Вы находитесь на странице: 1из 39

Crossing the Threshold

( FDA Regulatory Requirements for Medical Device


Manufacturers)

DESIGN CONTROLS

FDA

Medical Device Design Controls

Introduction to the FDA


Definitions
Classes of devices
Design control overview
Risk assessment
Verification and Validation testing
Software Quality Assurance
Labeling
Post design transfer issues
2

Regulations
CBER

Biologics
21 CFR 600/601/610
Blood
21CFR 606
21CFR 1270, 1271
(tissue)
21 CFR 58 (GLP)
21CFR 11 (electronic
records)

CDRH

Devices

CDER

Drugs

21 CFR 56 (IRBs)

21 CFR 56 (IRBs)

21 CFR 58 (GLP)

21 CFR 58 (GLP)

21CFR 11 (Electronic
records)
21 CFRR 800-1050
(devices)
21 CFR 807 (510(k))
21 CFR 812 (IDE)
21 CFR 814 (PMA)

21CFR 11
(Electronic records)
21 CFR 210, 211
(Drug GMPs)
21 CFR 312 (IND)
21 CFR 314 (NDA)

21 CFR 21 CFR 820


QSR (GMP)

What is a Medical Device?


Type of Product:
An instrument, apparatus, implement, machine,
contrivance, implant, in vitro reagent, or other
similar related article
Intended use:
for use in the diagnosis of disease or other
conditions, or in the cure, mitigation, treatment or
prevention of disease . . . or intended to affect the
structure or any function of the body
Mode of action:
and which does not achieve any of its primary
intended purposes through chemical action within
or on the body or by being metabolized.
FD&C Act, 201(h)

FDA Oversight in a Medical Device Life


Cycle
Research

FDA review
Design and Development

Good Clinical Practice


Clinical Trial Controls
Good Laboratory Practice
Investigational Devices
Exemptions (IDEs)

Design Controls
Good Lab Practices
Document Controls
Electronic Records

Manufacture and Service


Quality Systems Requirements
Establishment Registration
Labeling Controls
Design controls

Recalls
Complaints
Medical Device Reporting

510(k) Clearance
PMA
Document Controls

Obsolescence
Record
Retention

12 CFR 820.30
Requirements

All Class II and Class III devices, and


some Class I devices require design
controls.
Written procedures required. Procedures
are controlled via document control.
Information about the design must be
readily available to FDA Design History
Files.
Design controls can continue through
the manufacturing and service phase.
6

Intended use

Class I-Simple, Low risk.

General controls needed (registration,


labeling, GMP)

Class II- More complex, Medium risk.

Product Class

Need 510(k) approval (some exemptions)

Class III- Complex, High risk.

Generally life support, life sustaining,


preventing impairment to human health or
unreasonable risk to human life. Premarket
Approval (PMA) needed prior to market.

Examples

Quality System
A Medical Device Quality System is
designed to assure that products are
Safe and Effective for their Intended
Use
and
Consistently meet the specifications
as defined by results of clinical and/or
detailed technical design and validation

Design Control Elements


21CFR 820.30

Design Planning
Design Input (Requirements)
Design Output (Specifications)
Design Reviews (Technical)
Design Verification (Meets
Specifications)
Design Validation (Meets clinical needs)
Design Transfer (Moves from Design to
Manufacturing)
Design Changes (Formal Process)
Design History File (DHF)
10

Stage-Gate Method

Defines phases of project.


Uses design reviews and approvals as
gates between phases.
No
.no
No

No

Feasibility and
planning

OK

Design Review

OK

Design and
development

OK

Design Review

OK

Verification and
Validation

OK

Design Review

OK

Transfer to
manufacturing

Design history file

11

Design Controls
General Stage-Gate Process

12

Design Planning

Feasibility Studies
Risk Assessments
Project Plan Defines Interfaces with
Others
Stage-Gate Methodology
Constantly Changing

13

Design Input-Feasibility

Where

What

Customers
Technical Papers
Medical experts
Service people
Intended Use
Technical Requirements
Safety Issues

How

Documented
Approved
Filed
Formal Change Control System

14

Risk Assessment

15

Risk Assessment
Feasibility
Clinical Risk
Summary
Design Input

Preliminary
Design
Specification Trace Matrix:
(links between)
Specification
Risk Analysis
Fault Table
Test Plan

Preliminary Risk
Assessment:

Mitigations:

Final Risk
Assessment:

Risk Management
Document, Approvals

16

ISO 14971
Risk Assessment
Example
Example of a Hypothetical Risk
Assessment for a Electronic
System to Monitor Patient Core
Body Temperatures

17

Definitions

Harm: Physical injury or damage to the health of people,


or damage to property or the environment
Hazard: Potential sources of harm
Risk: Combination of the probability of Occurrence of Harm
and the Severity of the harm
Risk Analysis: Systematic use of available information to
identify hazards and estimate the risk
Residual Risk: Risk remaining after protective measures
and mitigations are taken
Severity: A measure of the possible consequences of the
risk
As Low As Reasonably Practicable (ALARP): The
residual risk is reduced to a level which is as low as can be
reasonable implemented without sacrificing patient safety
or clinical utility. The risk/benefit ratio is determined to be
acceptable in light of technical feasibility and economic
feasibility of implementing additional controls.
18

Severity

Occurrence

Detection

Risk Quadrants

Current Controls

Corrective Actions

Classification of Residual Risk


1 10
Scale

1- 10
Scale

1-3 Scale

1- Risk, None to
Little

None required

None required

2- Risk, Minimal
to Moderate

Recommended

Recommended

Required

Required if no
existing
controls.
(ALARP)

Redesign *

Redesign *

3- Risk,
Significant

4- Risk, Serious

19

Rating

Effect

SEVERITY TABLE

Description of Rating

None

No effect. Device operates as intended.

Very Minor

Some customers notice defect. Device operates as


intended. No effect on patient or clinician

Minor

Device operates as intended. Slight effect on patient,


clinician or user.

Very Low

Patient comfort or convenience is slightly


Reduced but with no patient, clinician or user injury.

Low

Comfort or convenience is severely


Reduced but with no patient, clinician or user injury.

Moderate

Product is inoperable with no patient or user injury.

High

Possible transient (reversible) minor injury to patient


or user.

Very High

Transient minor injury to patient or user (possibility


of further surgical procedures).

Hazardous -

10

Hazardous
Irreversi
ble

Possibly can contribute to death, severe injury,


permanent significant disability or severe
occupational illness in patient or user.
Can cause irreversible patient or clinician harm.
(including for example organ failure, limb loss or
death)

Example

Negligible

Marginal

Critical

Needle stick

Exposure to
blood
borne
pathogens

Catastrophic

20

Occurrence
Rating

Probability of
Failure

Description of Rating
DFMEA

Failure Rate
PFMEA

Improbable

Failure is unlikely.

Failure unlikely. No failures ever associated


with almost identical processes.

1 in 1,500,000
(~ 0.000067%)

Remote

Relatively few failures.

Isolated failures associated with almost


identical processes.

1 in 150,000
(~ 0.00067%)

Isolated failures associated with similar


processes.

1 in 15,000
(~ 0.0067%)

Generally associated with processes


similar to previous processes that
have experienced occasional
failures.

1 in 2000
(~ 0.05%)

Generally associated with processes


similar to previous processes that
have often failed.

1 in 80
(~1.25%)

Failure is almost inevitable.

1 in 8
(~ 12.5%)

3
4

Occasional

Occasional failures.

5
6

Probable

Repeated failures.

7
8

Frequent

Failure is almost inevitable.

1 in 400
(~ 0.25%)

1 in 20
(~ 5%)

1 in 3
(~ 33 %)

10

1 in 2 (
50%)

21

Detection
Rating

Probability of
Detecti
on

Description of Rating

DFMEA

PFMEA

Almost
Certain

Design Control will almost certainly detect a


potential Cause of Failure or subsequent
Failure Mode.

Current Controls almost certain to detect


failure mode or Cause.

Very High

Very high chance Design Control will detect Cause


of Failure or subsequent Failure Mode.

Very high likelihood that Current Controls will


detect failure mode or Cause.

High

High chance Design Control will detect Cause of


Failure or subsequent Failure Mode.

High likelihood that Current Controls will detect


failure mode or Cause.

Moderate

Moderate chance Design Control will detect Cause


of Failure or subsequent Failure Mode.

Moderate likelihood that Current Controls will


detect failure mode or Cause.

Low

Low chance Design Control will detect Cause of


Failure or subsequent Failure Mode.

Low likelihood that Current Controls will detect


failure mode or Cause.

Remote

Remote chance Design Control will detect Cause of


Failure or subsequent Failure Mode.

Remote likelihood that Current Controls will


detect failure mode or Cause.

Absolute
Uncertai
nty

Design Control will not detect a potential Cause of


Failure or subsequent Failure Mode.

No known Controls available to detect Failure


Mode or Cause.

22

Quadrant Map
Occur
rence

10
9
Quad 4
8
7
Quad 3
6
5

Quad 2

4
3
2

Quad 1

1
1

10

Severity

23

Risk Assessment Table


Clinical Risk Assessment
Cause ID #Potential
Clinical Risk

CRA 01

CRA 02

CRA 03

CRA 04

CRA 05

CRA 06

CRA 07

Possible
effects

Potential
causes

Initial State
S

Of effect

Of cause or
failure

Controlling Action's)/
Design Mitigations

Post Mitigation
State

SpecRef

Of effect

Of cause or
failure

Of cause or
failure

Audible and Visual Check


Probe alarm
EMC testing to UL/IEC
60601-1-2 Requirements
Audible and Visual Check
Probe alarm

18
Q3

CDS-015

18
Q3

CDS-019

Score

Score
(Quad)

Patient Core
Temperature
exceeds
physiological limits
Patient Core
Temperature
exceeds
physiological limits
Patient Core
Temperature
exceeds
physiological limits

Severe
Hyperthermia
(Seizure, Death,
Brain Damage)
Severe
Hyperthermia
(Seizure, Death,
Brain Damage)
Severe
Hyperthermia
(Seizure, Death,
Brain Damage)

Probe has a
9
intermittent or
noisy signal due
to EMI in area
Probe is loose or 9
disconnected

54

54

Probe not in
9
calibration window
Wrong Temp
Probe used

63

Factory calibration window


set for 400 Series
thermistor
Software Check for probe
range
Audible and Visual Check
Probe alarm

18
Q3

CDS-002

Patient Core
Temperature
exceeds
physiological limits
Patient Core
temperature
exceeds
physiological limits
Patient Core
temperature lower
than physiological
limits
Patient Core
temperature lower
than physiological
limits

Severe
Hyperthermia
(Seizure, Death,
Brain Damage)
Severe
Hyperthermia
(Seizure, Death,
Brain Damage)
Patient enters
Hypothermia

Infection, Drug
reaction, disease
state

36

Audible and Visual High


Temp Alarm

18
Q3

CDS-012

Patient not being


appropriately
monitored

45

Audible and Visual High


Temp Alarm
Labeling and Training

18
Q3

CDS-015

Probe has a
9
intermittent or
noisy signal due
to EMI in area
Probe is loose or 9
disconnected

36

Audible and Visual Low


Temp Alarm
Design for EMI immunity

18
Q3

CDS-016

54

Audible and Visual Low


Temp Alarm
Audible and Visual Check
Probe alarm
Design fro interlocking
connector

18
Q3

CDS-018

Patient enters
Hypothermia

24

Design Output

Final design specifications

Quantitative
Documented
Approved

Final specifications are contained


in the design history file.
Final risk assessments completed.
Clinical testing may be needed.
25

Design Reviews

Formal Process
Required for Phase Approval
Checklists
Minutes
Attendees- one not associated with items
reviewed
Areas covered
Action items/open issues
Open items closed for final release
Formal design review prior to release for
manufacture and distribution

26

Design Verification and Validation

Demonstrates that all the risks


have been mitigated.
Demonstrates that specifications
have been met.
Uses a trace matrix between risk
assessment, specs and V&V plans.
Clinical trials may be needed to
demonstrate safety and/or
effectiveness.
27

Design Verification And Validation

Verification - meets specification


Validation - meets intended use
Written procedure required.
Testing must be documented,
reviewed and approved.
Software must be verified and
validated.
Manufacturing processes must be
verified and validated.
28

System Verification and Validation


ProductRequirements
Specificationcomplete

System
ValidationTest
Plangenerated

SoftwareRequirements
Specificationgenerated
andapproved

No
SoftwareValidationand
VerificationPlandrafted

Yes
SoftwareDevelopment

Plan
approved?

Plan
approved?

Detaileddesign

No

Systemintegration
completed

Yes
Planexecuted

Yes

No

PilotRuncompleted

SoftwareV&
Vacceptable?
SystemValidation
andVerification
TestPlanexecuted
SoftwareValidation
andVerificationTest
Reportgenerated

No
SystemV&V
testingOK?
Yes
SystemValidationand
VerificationTest
Reportgenerated

FinalDesignReview

29

Software Quality-Design Controls


System Design Specs and System
V&V Activities
SRS

SDS

Unit level Risk and


SRS trace

Software Verification
Testing

Unit verification activities

30

Design Transfer

Design moves from R&D to


manufacturing
Manufacturing and production
specifications are documented
Manufacturing risk assessment may
be needed
Manufacturing IQ, OQ, PQ

IQ - Installation Qualification (Equipment)


OQ - Operational Qualification( 1st ones meet specs)
PQ - Performance Qualification (Consistently repeatable)

31

Design Changes

All changes to the design after


release must be formally controlled
(Change Control).

Re-validation may be needed

Continues for the life of product.


Documentation control system is
necessary.

32

Labeling 21 CFR 801

Section 201(k) defines "label" as a:


"display of written, printed, or graphic matter upon the
immediate container of any article..." The term
"immediate container" does not include package liners.
Any word, statement, or other information appearing on
the immediate container must also appear "on the
outside container or wrapper, if any there be, of the
retain package of such article, or is easily legible
through the outside container of wrapper."

Section 201(m) defines "labeling" as:


"all labels and other written, printed, or graphic matter
(1) upon any article or any of its containers or wrappers, or
(2) accompanying such article" at any time while a device is
held for sale after shipment or delivery for shipment in
interstate commerce.

33

Rx Medical
Intended
Use Device Labeling
Indications for Use
Contraindications for Use
Warnings, Cautions
Description of the Device
User Instructions
Specifications
Corrective Actions
(Troubleshooting)
34

Labeling Controls

35

Labeling Verification

Labeling must be verified prior to


FDA review and product release.
Users should also review labeling.
Risk assessment labeling
mitigations must appear as
warnings or cautions.

36

Design History File

Record of the
Development Process

Plans
Specifications
V&V Test Results
Design Reviews
Changes to the Design

37

Class Exercise-Design
Controls

Dr. Bright and Dr. Idea have found a novel way to produce a
machine to determine if a heart attack patient has additional
blockage in the coronary arteries that may be caused by the
surgical bypass procedure (CABG). The machine non-invasively
measures arterial flow by using Doppler sonar to determine if
the arteries are blocked. It can be used in a patients home, by
itself, on post heart attack patients who may be at risk for
additional heart attacks. It transfers the data to a monitoring
station at a EMS facility for 24/7 monitoring.
They have formed a company (The Bright-Idea Company), built
a prototype and tested it in the lab on sheep and pigs. It
worked great. Now they want to begin marketing it for use on
humans.
1.
2.

3.

Is the machine a medical device?


What steps should Dr. Bright and Dr. Idea take before they can
begin marketing the machine?
What documents do they need to have on file?

38

Questions

39

Оценить