By Rajesh Misra, Jerry Salazar and Arvi Ramakrishnan, KPMG
After a decade of effort, European legislators have published the new Medical Device Regulation (MDR), which brings sweeping changes to how medical devices gain and maintain approval across the European Union. With the intent of enhancing product safety and further harmonizing industry regulation, the barrier of entry has risen. If you’re a medical device company operating in the EU, then your ability to sell product is going to expire early in 2020 unless you meet the more stringent requirements of the new regulations. Medical device companies may experience some level of panic as they internalize the EU MDR’s 566 pages of requirements, and take inventory of their current capabilities and organizational deficiencies.
For companies with a very limited product portfolio and very mature regulatory capability the EU MDR changes may be relatively easy to absorb. Many companies, however, may find that there are significant gaps between the current state and what will be required. Companies with diverse portfolios, particularly companies that have grown through acquisition, may have the biggest challenges. For such companies, the EU MDR may expose company-wide technological limitations, under-maintained product documentation, and fragmented inter-department processes.
Supply chain visibility, quality system traceability, clinical evidence depth, post-market surveillance speed, and comprehensive device life cycle management represent the true complexity behind the EU MDR compliance. The C-suite must decide: Do they treat the EU MDR purely as a compliance exercise, or embrace it as a real opportunity for operational excellence beyond just compliance?
For example, a company’s decision on how it will invest in safety and performance data is likely define its market position for years to come, especially as payers start to tie reimbursement to quality. Regulators are only the first claimants of safety and efficacy data. Healthcare providers, insurers, and even consumers are likely to demand more access to that data in years ahead, which will bring rich rewards to quality leaders and drive some inferior products off the market. In a few years, EudaMed will make much of this data publicly available, accelerating consumerization of the medical device industry.
Lesson 1 – Get the key stakeholders engaged and set a clear direction
As the EU MDR goes into effect, a company’s natural reaction may be to hire some help and immediately start patching visible EU MDR holes throughout the organization, as quickly as possible. After all, three years is a very short period of time when it takes 4-6 months for budgets to be approved. Your company’s “To Do” list probably is already quite long, and may include seemingly straightforward items like improving data in clinical investigations, remediating technical files into a standard format, or modifying dozens of standard operating procedures (SOPs) and workflows. But, the end-to-end effort needs to be synchronized due to the high number of inter-dependencies. In other words, medical device companies need to define the EUM MDR compliance strategy first before starting remediation efforts.
A strong multi-disciplinary team is required to implement the organizational changes necessary to become EU MDR compliant. EU MDR process changes have inter-dependencies and feedback loops between various departments that don't always communicate efficiently with each other: R&D, Clinical, Medical Safety, Regulatory, Supply Chain, QA, and IT, among others. Assigning the right people - and implementing the right incentives to work together - will result in the most positive long-term impact on your company’s EU sales revenue. Success will require company-wide change, ideally starting top-down with a project mission statement that encapsulates MDR’s importance to the company.
Lesson 2 – Leverage Your In-House Expertise
Solicit input from experts within your company, ensuring you understand the specific challenges associated with your EU MDR compliance. Those experts, or third-party business analysts, should be tasked with documenting requirements by department — an oft-overlooked first step. Without clear and explicit translation of regulatory text into business requirements, the more visible task of translating business impact into three years of budgets is doomed to fail. Executives will be concerned or confused about the cost of compliance if macro-level problem statements the company is trying to solve are not well articulated. To achieve clarity, invest time into collaboration between department heads, and use cross-functional workshop settings to accelerate compliance cost calculation.
Secure C-Suite commitment to EU MDR as a company-wide priority. Having executive leadership understand that the EU MDR compliance requires some of the company’s best talent is crucial, because these people will modernize future product development and market approval capabilities. If done right, compliance implementation could give a company speed-to-market advantage over competitors that didn't optimize their existing processes before bolting EU MDR steps and approvals onto an already lengthy process.
Select the right individuals to run each of the sub-projects created by MDR, and then establish a cohesive team early. The "storming, norming, forming" phases of building trust and productivity within your team must be explicitly managed, through both leadership and agreement on goals and objectives from nominees in each camp, to pave the way toward a successful EU MDR strategy implementation in 2018 and 2019.
Lesson 3 — Govern the Project Scope
Don’t take on more work than necessary. Big compliance projects have a tendency to incubate long-awaited “wish list” items, like replacing older IT systems that never quite had a strong enough business case to stand on their own. If the MDR project team hinges compliance on new IT capabilities, you really need to make sure the IT projects have solid plans and are resourced for success. In any case, understand the scope of what is required to be compliant with MDR, and put “nice to haves” later on the agenda.
Consider a two-pronged strategy: Get compliant the quick way (using a process), and stay compliant the sustainable way (using technology). Adopt the guiding principle that the EU MDR project will not replace any enterprise applications. If the application is end-of-life and has approved funding for replacement, then treat it as an enabling project that consults and informs your project team — but maintain a separate set of project leaders driving toward that application’s major milestones. Presume that all new systems and processes should have EU MDR sustainability “built-in.” Don’t make them prerequisites for MDR success in the short-term.
Lesson 4 – Use Focused Assessments to Inform and Improve Your Plans
It’s important to perform a series of assessments to "measure the size of the problem" — as it relates to the EU MDR — within your organization. Consider these strategic planning assessments first:
Notified bodies have prepared for the EU MDR, building up their criteria and crafting the questions that will allow Medical Device manufacturers to re-certify their products. The amount of organizational maturity necessary to provide answers to these questions has greatly increased since the Medical Device Directive (MDD), and the journey toward EU MDR compliance is not without risks. Understand there may be incremental cost not only to close the gap, but to implement processes that maintain compliance.
By treating this like any other critical enterprise initiative, companies can set a course to successfully prepare to meet the EU MDR requirements. Securing the right sponsorship, setting a clear mission, engaging the right stakeholders and subject matter experts, drafting a realistic plan and managing scope and project execution companies are the keys to success.
About The Authors
Rajesh Misra is Principal in KPMG’s Advisory services focused on Quality, Compliance and Regulatory services (QCR) for Life Sciences.
Jerry Salazar is Director in KPMG’s Advisory services focused on Quality, Compliance and Regulatory services (QCR) for Life Sciences.
Arvi Ramakrishnan is Manager in KPMG’s Advisory services focused on Quality, Compliance and Regulatory services (QCR) for Life Sciences.