A yearlong investigation into medical device safety risks highlighted numerous medical devices either failed or harmed patients in some way. Most medical devices are not approved as drugs are. Rather, an application is made showing similarity to existing devices. If a device is a novel design a de novo request is made with the FDA. Kaiser Health News wrote:
The investigation has found that most medical devices, including many implants, are now cleared for sale by the FDA without tests for safety or effectiveness. Instead, manufacturers must simply show they have “substantial equivalence” to a product already in the marketplace — an approval process some experts view as vastly overused and fraught with risks.
Substantial equivalence is claimed through a regulation known as 510(k). It is an abbreviated clearance to market, whereby a developer uses premarket notification to show their product is similar (substantial equivalent) to devices already cleared and being marketed.
And once those devices reach the marketplace, the FDA struggles to track malfunctions, including deaths and injuries — while injured patients face legal barriers trying to hold manufacturers accountable for product defects.
This is where the story goes off the rails. The article insinuates that more rigorous, more expensive regulations are needed when merely enforcing the rules that exist would likely mitigate many of the problems.
The FDA now clears about 3,000 low- to moderate-risk devices every year through 510(k) review, which costs the device maker a standard FDA fee of about $22,000. That compares with about 30 approvals a year through the stricter premarketing requirements, which cost nearly $500,000 per device, according to FDA data.
The U.S. Food and Drug Administration (FDA) has regulations in place designed to protect the public from malfunctioning medical devices. Production requires current good manufacturing practices, called GMPs. The FDA’s history of medical device regulation is explained in the link.
Current good manufacturing practices comprise a precise system of controls to design, manufacture, maintain and track products regulated by the federal health agency. FDA auditors are supposed to review these procedures to: 1) verify there are credible cGMP procedures in place, 2) make sure the procedures/parameters are validated, 3) verify they are being followed and 4) make sure complaints are being tracked, investigated and remediated.
I have just encapsulated tens of thousands of pages of quality & regulatory principles into four simplified bullet points. The process of establishing quality controls follows an engineering logic and works. One of the most important aspects of these regulations are to track, investigate and remediate complaints, while thoroughly documenting the process. Complaints are the feedback loop medical device makers use to improve or repair their mistakes.
An example used in the KHN article is a type of insulin pump that came onto the market in 2016. By 2019 the manufacturer issued a recall, a serious admission that something was wrong and must be dealt with quickly.
During an inspection at Medtronic’s plant in Northridge, California, FDA officials learned the company had logged more than 74,000 ring complaints between 2016 and the November 2019 recall. More than 800 complaints weren’t investigated at all, according to the FDA, which sharply criticized the company in a December 2021 warning letter.
Failing to investigate 800 complaints (~1%) is not the worst of it. Having 74,000 complaints in three years is unbelievable. Reporting a complaint is supposed to be straightforward, not require jumping through hoops. Complaints are sorted into categories based on risk, type of failure and frequency of problems using trendlines, histograms, root cause analysis, etc. The timeline for corrections should be initiated based likelihood of failures and on the risk of injury or death from a failure.
How does the FDA enforce compliance? They perform audits, mostly by sitting in a manufacturer’s conference room digging through documents. Nowadays it’s often done remotely. Conference room audits and remote Zoom audits gave companies the idea that compliance is a paperwork exercise. The thought goes, if you can create and assemble the appropriate documents on paper, you can pass your audit. However, that does not mean the product is safe or that the quality and regulatory procedures are actually followed. It often helps to get on the factory floor and talk to workers, observe them and the procedures they follow.
One of the biggest problems with medical device safety is the least understood and least appreciated: management controls. Does management have a strong stance on tracking and remediating problems or are problems swept under the rug? How much authority does the quality & regulatory (QR) department have: Is QR one person who reports to the marketing department? Is it one person who reports to the vice president of production. Both are a huge red flag. Marketing has no knowledge of engineering and does not want to hear unwelcome news. Production is more interested in getting products out than getting products right. In addition, one person is unlikely to be able to do it all.
A couple more areas of concern have to do with clinical testing. When new products undergo clinical testing the devices are often built by engineers in a lab then painstakingly assembled by experts. Transitioning from custom-made in a lab to a production floor assembly line is a whole other ballgame. What often happens is one firm designs and markets the device, while a contract manufacturer produces it. Contract manufacturers may be far removed from compliant files and revisions. The FDA is currently moving away from GMPs to ISO13485, another set of standards that will likely make compliance even more difficult.