In the highly regulated medical device industry, it’s vital to meet compliance. But how can this be accomplished in the most streamlined manner? Product Lifecycle Management (PLM) software can provide a viable path. We use an example from the device maker AgaMatrix as a case in point for 21CFR Part 11 compliance.
New innovations in medical device designs come with important regulatory considerations such as 21CFR Part 11, ISO 27k, DPA, and 45CFR164. Heeding regulatory affairs, quality assurance and validation processes can help deliver better performing products.
Numerous apps are available to assist healthcare providers and patients with important tasks like information and time management, training, health record maintenance and access, patient management and monitoring, communications and consulting, reference and information gathering, clinical decision-making, and medical education.
AgaMatrix was one of the first medical device companies to link its blood glucose meter to smartphone technology so patients could monitor blood sugar, chart activity and allow transfer of data to their smartphone—allowing all pertinent information to be shared with healthcare providers, family, personal trainers, and friends.
Patient Access to Medical Devices
AgaMatrix has been successful in providing a white-labeled blood glucose meter sold commercially at retailers from CVS to Amazon to Target. With several new products in the works, they have looked to not only build smart medical devices, but to create an ecosystem of innovative solutions.
The company has experienced rapid growth over the past few years, expanding from 70 to more than 500 personnel. One challenge has been managing the transformation from manual processes to automated ones while remaining in compliance with all regulations. According to Frost and Sullivan, the cost of 21CFR Part 11 compliance - which establishes FDA regulations on electronic records and electronic signatures (ERES) - can vary from $5 million to $400 million, depending on a company’s size and current systems.
Here are the lessons AgaMatrix has learned in their transition from manual to automated processes for compliance. PLM software has been a key part of this:
Lessons in Manual vs. Paper Processes
Conducting a risk assessment should always be a device manufacturer’s first step, and it should include understanding the current good manufacturing practices as mandated by the FDA. Device manufacturers are required to record, track, manage, store, and easily access various production documents and their detailed change history, including engineering change orders (ECOs).
Companies need to determine which systems are paper-based or non-compliant. Each system must be analyzed to resolve risk and also the cost to convert a paper system to an electronic system. During an evaluation, the team at Agamatrix realized that rather than using several single-purpose products, it could do everything necessary to comply with CFR Part 11 within their PLM (product lifecycle management) software, for which they were using Omnify Empower PLM.
The PLM software was able to handle ECOs and management of electronic documents as well as storing technical feasibility studies, engineering source code, release notes, audit requirements and product images. Having a single repository for this information meant that AgaMatrix could streamline product information across teams as well as with contract manufacturers.
Because of the relationships with suppliers and contract manufacturers, AgaMatrix needed to maintain strict controls as to what these companies could access. The PLM was configured to provide proper permissions for outside parties to easily access bill of materials, product documentation, and testing scripts. Entities can also manage any medical claims at the corporate website through Omnify’s PLM.
Lessons in Software Validation
All software used to design medical devices must be validated to ensure it’s in compliance with all appropriate regulations, and all validation results must be carefully tracked. One of the first things a project manager should do on a new project is to see what software is available for use (i.e., already validated). This list is available within the PLM system.
If the project requires software that has not yet been validated, the project manager can easily check to see what testing is needed for the software to be validated. The project manager can initiate the validation project within the PLM software so that IT can refer to it and tracking of the validation process can begin.
Lessons in Meeting International Regulations
In order to maintain CFR Part 11 compliance for devices sold internationally, regulations must be addressed for multiple countries. Through the PLM software, AgaMatrix can manage multiple global locations and a variety of country-specific regulations. Device manufacturers must pay attention to European and US certifications such as CE Mark and GS Mark, in which the TUV (the German Technical Inspection Association) and FDA come in to conduct compliance audits. In addition, security audits for ISO 2001 compliance, penetrative testing of the cloud environment, and user space should be analyzed. All smartphones and tablets used to connect medical devices to the cloud must be tested to ensure they comply with the UK’s Data Protection Act.
Many countries have strict laws around data and where it resides. For instance, France insists on an approval process for data leaving the physical confines of the country unless it is through a pre-approved vendor like Microsoft Azure or Amazon Web Services.
From a fifty-thousand-foot perspective, it seems relatively simple to ensure one is creating a safe, quality medical device. The reality is that companies must ensure all country-specific and local standards are being met. Companies often need to work with several external auditors and legal counselors to ensure compliance is achieved in every jurisdiction. PLM helps ensure all regulations are met and tracked throughout the product lifecycle. In the example of AgaMatrix, Omnify helps to properly track electronic signatures, providing electronic audit trails/history tracking, security controls and reporting. Therefore, the audit process is vastly streamlined.
Lessons in New Workflows
PLM software helps create new electronic workflows for a device manufacturer. For example, rather than holding a team meeting to discuss what needs to happen with an ECO the team may simply rely on the software to provide them with the details they need to sign off.
In general, this is a positive change. However, it’s important not to do away with so much human interaction that relationships between co-workers or departments are affected.
In addition, just because multiple reviews can be specified for a particular ECO doesn’t mean it’s a good idea. It’s important to find a balance between efficiency and thoroughness. Keep reviews to an efficient number, and make sure one person has the authority to look at every department’s ECOs and make the final decision.
As with any major software implementation, it’s critical to review all processes to see which are working, which need to be adjusted, and which need to be eliminated once the teams are up and running on the system. For example, even though Microsoft Word is used during projects, it doesn’t need to be validated for the device to be in compliance. Similarly, there may be processes that are essentially holdovers from paper-based systems that can be eliminated, as well as some system-based processes that don’t add value.
Collaboration, Compliance, Automation, and PLM
Moving from a paper-based compliance system to a more automated PLM system has enormous time saving possibilities. AgaMaxtrix was able to grow rapidly without compromising quality while ensuring all products remain in full compliance with regulations. At the same time, their team learned the importance of encouraging collaboration between individuals and teams, even as processes changed and frequent interaction became less necessary.