Both risk management and clinical evaluation are interdependent and hence, must be cross-referenced and updated concurrently and regularly. As a part of clinical investigation, all the clinical risks must be identified in the risk management file and addressed as part of clinical investigations, the clinical evaluation and post-market clinical follow up (PMCF). Data gathered through post-market surveillance must be used to update the benefit-risk determination and improve risk management. Additionally, these can also serve to update the technical documentation relating to risk assessment and clinical evaluation. Like the clinical evaluation plan, the PMCF plan must also be linked to the risk management processes.
In addition to the requirement for a PMCF, manufacturers of class IIa, class IIb and class III devices must also prepare a periodic safety update report (PSUR) for each device (and groups of devices where relevant). The PSUR includes the results and conclusions of the post-market surveillance analysis and any corrective or preventive action taken, and the updated benefit-risk determination. The PSUR must also include the “denominator” for the data in the form of sales volume or estimated usage of the device. The PSUR must be updated periodically (timeframe for updating the report is based on device risk class) and must be done so with consideration for risk activities.
Another new requirement specifically for implantable and Class III devices is the Summary of safety and clinical performance (SSCP). Residual risks, undesirable effects, warnings and precautions must all be included in the SSCP which is submitted to the Notified Body (NB) during conformity assessment and uploaded by the NB to Eudamed so that the information is available to the public. Under the new EU MDR 2017/745, there is an increased requirement to conduct clinical trials (clinical investigations) on certain risk classes of medical devices (Article 62). The Eudamed module for clinical investigations will be publicly accessible under the EU MDR. However, the European Commission postponed the EU MDR date of application (DoA) for one year due to the COVID-19 pandemic. Therefore, there appears to be a delay in the new Eudamed and all its modules that were intended to replace the existing Eudamed.
Interestingly, the EU MDR seemed to have anticipated the Eudamed delay under Article 123d:
“Until Eudamed is fully functional, the corresponding provisions of Directives 90/385/EEC [Active Implantable Medical Device Directive (AIMDD)] and 93/42/EEC [Medical Device Directive (MDD)] shall continue to apply for the purpose of meeting the obligations laid down in the provisions listed in the first paragraph of this point regarding exchange of information including, and in particular, information regarding vigilance reporting, clinical investigations, registration of devices and economic operators, and certificate notifications.”
The regulation introduces a concept alongside harmonized standards, called Common Specifications (CS), that is to be implemented wherever harmonized standards are not present or insufficiently cover the requirements. CS addresses requirements for both products and quality system management. Thus, there will be CS for safety and performance requirements for devices (specifically, high-risk devices such as implantable and class III devices) and quality system requirements (for technical documentation and risk management). When a CS is implemented for risk management, you will want to ensure that your risk management processes, and documentation are compliant.
In summary, your risk management, clinical evaluation, PMCF, and PSUR procedures and plans must all be synchronized, and each resulting report must each consider the data and results of the others. As before, devices are required to achieve the performance intended and must be designed and manufactured to fulfil their intended purpose. While the task of becoming compliant may seem daunting, review the EU MDR and highlight new requirements and differences between the new regulation in the existing regulations and standards with which you comply, develop a general plan for revising your procedures and other documented requirements. This plan should include assignments for responsible parties within your organization. With the EU driven by the need to strengthen the regulatory platform, under the new regulation, the devices must not compromise safety, and the individual and cumulative risks must be outweighed by the clinical benefit.