As an industry, we are all very much aware of that the requirement for compliance with European Medical Device Regulation 2017/745 is fast approaching. The looming 26 May 2021 deadline, coupled with the legislation governing medical device marketing across the UK due to Brexit, is fraught with new and amended challenges for the medical device industry.

Regulatory affairs teams across the globe are struggling to develop and implement the essential processes and procedures for administration of the commitments, as intended by the regulation, for their organisation’s multiple economic operators executing multiple functions, in what may be a very convoluted supply chain.

MDR articles 10, 11, 12, 13, 14, 15, 16, 17, 22, 23 and 25 though short in length, each describe an increased burden of responsibility for mandatory collaboration and legal liability amongst and between the members of the medical device supply chain. Each member in the chain has a role in supporting the compliance obligations of the rest of the “team”.

These economic operators and supply chain organisations are the downstream users of your most precious company asset – the confidential data, generated at great expense, to support the compliant marketing of your life enhancing medical device.

Who are the key players in the European medical device supply chain?

For example, how do you certify your distributors and importers will comply as follows:

Chapter III Article 25

Identification within the supply chain

1. Distributors and importers shall co-operate with manufacturers or authorised representatives to achieve an appropriate level of traceability of devices.

2. Economic operators shall be able to identify the following to the competent authority, for the period referred to in Article 10(8) (10 years or 15 years for implantables):

  • (a) any economic operator to whom they have directly supplied a device;
  • (b) any economic operator who has directly supplied them with a device;
  • (c) any health institution or healthcare professional to which they have directly supplied a device.

Optimistically, there are those regulatory professionals sitting in an enviable position with the capability to confidently describe and confirm readiness to comply with the MDR obligations related to supply chain traceability.

Let’s play 20 questions to see how you fare?

  1. Do you know exactly how you will manage transmission and exchange of your most valuable company asset?
  2. Are you in a perfect situation to keep your intellectual property from the badies?
  3. What checks are in place to ensure your data cannot be compromised by an external entity?
  4. Are your economic operators also working for your competitors?
  5. What are the security mechanisms for limiting or prohibiting downloading, for example, onto user desktops or printing data?
  6. Have you implemented an internal and external training programme for all parties (management and end users) to ensure procedures are followed to safeguard data integrity?
  7. Do you have the means to manage granular access control relating to read/write permissions, roles and responsibilities, including for example affiliate organisations?
  8. Will the staff at the economic operator have the ability to access your data from their home office?
  9. How will you manage data exchange for complaints and vigilance related activities?
  10. How will you guarantee each economic operator will have access to the current document version?
  11. What are your long term archival systems and disaster emergency plans for data transmissions?
  12. Can you identify a single point of contact for each entity + holiday cover?
  13. Does your organisation and each economic operator share a similar risk tolerance culture?
  14. Have they agreed to notify you when the competent authority conducts audits?
  15. Will you participate in competent authority audits for your economic operators?
  16. Will your organisation conduct unannounced audits of each establishment ?
  17. Who is responsible in your organisation to run and analyse data audit trails and reports?
  18. How will you assure consistency in data content and transmission across each economic operator?
  19. Are your proposed processes and procedures scalable as you add to your product portfolio and expand into new markets?
  20. Is your software solution a general-purpose tool or a tool specifically designed for data transfer functionality?

Were you able to successfully answer each question for ALL of the players in your European supply chain? Have you mapped your EU supply chain……

Whether your economic operators are internal or external, medical device legal manufacturers will require an investment in resources and a solution technology to meet the ever-increasing compliance needs of the regulatory team to stay ahead of the competition to ensure the smooth sailing for your devices into the hands of the end user.

Your supply chain, and thus revenue stream, is only as strong as the weakest link.

Next time, let’s discuss ways to strengthen those fragile collaboration links.

K Young


Regulation (EU) 2017/745

Photo by Van Tay Media on Unsplash

Photo by Jackson Simmer on Unsplash