Avoiding FDA Enforcement Actions: Understanding Quality Systems

By Amy Scanlin

The greatest challenge faced is an understanding of the intent of the written regulations and applying them correctly.

With the plethora of information put out by FDA, trade associations, and industry journals, there should be no excuse for receiving an FDA enforcement letter. But even a cursory glance at FDA’s website, or annual list of enforcement actions for the product areas under their purview, indicates that though there may be no excuse for FDA taking enforcement action, there is clearly a reason.

Whether good manufacturing practices during production, including those of a contract manufacturer, appropriate and correct labeling information on packaging and marketing materials, providing and analyzing sufficient data to support a submission such as a 510(k), De Novo and so on, FDA tries to articulate their expectations across a sea of devices and technologies used for a myriad of indications and purposes. Deciphering this maze can be challenging and even the most sophisticated quality systems can occasionally succumb to unforeseen situations or gaps in their design or implementation of conformance. When a company hits these inflections points, which most will, it is not an indictment of outright failure, but rather an indicator that opportunities exist to improve, enhance and strive to achieve compliance with the FDA’s intent. These firms may need to be challenged by FDA to bring about the change, but by and large, the bulk of the industry is made up of companies and individuals that will work diligently to meet the expectations and want to do the right thing. That is not to say there aren’t some bad actors out there that are willing to sacrifice the requirements to shunt a product out the door and onto the market just to make a dollar, but the FDA will find those bad actors quickly.

So, how can companies gain a complete understanding of regulatory requirements and determine where their procedures are lacking? A good place to start, as one might imagine, is FDA’s website and specifically by digging into 21 CFR 820 – Quality Systems Design Controls. Quality Systems Design Controls must be established by device manufacturers based on factors such as the risk the device presents to the user, the complexity involved in its manufacturing process and the size and complexity of organization making the device. It includes all the basic definitions device manufacturers need to know (820.3), design controls, including during preproduction, that can help prevent recalls (820.30), traceability requirements of the device components and finished products (820.65) and everything in between. An all-encompassing area of that falters many device firms is that of manager responsibilities (820.20) inclusive of executive responsibility. It is the managements responsibility to hire the employees with sufficient background and education and ensure they are appropriately trained to level of competency to perform their job functions (820.25) and they must design quality systems and establish conduct quality audits that assure compliance by individuals who don’t have direct responsibility for those areas which are audited (820.22). Audits must be documented, corrective actions must be performed in areas where there are deficiencies, and those corrective actions must also be documented to include management’s review of them. The list goes on.

A look at FDA enforcement action in FY 2020 indicates that the overarching regulation of managers responsibilities, not surprisingly, was a big challenge. Specifically, there were 165 observations for inadequate corrective and preventive action procedures (21 CFR 820.100(a)) and 139 regarding inadequate systems for capturing, reviewing and evaluating consumer complaints 21 CFR 820.198(a). In fact the word “procedures” factors prominently in FDA’s top enforcement observations: lack of document control procedures (21 CFR 820.40), procedures to inspect and calibrate equipment used in manufacturing (21 CFR 820.72(a)), even purchasing control procedures to ensure that all purchased or otherwise received products and services conform to specified requirements (21 CFR 820.50).

What does this mean for device manufacturers? Ensure your quality systems are robust, well documented, practiced and reviewed regularly. A formal quality audit system is not only a good busines practice it a regulatory requirement. A good business practice could be enlisting the professional assistance of a third-party to perform an independent audit or the use of a Mock-FDA inspection to challenge your site’s staff and systems. These audits could be comprehensive quality systems focused or targeted areas of concern/opportunity, assessments or core documents such as SOPs or supplier qualification programs, deviation investigations, etc. They may include training modules for employees on things like instrument verification and validation.

Why does all of this matter? First and foremost, safe and effective devices protect the consumer, your business and your brand. Without these demonstrated quality systems in place, the safety of the medical device industry is at great risk. Second, FDA must see quality systems in place as part of their review of submissions such as 510(k), investigational new device, premarket application and others prior to a device being marketed to the public. Without such demonstrated quality systems, FDA will refuse to receive the submission which will require a lengthy revision and review process, and considerably slow the product’s time to market. Third, quality systems are significant focus of FDA enforcement. Diligent preparation and practice of quality systems may mean little time will be lost revising procedures and preparing responses at the conclusion of an FDA audit. Avoiding FDA enforcement action, versus correcting, is always the best path forward.

About The Author

MedTech Intelligence