Is it Acceptable to Push Back if You Disagree with a Notice of Violation or 483?

It certainly is acceptable to push back, but you need to be able to do that in a professional and politically correct manner. The best way to do that is to push back during the course of the audit or while the inspection is still in progress. If the investigator indicates that he or she has a particular concern, it is important to first understand their concerns, make sure they are not misinterpreting your quality system or your process or procedure, and make sure you have presented all your appropriate artifacts and objective evidence.

USDM does this during readiness assessments to make sure that if there are any observations, issues, or concerns being raised that the organization has had every opportunity to present proper documents or proper objective evidence. The burden is on you to make sure that you are presenting your case and defending your procedure.  FDA investigators don’t go out of the way to ask you to present all of the evidence in support of your rationale, scientific justification, or basis for your process or procedure. You can do that in a professional and politically correct manner in order to respectfully challenge them. If they’ve indicated they have an observation or a notice of violation, take that opportunity to make sure you have presented your case and presented all of your evidence.

Many issues can be resolved during the course of an investigation. If the inspection is concluded and you receive the report and there are observations there that you do not agree with or that you don’t find inaccurate, you can respond in your written response and you can indicate any additional information, artifacts, or rational. You can certainly provide additional information in the response to the Establishment Inspection Report (EIR) but in USDM’s experience, it’s better to resolve any issues while the inspection is still ongoing.  Many times you can resolve issues on the spot so they don’t show in the report as a comment or a 483.

USDM Life Sciences has a combination of over 100 years in regulatory compliance, Quality Assurance, Quality Systems and auditing. USDM’s auditors in the Global Audits Practice Team perform audits on Pharmaceutical, Biotech and Medical Device companies in the US and abroad.

With Each Submission of Data Using the Cloud System for Integration, Does Each System Need to Be Qualified? If So, How Does That Process Work?

Cloud systems must be qualified. Qualifying a cloud system is similar to the regular qualification and validation of hosting systems. This being the case, there are some nuances within the service that can be helped by selecting the vendor that best suits the needs of your business. The correct vendor can provide stable infrastructure that can be leveraged to qualify your system. Establishing a Service Level Agreement (SLA) with the vendor provides assurance that they will follow the protocol and take ownership of the system’s qualification. To ensure that nothing is adversely affected, vendors provide notice of changes. Changes made are followed by delivery notes as well as risk based testing. When qualifying a cloud system establish a SLA with a vendor that has a stable, reliable process.
The USDM Life Sciences Cloud Team is the one you can trust when looking to move applications and business processes to the Cloud. Our team of cloud experts understand compliance, validation, implementation, mobile, data security, data migration, and system integration, and we ensure that leading cloud vendors meet and maintain compliance regulations around the globe.

What is FDA Doing to Enforce the Regulation on Medical Device Manufacturers? What are the Consequences of Non-Compliance for the Provider?

Food and Drug Administration (FDA) is working very closely with all of the manufacturers so there should be few problems with compliance. Some of the manufacturers have requested extensions of 30, 60, or 90 days for various reasons but not for extended time frames. All class III packages should now be received with Unique Device Identification (UDI).

Devices within the supply chain before September 24, 2014 are not required to be re-labeled. There are also exemptions from UDI for kit and non-sterile devices, as well as individually requested exemptions by companies. An assessment of devices that should be in the Global Unique Device Identification Database (GUDID) versus how many are in GUDID will result in a percent compliance. When assessing the need to be compliant for the goods in commercial distribution with the exceptions, there is adequate explanation for why there are less than the expected amounts of devices on GUDID. After taking this into account, report any issues to the FDA so that the FDA is aware of which manufacturers they need to work with for compliance.

With regards to the provider, at this time the FDA does not have a plan to reach out to providers and investigate why the information was not provided. Jean Sargent, Vice President of Healthcare Strategy and Implementation at USDM Life Sciences, has reason to believe that this could change with time. As a case in point, 15 years ago an FDA regulation stated that hospitals could no longer make their own medical devices then sterilize them unless they registered as a manufacturer with the FDA. The FDA began  going into hospitals in order to make sure either all “manufacturing” was ceased or that the organization was approved by the FDA to manufacture products. In this case, FDA worked closely with The Joint Commission using Joint Commission’s surveyors to investigate the compliance. Jean assumes something like this could happen in relation to the current regulation.

USDM Life Sciences offers healthcare a comprehensive assessment, strategy and solutions to implement end to end traceability of pharmaceutical and medical devices from point of receipt through to the electronic health record.

If a CRO is Managing My Clinical Trial Data, What are My Validation Responsibilities?

If you have a Contract Research Organization (CRO) that is managing and hosting your content and you're accessing their content management solution. The responsibility is on the CRO to have a validated compliance content management solution for your content. However, you have to do due diligence and close your vendor auditing practices, as well as your vendor management processes, and your SLA with your CRO to ensure that you've done proper due diligence to make sure that they are properly managing your content. The burden is effectively on the CRO, however you have to do your due diligence to ensure that you're auditing them appropriately out of their system validation materials, as well as making sure that the processes and procedures are up to par for managing content.

The USDM Life Sciences Clinical Services and Solutions team provides our clients (from start-up Biotech to large Pharma/Device) with the latest technology, processes and strategies to assist with efficiency, quality and compliance in any scenario and offers our clients a cost-effective, proactive and unified partnership in goal achievement.

What are the Costs, Elements, and Approximate Timeline to Implement a Compliant Field Service Solution?

It really depends on how many users you're looking at and some of the complexities with your environment and requirements. As far as line items, you're going to be looking at the field service application licensing. We have to get the application into our environment -- into the user's hands. How many people do we have? That is going to be one dollar amount.

Then you've got the implementation services. Those, you can imagine, vary quite a bit depending on, again, the size of your service organization and some of the various requirements that you have with your different field service processes. Those implementation services are also going to include the initial validation that we would perform. Again, it's all one professional service number. Then, you've got the subscription for the ongoing validation documentation that USDM provides with each seasonal release. Those are the ways we would just provide a high level breakout for the different costs involved.

As far as the timeline, what we're seeing out there is an average of 3 to 6 months to implement a validated field service application. Again, the timelines can go up or down based on a couple of things. Most often it's around data migration. How much data are we starting with? Do you have years and years of field service history that we need to bring in and make that available within ServiceMax. If yes, that's just going to take a little bit more time.

Also integration. ServiceMax is built on a platform which is extremely open, and it's not hard to tie in to other systems like your ERP, a complaint management system. But, it's just those things need to be thought about and brought into the project. You can, like I said, depending on the complexity, either lower that amount of time or extend it out a little bit.

The USDM Life Sciences Cloud Team is the one you can trust when looking to move applications and business processes to the Cloud. Our team of cloud experts understand compliance, validation, implementation, mobile, data security, data migration, and system integration, and we ensure that leading cloud vendors meet and maintain compliance regulations around the globe.

What is the Recommended Approach for Control on Non-Regulated Laboratory Instrumentation?

Michael Ambrose, Vice President of Lab Services and Solutions at USDM Life Sciences says his approach would be for a calibration or a qualification. For instance, if it's a basic instrument, he’d still want to calibrate it. He would still want to have a set of requirements to say what the calibrations test points and ranges should be and make sure that that system is producing data that I could consider valid, even if it's not going into a regulatory document or submission. The same with qualification. He would definitely have manufacturer's specifications being met before I installed an instrument and the analogy I use often is a librarian is going to want to get their books back if they're using a software to track it. They're going to want to do some type of testing, make sure the software works, make sure it's installed properly and that would go for any of the basic laboratory equipment. The place he would maybe change if it wasn't validated, if it wasn't regulated, would be a validated system.

Ambrose says he might not do the extent of extra documentation, but would certainly have requirements and testing around any software that was used in a lab just for data integrity and data security reasons.

USDM Life Sciences offers a complete suite of laboratory enterprise validation and compliance services led by a core team of highly qualified, scientifically trained laboratory instrument/systems specialists.

Unique Device Identification - A Hot Topic in Healthcare

Unique Device Identification (UDI) took center stage at this year’s AHRMM 15 Conference.  In the hallways and in sessions, including my panel session on the topic, hospitals, regulators, solution providers and suppliers discussed the obvious benefits of having consistent, accurate and unique identifiers for devices and pharmaceuticals to ensure better tracking throughout the healthcare supply chain to reduce counterfeiting, speed recalls and improve post-market surveillance. With the UDI regulation for devices, FDA’s implementation of the Drug Supply Chain Security Act (DSCSA ) and The Joint Commission tissue tracking all in full force this year, in addition to unique ID data capture requirements proposed under Meaningful Use (MU) Stage 3, many hospitals and suppliers are working hard to not only comply, but excel in this incredible time of technology and change. The industry is in the midst of transformation as it learns to harness and hone tremendous amounts of data to propel accuracy, safety and security in the nation’s healthcare system, while also meeting tight regulatory deadlines.

Those who incorporated the UDI into their information systems for last year’s Class 3 implant requirements are reaping the benefits of accurate, consistent product information.  Others still have to catch up. AHRMM attendees stated, for example, that they are not aware of all the UDI requirements, even the ones providers are responsible for, such as storage of the entire UDI, including production identifiers, for retrieval in adverse event reporting.  Proposed MU Stage 3 requirements for Electronic Health Records will provide the software enhancements to make this possible for implanted devices as well as document in registries and support value analysis.  The industry as a whole needs to be better informed on what's in the UDI regulation, who and which items are affected and when the deadlines are.  USDM Life Sciences will publish more details around this topic, including upcoming blogs about which products require UDI and how hospitals can use Master Data Management as a strategy to make sense of all their data.  In the meantime, you are not in this alone.

USDM Life Sciences offers healthcare a comprehensive assessment, strategy and solutions to implement end to end traceability of pharmaceutical and medical devices from point of receipt through to the electronic health record.