptable levels.
You can see from the activities listed above that post-market data might come from either proactive or reactive activities. Complaints set off reactive procedures while a survey is a proactive way of gathering data.
The challenge for post-market data and risk management is ensuring that as a company, you ensure good feeder systems are in place to bring that data into your risk management tools. It can be challenging if information is coming from different sources, being managed by different people in the company and perhaps being captured in different places.
On top of data management for your products, it’s important to monitor and review information about related competitor’s devices too. Sometimes new information is brought to light that wasn’t considered in your original risk assessment.
Any new information, from either your own product feedback or a competitor’s may lead to a re-evaluation of your original risk management data. For example you might find that;
- A known risk is re-evaluated and falls outside of your acceptance criteria.
- Previously unforeseen risks need to be evaluated and outlined in your risk management documentation.
- An incident prompts you to re-evaluate your risk criteria or methodology.
- You need separate risk evaluations for different patient populations. For example, those more at risk (sick, elderly, pediatric) vs. those with low risk.
A well-established system, integrating post-market data and risk management not only reduces risk for the end-users of your product, but benefits the manufacturer by identifying areas to improve product quality, possibly even reducing cost (especially if you can reduce returns or breakages).
What your post-market data can achieve for risk management
There are a few different achievements that can be made by closely monitoring post-market data and integrating with risk management. These include:
- Verification of your risk analysis
- Improving medical device quality
- Lowering risk associated with the device
- Detecting and mitigating or fixing any manufacturing problems, including things like defects with the casing or packaging the device is transported in
- Long-term performance data and knowledge of any trends
- Data on different user populations - this can help you determine if your risk assessment needs to be split by patient population
- Intelligence on any misuse of the device
- Feedback for training or labeling required
- Data on use with any other devices
- Data on market performance and sustainability
Post-market monitoring and risk management
We’ve talked before about risk management being a crucial activity for the entire product lifecycle - this is actually a specific requirement under ISO 14971. Risk management and post-market data should be clearly linked, although, as explained earlier this is often a challenge where different data sources need to be brought together.
This is where we suggest a cloud-based QMS that encompasses your risk management file and other crucial parts of your QMS is a good solution. Have a centralized place where all parties involved can easily access and file the information needed (one of the strengths of Greenlight Guru's QMS Software).
Your post-market surveillance should inform a few risk management points;
- Do changes need to be made to your device?
- Do you need to change how you label, market or educate on the device?
- Do you have a systematic process for evaluating the data you collect?
- Do you have objective evidence in your risk management file for any assumptions being made?
- Are changes required to your risk acceptability definitions?
This is not an exhaustive list, but you probably get the idea of the importance of having a good system for managing post-market data and incorporating with risk management.
Post-market surveillance and data play a key role in risk management for the entire lifecycle of your medical device. You need to have good systems in place to not only capture that data, but ensure that it is used to monitor and update your risk management files.
What you do with the data you collect is important - you need a way to centralize information and ensure that it is reviewed regularly and action taken where needed. A truly effective program doesn’t reserve this for an annual Management Review, but frequently reviews data depending on the quantity and type received.
Is further action necessary? If so, this can be a trigger for CAPA, for updated risk management or ultimately, for changes in the device.