No. 739) clearly stipulates that the state shall implement classification management of medical devices according to the degree of risk, and shall take the product risk analysis information as one of the technical documents that should be submitted for the filing of the first class medical devices and the registration of the second and third class medical devices.
By studying the medical device regulatory laws and regulations of China and the EU, it is found that one of the ****similarities between China and the EU in the pre-market approval of medical devices is the increasing emphasis on the risk management of the products.
In 2014, the former State Food and Drug Administration (SFDA) issued the Announcement on the Announcement on the Requirements for the Information to be Declared in the Registration of Medical Devices and the Format of the Approval Proof Documents (Announcement No. 43 of 2014, hereinafter hereinafter referred to as Announcement No. 43), which clearly put forward the requirements of product risk analysis information in the first registration declaration information, and gave tips on the risks that should be considered for the product in the form of a list in Annex 8.On May 25, 2017, the EU Medical Device Regulation (Medical Device Regulation, hereinafter referred to as MDR) No. 2017/745 came into force, which and provides for a 3-year transition period. The official implementation date of the regulation was delayed by one year, i.e., May 26, 2021, due to the impact of the new Crown Pneumonia outbreak. This regulation puts forward more comprehensive and in-depth requirements for medical device risk management. In this paper, we analyze the differences between the requirements of EU and China medical device regulations and standards on risk management by comparing the requirements of the two, and share the insights on our daily work.
I. Risk management regulations and standards
At present, China's current effective medical device risk management standard is YY/T
0316-2016, equivalent to ISO
14971:2007 correction. Detailed requirements for risk management are given in Chapter 1 of Appendix I of the EU MDR.In 2019, the International Organization for Standardization (ISO) published the third edition of the risk management standard ISO
14971:2019, and in the same year, the EU adopted the standard without any revision as the harmonized standard EN ISO
14971:2019.With the adoption of the second edition of the standard Unlike the second edition of the standard, as the standard is an equivalent transposition of the ISO standard, the differences with the MDR requirements for risk management are not reflected in the standard, and compliance with the standard cannot be recognized as compliance with the MDR requirements until the EU publishes an appendix on the differences between the standard and the MDR.
II. Analysis of risk management differences between China and the EU
(a) On negligible risks
According to YY/T
0316-2016, the risk level should be assessed for each risk identified, such as negligible risks can not be taken as a risk control measure, for this type of risk, after identifying the level of risk through the risk evaluation process, the results will be recorded directly in the risk management document. , the results are directly recorded in the risk management documentation. MDR does not have the concept of negligible risk, and stipulates that risk control measures should be taken for all identified risks, and all risks should be minimized and acceptable. A6 of the list of basic requirements for the safety and effectiveness of medical devices in Annex 8 of Circular 43 stipulates that "All risks and unintended effects should be minimized and acceptable to ensure the safety of the device at the time of use, and to ensure that the risk is minimized. minimized and acceptable to ensure that the benefits outweigh the risks in normal use". The fact that all risks should be minimized indicates that risk control measures are not only applicable to unacceptable risks. From this, it can be seen that the requirements of Notice 43 and MDR on whether control measures are required for negligible risks are basically the same, and both are higher than the requirements of YY/T
0316-2016 standard. Therefore, among the methods adopted for proving compliance with the list of basic requirements for safety and effectiveness of registration filings, it is worth discussing to claim that the requirements of the list of safety and effectiveness can be met based on the YY/T
0316-2016 standard.
(ii) About risk/benefit analysis
YY/T
0316-2016 standard does not require risk/benefit analysis for all risks, such as the residual risk of individual risks or the combined residual risk is acceptable after the implementation of risk control measures. Whereas, multiple clauses of MDR show that all individual risks and combined residual risks shall be subject to risk/benefit analysis regardless of whether the risks are acceptable or not, and the manufacturer shall ensure that the residual risk and combined residual risk associated with each hazard (source) shall be acceptable. According to the author's observation, most of the product risk management reports submitted by domestic and foreign registration applicants conclude that the combined residual risk is acceptable, and there are very few cases where risk/benefit analysis is conducted because it is unacceptable. According to the MDR requirements, the manufacturer's workload in risk/benefit analysis will be much greater than the YY/T
0316-2016 standard requirements.
(iii) Regarding the communication of residual risks
The YY/T
0316-2016 standard states that the manufacturer has the option to change the design of the product, to provide protective measures, to communicate one or more of the risk controls in the safety information, and that, for acceptable residual risks, the manufacturer shall decide which residual risks should be disclosed, and the information needs to be included in the accompanying documentation to disclose those residual risks. So according to the YY/T
0316-2016 standard, the choice is up to the manufacturer to disclose acceptable residual risks. However, MDR in Appendix I clearly requires that the manufacturer should inform the user of all residual risks. For the scope of disclosure of residual risks, YY/T
0316-2016 does not require disclosure of risks that do not require control measures, and selective disclosure of risks that are acceptable after measures are taken, compared with MDR's requirement of disclosure of all residual risks, the scope of disclosure of YY/T
0316-2016 is much smaller than that of MDR.
(iv) Risk Control Measures
In Standard YY/T
0316-2016, after risk control measures are taken, risks are categorized into three types, Acceptable Risks, Unacceptable Risks, and Reasonably Practicable Acceptable Risks (As Low As Reasonably
Practicable,
ALARP ), reasonably practicable is the choice between practicable and infeasible, considering the benefit from acceptance and the cost of any further risk reduction, and choosing the option that reduces the risk to the lowest practicable level for which the residual risk is acceptable. Setting reasonable and feasible risks is based on economic considerations to avoid placing an undue burden on the manufacturer. However, MDR prefers to protect patient safety between manufacturer's profitability and patient safety, and the first in the priority order of risk control measures recommended in Appendix I is to reduce risk by design (As
Far As
Possible, AFAP) as much as possible. And in Appendix I, Chapter 1, Article 2, the definition of minimizing risk is clearly given, that is, minimizing risk without affecting the risk/benefit ratio. The concept of reasonably practicable risk has also been removed from the latest publication of the International Organization for Standardization's risk management standard ISO
14971:2019. That is, in risk management documents compliant with the EU and ISO
14971:2019 standards, there will be no ALARP in the table of determination of the level of risk, and there should be only Acceptable and Unacceptable.
(v) Who the risk management document applies to
Appendix I of the MDR explicitly requires that for each device (each
device), the manufacturer shall establish and maintain a risk management plan that identifies and analyzes known and foreseeable risks. "Each
device" is a new requirement in the MDR. Prior to the implementation of the MDR, it was sufficient to maintain a single risk management document for a family
device, which could be as few as a few, or as many as dozens or hundreds of devices. The MDR requirement for risk management documentation for each device will inevitably increase the manufacturer's work in risk management activities, but will have a positive effect on the strict control of risk for each device. In China, because the current effective standard is still YY/T
0316-2016, there is no requirement to form a separate document for each device.
Third, analysis and recommendations
Based on the above analysis, the differences between China's current medical device risk management requirements and the EU requirements, such as whether to take risk control measures, whether to disclose the residual risk, whether to carry out a risk/benefit analysis, whether to form a document for each device. Overall, China's medical device risk management requirements are lower than those of the EU, and in comparison, applicants need to do more work in order to meet the EU listing requirements. Risk management documentation that meets the EU requirements generally meets our requirements, but not vice versa.
Risk management is an evolving and iterative process, and as regulators gain a deeper understanding of risk management, the requirements for risk management are likely to become more stringent. For example, the GB9706.1-2020 standard has been released in 2020 and will be implemented on May 1, 2023, which is a significant change from GB
A major change from GB9706.1-2007 is the addition of risk management requirements, which are set out in 4.2 of the standard, which states that "the risk management process shall determine the prescriptive nature of chapters 5 to 17 The risk management process shall determine whether the requirements in Chapter 5 to 17 and the requirements in applicable concurrent and specialized standards take into account all relevant hazards (sources) of a particular ME device or ME system." The risk management of GB
9706.1-2020 and the requirements in applicable concurrent and specialized standards shall be carried out, and the implementation of the standard will affect most of the risk management activities and risk management documentation of the active products. risk management documentation. China has already adopted ISO
14971:2007 as the equivalent of the currently valid medical device risk management standard, and if China continues to convert to the ISO
14971:2019 version of the standard, applicants will be required to adjust their risk management strategies and update their risk management documentation in accordance with the requirements of the new version.
On the issue of consistency between standards and regulatory requirements, in the implementation of the EU Medical Device Directive MDD
93/42/EEC, through the addition of the ISO standard to reflect the differences between the standard and the regulation of the form of appendices to determine compliance with the harmonization of the standard can be recognized as compliant with the MDD. the MDR regulatory framework, only in line with the harmonization of the standard is not necessarily in line with the requirements of the regulation, for the Under the MDR regulatory framework, compliance with the harmonized standards alone does not necessarily mean compliance with the regulatory requirements, and official solutions to some of the problems may be provided in the form of a Common
Specification,
CS. In China, in addition to standards, there may be normative documents or guidelines that set requirements for medical devices, and simply conforming to a standard does not necessarily mean conforming to regulations. Therefore, the consistency of standards and regulations, and how to resolve differences between the two should also be explored.
At present, there are many problems in the product risk management documents in the registration declaration, such as not being able to understand the risk management requirements, risk management procedures are incomplete, the identification of risk is not sufficient, there is no comprehensive residual risk evaluation, etc. It is recommended to enhance the importance of risk management, fully recognize the important role played by risk management in the full life cycle of the product, and to truly achieve risk management in order to ensure product safety to play its due role. The product safety to play a due role.