Congress has mandated that every two years the FDA will have inspected nearly every medical device manufacturer on planet Earth that sells to the United States. This isn’t happening. Some have the illusory hope that the Medical Device Single Audit Program (MDSAP) will remedy this.
There just aren’t enough FDA inspectors to do the job—not by a long shot. Consider that in 2012, the FDA’s most active inspection year in history, only five percent of overseas manufacturers registered to sell in the United States were inspected. This is one-tenth the number of foreign inspections that needs to be done each year, but the FDA simply can’t do it. The FDA has tried using third-party audits for the inspections but the “third party” has always been and continues to be set up as a voluntary system—and these voluntary programs fail. Yet, here we go again.
FDA medical device single audit program (MDSAP) raises concerns from industry
The International Medical Device Regulators Forum (IMDRF) began a pilot phase for its new Medical Device Single Audit Program (MDSAP) in January 2014. This audit combines as many regulatory audits as the manufacturer would typically face, based on the countries or economies it sells to. Due to the MDSAP approach of adding the requirements of one regulatory audit to another (instead of having one set of audit criteria like ISO 13485) this is likely to be the largest and most expensive audit ever imagined.
Certainly, there will be similarities between the different quality system requirements, so where they overlap, and there is a lot of overlap, an MDSAP would inspect those common criteria only once. However, there are also plenty of differences in the regulatory requirements in use around the world. For instance, FDA good manufacturing practices (GMPs) and Brazil GMPs are a little odd, and Japan has a minor difference from ISO 13485. Knowing all the differences, and adding the differences to the base audit criteria, the MDSAP is a mess.
Several IMDRF regulators are committing resources toward the MDSAP, however, the program has many characteristics of past third-party systems that have failed. MDSAP is a fourth attempt to help FDA meet its congressionally mandated “routine inspection” schedule. It is hoped that by grouping the FDA inspection criteria with other countries’ inspection criteria, it can attract more industry to use it. However, combining criteria has been one of the greatest deterrents to using third-party programs.
The FDA attempted its first third-party inspection program in 1998. It was part of the U.S./EU Mutual Recognition Agreement. The medical device industry in Europe did not welcome the idea of meeting a unique FDA quality system regulation in addition to the European requirements.
In 2005, the United States signed an agreement to have joint third-party inspections with Canada, under the Pilot Multipurpose Audit Program (PMAP). PMAP was a week-long ISO 13485/FDA Quality System inspection. It was expensive, and was entirely unnecessary in order to sell medical device products into the United States, so it was avoided by 95 percent of industry.
The last attempt by the FDA at a third-party program occurred in 2010 when the FDA decided to accept ISO 13485 audit reports under a voluntary audit program. Although it was much easier to meet ISO 13485 criteria, the voluntary audit program failed because the only benefit it offered to industry was one year off from the FDA’s routine inspection.
But as I pointed out, routine inspections are rare. A report published in 2008 by the U.S. Government Accountability Office stated: “FDA conducts relatively few inspections of foreign establishments; officials estimated that the agency inspects foreign manufacturers of high-risk devices (such as pacemakers) every 6 years and foreign manufacturers of medium-risk devices (such as hearing aids) every 27 years.” Getting one year off from an inspection that rarely occurs, in exchange for sharing your company’s detailed ISO 13485 audit report information with the FDA, didn’t attract the interest of industry.
The risk in giving the ISO audit report to the FDA is that it might elicit unwanted curiosity from the FDA Office of Compliance if something in the audit report doesn’t look right. However, since this was a voluntary program, no one would send in a bad report. The voluntary program simply offered far more risk to industry than benefit.
These programs all had one thing in common: They were voluntary. MDSAP won’t change that, except with regard to selling products to Canada where MDSAP may be mandatory.
Health Canada appears to be committed to making MDSAP a replacement to their existing Canadian Medical Device Conformity Assessment System (CMDCAS). MDSAP is actually being derived from components of the existing Canadian system of having regulators qualify the auditors and then having the national accreditation body accredit the organizations that provide the certification audits. Currently, only Health Canada approved registrars are able to apply to the MDSAP program to support the audits. MDSAP is basically CMDCAS on steroids. It doesn’t come cheap, so does it offer enough in return?
A presentation given by Medtronics to the Asian harmonization working party indicated that MDSAP would likely cost 25 percent more, combine several different regulatory audits into one, and share confidential audit report information among all regulatory members of the IMDRF. This latter “sharing of information” with foreign regulators likely killed MDSAP’s appeal, because some national laws restrict the types of information that can be shared with other countries.
What could be damaging to the IMDRF’s credibility and MDSAP in particular, are the politics that continue to prevent MDSAP from being anything more than another expensive voluntary program that few in industry will want to use. Voluntary hasn’t worked and won’t work, unless IMDRF provides a lot more incentive. When I asked a former FDA official why FDA continues to end up with a voluntary system, he indicated that FDA cannot adopt third-party programs that prevent FDA from doing inspections they feel are critical. This is due primarily to inherent internal distrust by the FDA toward any third-party program. Therefore, MDSAP will follow along the other FDA third-party programs that have failed, since the MDSAP reports can only be used as an alternative to a routine inspection, which rarely occurs. It remains a practical, lower risk for foreign manufacturers to skip an expensive and intrusive MDSAP audit, especially because it’s completely unnecessary to accessing the U.S. market.
Although no manufacturer likes any type of third-party audit that includes FDA requirements, the largest companies tend to be more supportive of them. The larger companies making high-risk medical devices can be inspected as often as every six months. Therefore having access to a program that gives them a whole year off is worth considering. However, MSDSAP hasn’t seen the welcome mat rolled out from big U.S. industry. Not only are there cost issues, but the fundamental complexity of grouping multiple regulatory requirements into one super audit undermines a key vision of harmonization: “Accepted once, accepted everywhere.” This is why the ISO 13485 standard was created.
MDSAP may become mandatory in Canada in 2017. How will industry respond to the new program if it is more expensive, adds FDA Part 820 quality systems requirements, and exposes detailed audit information to other countries? Since Europe is not able to rely on MDSAP for CE-styled conformity assessment audits (for a variety of reasons), will industry need a separate EU audit, or just more audit days piled on?
MDSAP, at best, could apply to 10 percent of medical device manufacturers worldwide. There are 245 economies listed by the FDA as places that could produce medical devices to the U.S. market. Each of these exporting countries also has their own needs for healthcare products and healthcare protections. Since most of these countries trade regionally and even locally, away from the realm of the IMDRF members, what kind of international program will work best for them?
MDSAP raises more questions and cost concerns than any other third-party program ever created. It is certainly going to demand a lot from those in industry that will sell to Canada. I have one question: Are these programs truly envisioned with the world’s greater need in mind?
Reprinted with permission of Quality Digest.