Medical Device Servicing
After two years of deliberation, the FDA recently released its “Report on the Quality, Safety and Effectiveness of Servicing of Medical Devices” in accordance with Section 710 of FDARA, its reauthorisation act.
Quality management systems framework for ISOs
Focused on improving patient safety, the US regulator now expects independent service organisations (ISOs) and hospital systems servicing devices and equipment for other hospitals or facilities to establish and maintain quality management systems (QMS) consistent with such standards as ISO 9001:2015.
In so doing, the agency struck a balance between the interests of medical device manufacturers (OEMs) and those of ISOs and hospitals.
Increased costs and heightened scrutiny
As a result, ISOs face increased costs and heightened scrutiny – tough challenges for an industry that, while a growing $50 billion market, is highly fragmented, competitive and low margin. Indeed, it’s not hard to imagine big players like Aramark Healthcare Technologies and TriMedX, both of which have robust quality and risk management programmes, using their financial and operational scale at the expense of SMEs.
In turn, fewer outsourcing alternatives will likely be available for hospitals at higher costs – just when value-based reimbursement is starting to pinch and their ability to afford in-house clinical engineers, who are in short supply, is constrained.
Stuck in the middle
It could have been worse, though. Having read through the 176 comments submitted to the agency and a recent public workshop on the matter, it’s clear the FDA opted for the middle ground. It declined to adopt the OEMs’ recommendations for direct regulation, instead insisting ISOs raise the bar with regards to quality and accountability.
The two sides are stuck in the middle with one another. And judging from their respective submissions to the FDA, friction, tension and distrust are likely to persist should both sides cling to traditional business and operating models.
In this article, the first of two, we’ll take a look at each party’s position – arguments, complaints and justifications for the way things are today – and what they’d rather have seen from the FDA.
In the second article, we’ll explore the middle ground more deeply. We’ll offer our observations and suggestions about how things might change to the benefit of patients, their families, and the clinicians and others who care for them. Importantly, while our catalyst for writing about the topic is the US situation, many of the issues apply in other countries. As such, our views reflect global concerns.
Comments from OEMs
OEMs argued consistently in their FDA submissions for regulatory oversight of ISOs. They cited ISOs and in-house staff for problematic repairs, use of improper parts, technical incompetence, non-conformance with standards, unnecessary downtime, and inadequate recordkeeping of service activities performed.
OEMs also provided evidence of incidents and adverse events they attributed to non-OEM service work. Several went further. They asserted that lack of regulatory reporting (e.g. adverse events) prevents them from conducting root cause investigations and implementing corrective actions.
Advamed, the industry’s association, summarized its members’ concerns as follows:
· Medical device repairs are being performed by untrained, unqualified personnel who may not be using the necessary specialized equipment or who may not be performing appropriate calibration and testing to ensure the product is safe and effective before it is returned to use;
· Medical device replacement parts, components or sub-assemblies of unknown provenance (e.g., potentially salvaged from non-functional equipment) or manufactured by third-party entities which claim compatibility with OEM devices, are available on the open market and are being used in the service and repair of devices;
· Medical device repairs are being performed without required compliance with core servicing standards to which OEMs are held under 21 CFR Part 820 and which AdvaMed believes is essential for the safety and efficacy of regulated medical devices.
Too, several leading manufacturers stated improper repairs could lead to liability on their part. They also expressed concerns about brand reputation risk and loss of sales when activities performed by third parties are not traceable and attributable to those parties. In short, they’re left on the hook for others’ actions or inactions.
Comments from ISOs and hospital systems
For their part, ISOs and hospital systems had a variety of complaints about OEM service models, including:
· Lack of technical training and comprehensive service manuals
· Refusal of OEMs to sell parts so customers or third parties can perform in-field repairs; or packaging of parts as costly sub-assemblies
· Unwillingness to provide access to proprietary software and algorithms
· Unwillingness to provide access to on-board diagnostics and tools unless bundled with training, dongles and passwords as part of service agreements
· Bundling software upgrades into expensive service and maintenance contracts
· Lack of serviceability of designs that fail to take into consideration field maintenance and repair, leading to forced dependence on OEMs through service contracts and/or time and materials services
· Understaffed and slow to respond OEM field service organisations
They also maintained that evidence of adverse events caused by poor maintenance policies and practices on their part is lacking. Indeed, ECRI submitted data suggesting that less than .0005% of incidents were attributable to service activity performed by third parties or end users.
Given this list, both ISOs and hospital systems argued that regulation by the FDA would needlessly raise their costs without improving patient safety. They issued a common call for improved collaboration among manufacturers, their customers and the third parties upon whom customers rely for timely, cost-effective service.
Calls for improved collaboration and information sharing
There’s that word – collaboration. Collaboration implies a middle ground where both sides share pertinent data and information. It suggests cooperation to achieve outcomes they’d otherwise be unable to accomplish independently.
Indeed, manufacturers acknowledged the need for such information sharing in their comments – not just in the case of adverse events to meet their post-market surveillance obligations, but also to ensure third parties perform service activities in ways that result in the safe and effective operation of devices.
Here’s a summary from Advamed of what third-party entities need to know:
· Training related to the level of repair they are performing.
· Access to product specifications.
· Notification and content of product upgrades (e.g., firmware or software updates to remove bugs, hardware updates as a result of correction activities, etc.).
· Release/performance criteria to place the device back into service to ensure its safe and effective operation.
· History of the instrument (cycles, mechanical failures, etc.) to determine if the instrument is beyond its mechanical limits.
· Replacement part history (whether or not known wear parts have been replaced).
· Access to OEM-manufactured or approved spare parts or components.
· Access to specialized repair equipment, custom retest fixtures or calibration equipment.
· Staff certified and trained on the device.
Device history traceability
Advamed goes further in pushing for data and information sharing. It claims that OEMs and their affiliated partners face significant challenges with regards to device history traceability beyond the manufacturer’s records.
Because they don’t know whether updates were implemented and what activities were performed by whom on what date and on which devices, “OEMs and OEM-affiliated partners must often correct the inappropriate repairs or damage to the device brought about by third-party entity refurbishment, servicing, and/or repair activities.”
Our observations about the path forward – Part 2
In Part 2, we’ll look at how the data and information sharing both sides acknowledge is necessary might be enabled. We’ll outline key design considerations that protect the interests of various parties within the medical device servicing ecosystem while also yielding significantly improved levels of transparency, traceability, verifiability and auditability.