Since of 26th of May 2021, the Medical Device Regulation (MDR) came into effect.

The IVDR (In Vitro Diagnostic medical devices Regulation) will repeal the existing IVD Directive (98/79/EC)

on 26th of May 2022.

This Regulation is significant, and leads to a new approach in the European regulatory framework - the very fact that the directive is turned into a regulation makes it significant in such a way that it will no longer be possible to add further requirements in each country beyond the directive since the regulation applies to the entire European Union which is hierarchically above the individual countries. The new regulation began to take form in 2012, was finally approved in May 2017 (it took five years to formulate and approve it!), and three years were given before it would officially come into effect.

May 2020 was the scheduled date, but due to the global COVID-19 crisis, it was postponed by a year and set for May 2021. A grace period of five years was set before the full enforcement of the new regulation; however, we are currently awaiting the publication of the EU report following the postponement, and it seems organizations will have to comply with MDR as soon as the three-year period elapses.

What exactly are the significant changes between the existing directive and the new regulation?

Let's start with the fact that today there are three different directives that regulate medical devices in Europe, which has led to certain countries introducing additional requirements for the placing of Medical Devices in their territories (such as national registrations). The regulation is, by definition, applied equally across the European Union, and no longer allows for individual interpretation in each country.

Apart from that, the regulation introduces the following new rules and requirements:

  1. High-risk products are required to face much stricter quality control and audit.

  2. A new system for approving and supervising Notified Bodies.

  3. Clear procedures for the certification process (frequency of each test, audit plan, clear content).

  4. Inclusion of products without a medical purpose.

  5. New classification rules

  6. Transparency of information to the general public.

  7. Evaluation of up-to-date clinical information (for all types of a medical device - also Class I).

  8. NEW obligations on importers and distributors located in Europe

  9. Designation of the person responsible for the regulation in the country of manufacture (PRRC).

  10. Collaborations between health authorities.

It is important to understand that the new regulation has come about in order to strengthen the weak links and resolve the issues that have been identified since the application of the Directives in the late 1990s’, mainly in three areas: new technologies (such as medical- aesthetics products, software, etc.), traceability of events and products and public transparency.

What should be done to prepare for the NEW requirements?

STEP 1 - Classification
To comply with the new requirements, manufacturers must first establish the classification of their devices, according to the new classification rules, and act accordingly. It is important to note that there are products that are currently at a low-risk level (Class I) but might become a medium-risk level (IIa) or high-risk level (Class III) under the new regulation. For example, software or surgical gloves that are currently classified today as Class I, but under the new regulation, they will be classified as Class IIa or III (!).

STEP 2 - Identification

manufacturers must figure out what the new regulation means in terms of product approval and what is relevant to your specific device. It is advisable to run a gap analysis in order to update the technical portfolio, quality system, evaluation, and clinical plan, and even address cases where there is an overlap between the new regulation MDR and other regulations, such as the GDPR.

STEP 3 – Technical Documentation

Once we have mapped the requirements, understood the classification, coordinated expectations with the notified body or an authorized representative in the EU – we can start modifying the technical documentation (Technical File) and quality management system (although the manufacturer is required to present a quality management system under the new regulation, the recommendation is to apply ISO 13485:2016 version, mostly since it’s the acceptable standard for quality system management, but also because it is "best" evidence to show compliance with the quality management system requirements.

STEP 4 – Notified Body & Authorized Representative

Once all these have been compiled and reviewed, the manufacturer must contact a Notified Body and a European Authorized Representative in order to certify the medical device under the MDR and complete the EUDAMED registration.

STEP 5 –  CE Marking & EUDAMED

One of the main objectives of the MDR was to offer transparency to the general public. To this end, a European database EUDAMED (European Database of Medical Device) has been set up, into which data will be entered on a regular basis. This will include clinical data, clinical investigations, incidents, and reports. In addition, the manufacturer is required to submit to the authorities an annual report detailing the manufacturer's activity and the medical Device PSUR (= Periodic safety update reports), in order to increase transparency.

There is no doubt that the transition between the existing directives and the new regulation may prove revolutionary, although there are undoubtedly still some unanswered questions. The EU is determined to meet the set deadlines and bring the new regulation into effect in May 2021.

What is PRRC?

According to the European Medical Device Regulation (MDR) - “Manufacturers shall have available within their organization at least one person responsible for regulatory compliance who possesses the requisite expertise in the field of medical devices.” (MDR Article 15.1).

As such, PRRC means 'Person Responsible for Regulatory Compliance'. The same is required by the In-Vitro Diagnostic Regulation (IVDR) for such manufacturers.

The PRRC is responsible to ensure that the manufacturer will comply with at least, the following requirements:

  1. The conformity of the devices is appropriately checked, in accordance with the quality management system under which the devices are manufactured, before a device is released;

  2. the technical documentation and the EU declaration of conformity are drawn up and kept up-to-date;

  3. the post-market surveillance obligations are complied with in accordance with Article 10(10);

  4. the reporting obligations referred to in Articles 87 to 91 are fulfilled;

  5.  in the case of investigational devices, the statement referred to in Section 4.1 of Chapter II of Annex XV is issued.

Who can be PRRC?

The one aiming to assume the role of PRRC is a person who possesses a requisite expertise in the field of medical devices. The MDR defines the requisite expertise as having one of the 2 options below:

  1. A diploma, certificate or other evidence of formal qualification awarded on completion of a university degree or of a course of study recognized as equivalent by the Member State concerned, in law, medicine, pharmacy, engineering or another relevant scientific discipline, and at least one year of professional experience in regulatory affairs or in quality management systems relating to medical devices;

  2. Four (4) years of professional experience in regulatory affairs or in quality management systems relating to medical devices.     

Important Note (!)

Authorized representatives shall also have permanently and continuously at their disposal at least one person responsible for regulatory compliance (Art 15). The PRRC at the side of the AR needs to have same qualifications as the PRRC at the side of the manufacturer.

Can a PRRC be outsourced?

Yes it can!

The Medical Device Regulations (MDR & IVDR) require Manufacturers to have available within their organization at least one person responsible for regulatory compliance(Art 15.1). However, Micro & Small Enterprises (up to 50 ppl. & up to 10 Million turnover) are not required to have the PRRC within their organization but they shall have such person permanently and continuously at their disposal.

If PRRC is indeed outsourced (i.e. not within the manufacturer organization) - how is “Continuously and Permanently” defined?

It should be defined by means of a signed agreement stipulating conditions, availability, qualifications, responsibilities, tasks & objectives – covering issues such as:

  • PRRC does not need to be physically present at all times.

  •  PRRC May delegate some tasks/responsibilities but remains responsible for meeting objectives.

  •  There is no minimum time requirement - as long as the tasks are fulfilled.

  •  It is recommended to have one or more deputy to the PRRC – to ensure “continuity and permanence”

PRRC must offer availability in case of unannounced audits (NB or CA).

The information revolution taking place around us at any given moment generates a variety of opportunities, but also many threats to organizations and companies. Today everyone understands that knowledge is power, and this knowledge should remain in the organization and only be exposed to needs that generate business benefits.

 

ISO 27001/IEC 27001 Standard (2013) was determined by the International Organization for Standardization and is reassessed and updated every few years.

The Standard is intended to implement, maintain and continually improve the information security in organizations - regardless of their size or field of occupation. SYNCProjects has gathered considerable expertise and experience in implementing this important standard in dozens of organizations and companies.

!Contact Us
cross
0
    Empty cartBack to shop