May 7, 2021 EU MDR

PMS & Risk Management in EU MDR

With May 2021 deadline approaching, central focus for all companies should be postmarket surveillance (PMS) and its related processes and subsystems

The thread of risk management connects every piece in the quality management system (QMS) and guides the manufacturer in quality related decision-making throughout the lifecycle of the device.

The PMS data collection and analysis processes can directly interface with the organizational processes as defined per ISO 14971. In EU MDR, it is important to understand responsibility of PMS function as a partner to risk management function. An efficient interface between PMS and risk management will help in conversion of PMS data and information into easily usable knowledge for the risk management function.

Following is defined for PMS in MDR Article 2(60):

‘Post-market surveillance’ means all activities carried out by manufacturers in cooperation with other economic operators to institute and keep up to date a systematic procedure to proactively collect and review experience gained from devices they place on the market, make available on the market or put into service for the purpose of identifying any need to immediately apply any necessary corrective or preventive actions.

Article 83 of the MDR goes onto say that “data gathered by the manufacturer’s postmarket surveillance system shall in particular be used to update the benefit-risk determination and to improve the risk management as referred to in Chapter I of Annex I.”

As we can see, PMS and Risk Management are partners. PMS data is used to continuously monitor and update benefit-risk determination while also used to identify opportunities for improvement, corrections, and corrective and preventive actions dictated by the risk of emerging issues. On a macro level, what EU MDR has done is transformed PMS’s role from one line item in the reactive risk management plan into an active partner to be systemically engaged on a continual basis for data analysis and decision making.

As stated in the EU MDR, risk management is a continuous iterative process that occurs throughout the lifecycle of a product (pre- and postmarket) requiring regular updates. The data gathered through the postmarket surveillance system should be monitored, reviewed, and analyzed to check if the real-world risks and residual risks still meet the risk acceptance criteria as defined in the risk management plan.

The post market data is gathered through various avenues. Monitor, review, and analyze this data to determine if any new hazards, hazardous situations, or harms have resulted from real-world use of the device or if the frequency of occurrence that was documented in the risk management documents still holds weight. If there is a change, evaluate the risk based on the acceptance criteria set in the risk management plan, and analyze the benefit-to-risk ratio.

Benefit-risk analysis is performed when a residual risk is not acceptable per the acceptance criteria defined in the risk management plan. For this, the manufacturer needs to gather data regarding device benefits to determine if the intended use outweigh the residual risks. PMS system will inform the risk portion of benefit-risk. To make PMS information usable for benefit-risk analysis, it must be converted into knowledge — i.e., a level of macro-analysis possible through aggregation of risk-specific information from PMS monitoring.

PMS Focus should be on the following:

1. Risk Levels

Monitor the level of residual risk (post-treatment) at discrete intervals to ensure the actual value of risk has not changed significantly to impact the benefit-risk profile. This step may involve risk reassessment using the same technique originally used to assess the risk (in design phases) so that any risk change is apparent. Risk monitoring using risk reassessments provides the actual (real-world) current exposure levels for comparison to the previously evaluated baseline. While it is ideal to reassess risk for each and every complaint, and some regulatory authorities expect as much (e.g., FDA, BfArM), the process can be resource-consuming.

2. Charting Key Risk Indicator Trends

Assign key risk indicators (KRIs) to the risk and chart their trends. In some cases, it may be possible to trend the occurrence of events themselves, such as complaint events, or it may be possible to trend the mean time between events using control charts. In other cases, you can identify specific risks that can adversely affect the benefit-risk ratio and confine the trending activities to those.

3. Benchmarking Of Failure Modes And Trends

Benchmark comparison means that the level and trends of similar risks must be checked outside the organization. If a competitor is making similar products or provides similar services, it will be of value to check its defect rates to benchmark performance. You can accomplish this by using public databases and information, partnerships, or industry event contacts.

4. Aggregation

The risk must be assessed in aggregate products or across your portfolio or programs based on the specific risk information from individual levels and trends. Similar risks trended individually may not look threatening but may show a different picture when clustered together. There must be some level of aggregation strategy to connect all risk indicators and performances.

5. Emergent Risks

Finally, new, unanticipated risks may emerge through the lifecycle. First, address these reactively (through correction or corrective action) to contain them, and then holistically assess and treat them (through preventive action). Define your strategy with contingency planning to account for monitoring and response for such risks.

EU MDR’s expectation is that when the device is placed on the market, the risks have been reduced AFAP. The risks that remain are residual risks. It is the residual risk profile that we aim to monitor. In some cases, risk may not be reduced AFAP, but the benefits may outweigh the residual risks. In these cases, it becomes even more important for the PMS system to track and trend the risks through KRI to ensure that the safety and performance of the device are sustained and that you can take quick corrective action at the first sign of deviation.

In conclusion, in the EU MDR paradigm, Postmarket risk management has become an important part of overall risk management with the renewed focus on continual benefit-risk monitoring. If you set robust interfacing processes and obtain clarity regarding resourcing and functional responsibilities for post-production risk management activities organization-wide, you’ll ensure an effective and efficient QMS.

Browse by Topic