As the pharmaceutical sector has found already, the intensifying demands of regulators are a lot to live up to. Preparing for each new set of requirements is draining—both financially and from a human resourcing perspective. And now the medical device industry is coming under greater scrutiny, with the result that companies here too must tighten their controls.
Every reputable manufacturer prides itself on the quality, safety, reliability and efficacy of its products. And regulators exist to hold those companies accountable and keep customers safe, by enforcing certain standards and ensuring that manufacturers adhere to them over time (and can demonstrate, on demand, that they have done so). In the pharmaceutical industry, manufacturers have become accustomed to the significant and increasing ‘burden’ of regulatory compliance: Of having to update their processes, systems and skills to accommodate the latest reporting requirements. In the medical device sector, equivalent measures are coming now, too.
The European Commission’s new MDR, and the equivalent IVDR due to come into force in about two years time, places the onus on device manufacturers to monitor the safety of their products across their lifecycle, and file periodic safety update reports. The formal rigor required in the EU is expected to be replicated globally, too. The International Medical Device Regulators Forum (IMDRF) is keeping a close eye on MDR and IVDR, which could result in other major regions of the world, including North America, adopting their own variations on the requirements in due course.
While the stringent new monitoring and reporting demands will take some getting used to for medical device manufacturers, which traditionally have not been subject to the same level of regulatory interference as the pharmaceutical industry, the sector does have the advantage of being able to draw on best practice, and thus avoid some of the inefficiencies and missed opportunities linked to viewing compliance as an isolated activity with no real contribution to the business.
Certainly, the best way to drive value from an investment is to look for a wide range of wins. And compliance is no exception.
Beyond the Box-Ticking
Traditionally, companies would have approached regulatory requirements as a ‘must-do’ list, to be achieved primarily (if not exclusively) to keep the authorities happy and thus mitigate business and reputational risk (linked to class action on side effects, class actions on misuse, and so on). Beyond this, organizations have not typically looked for strategic benefits.
In today’s digital new world, there is a chance to treat compliance very differently. That’s as companies move away from processes built around manually filling in paper or PDF documents for each unique regulatory reporting requirement, toward building rich, dynamic databases whose contents can be re-purposed many times over. A definitive central resource where all of the required information (and more besides) can be collated, checked, refined and updated—so that anything else that happens thereafter with that information is, by default, correct and compliant.
The pharmaceutical sector, which has experienced all of the pain of traditional, manual compliance activity for decades, has been relatively slow to adapt to the benefits of this approach – because of the legacy data, systems and processes it has had to unravel first.
By contrast, medical device companies are not typically encumbered by the same laborious traditional ways of working. The modern way—basing compliance activity on structured data—is something the medical device sector can adopt with relative ease. This ready-to-go data, in a consistent format, can be called up and prepared at speed using the latest digital tools to ensure efficient data exchanges with authorities, with full details/a clear line of sight across every products right along its lifecycle—for reliability traceability and protected data access.
It is through these developments that companies can start to think beyond the immediate goal of compliance for its own sake, and toward the wider benefits that come with being able to quickly access great detail about products—including their application, use, and efficacy in the real world.
Going Further, Being ‘Better’
Up to now, audits, inspections, complaints handling, and (in the context of medicinal products) pharmacovigilance, have traditionally been ways to put the spotlight on non-compliance. It is why, in the United States, we see lawyers and other professionals with roles dedicated to damage limitation and crisis management. But what if positive action and pre-emptive compliance were made business differentiators? If they became a signal to the market, and to customers/patients, that a company has an enriched sense of public duty, of ‘wanting to do the right thing’?
In the current time of continued COVID disruption, and more recently the Black Lives Matter movement, and the expectation that businesses review their culture, policies, and practices, markets and customers have heightened sensitivity to whether companies are ‘walking the talk’, or whether everything they do is secondary to making a profit.
In life sciences chemistry, manufacturing and control (CMC) and, more recently, safety disciplines, new concepts have been developed by adopting a proactive rather than a defensive approach to compliance. The ‘Quality by Design’ initiative in CMC makes it possible to incorporate potential non-compliance risk in the development phase of the manufacturing process, for instance. The idea is to establish methods to increase robustness, minimizing post-market manufacturing inspection impacts. And, by extension, improve the patient experience by bringing better products to market, faster.
The premise of proactive safety planning is similar—eliminating more risk at the outset, simultaneously hitting two targets: A higher/faster market success rate and becoming a more trusted brand/supplier.
Here, risk management plans involve anticipating and paying close attention to an initial holistic review of all aspects (both positive and negative) of a product from its earliest development stages, allowed to anticipate and mitigate the safety profile of each device or drug.
In a world where more and more detail is captured about products, and shared with agencies right across their lifecycle—in some cases even made accessible to the public through digital channels— anticipating non-compliance becomes strategically important for a whole range of reasons. Companies don’t just want to avoid fines; they want to improve their safety records and show the public where their priorities really lie.
Anticipating Next Requirements
Companies can still look for cost efficiencies in all of this. Rather than lament next waves of regulatory demands, smart companies will look out for them—and be ready.
This means maintaining active ‘compliance intelligence’—proactively identifying and anticipating trends in emerging rules, laws, or good practices. Regulation rarely comes out of nowhere. First, positioning papers are composed, shared and developed. Then, guidelines and staged implementations follow, with time allowed for transition. Where once the tendency might have been to ‘wait and see’, in case of delays or changes to requirements, companies are realizing increasingly that deferring action can put them on the back foot and render them less able to capitalize on adjacent opportunities for the business, and for customers/patients.
As new regulatory measures start to take form, we would advise the relevant team within the company—or a suitable partner—to conduct a risk assessment within the context of the organization’s business model, highlighting points to anticipate. Once official requirements are published, the next task is to perform a gap analysis identifying all the potential implication arising. These might range from a simple but time-consuming review of a number of inter-related documents and data that will be involved/affected, to potential additional technical and scientific work (i.e., to replace a banned ingredient/questionable material by another) —and then gain approval from the authorities for any changes made.
New Vision, New Delivery Models
If the company has adopted a proactive approach to compliance, or even better, is harnessing compliance as a lever to optimize how it develops and manages products, then it is important to capture the lessons learned, perform a risk assessment and engage in process changes through a controlled transformation process.
By elevating compliance to something higher, more proactive and a powerful contributor to business success and patient outcomes, companies might also consider spinning off the whole activity. This could involve appointing a dedicated team (usually associated with a risk management department), or even relying on a service partner to outsource it.
Either way, companies have two choices: Continue to react to each new requirement as it comes along, with reluctance and resentment at the resources it will consumer (again!); or reimagine the entire discipline as something that could help the business be better and do better.