Medical device testing is a crucial step in manufacturing a product. This mandatory process ensures that the medical device is safe and effective. Testing of medical devices proves that the product complies with the standards and regulations of a country. Moreover, it also sheds light on any product defects. This article discusses the testing requirements and the applicable standards.
Medical device testing applies to all medical devices, in-vitro diagnostic devices, combinational products, and active implantable devices. Some common testing of medical devices is given below:
Electrical safety tests
Functional safety tests
Electromagnetic compatibility (EMC) tests
Electromagnetic Interference (EMI) tests
Cybersecurity tests (applicable to SaMDs or software that store data)
Storage and Transport
Medical device testing is crucial as the device intended for patient use must be safe. The tests a medical device must undergo depend on the device’s type. To explain further, medical equipment like a ventilator must undergo an electrical safety test. At the same time, a device such as a cannula requires appropriate biocompatibility tests. Hence, the choice for a practical device test is taken with the help of the medical device’s intended use.
The testing procedure should be logical and must begin with a risk analysis. After identifying the failure mechanisms and hazards associated with a device, testing strategies and processes can be devised to quantify the size of these risks. As a result, the purpose of a test method and procedure is to offer evidence that the hazards connected with a device are insignificant or, at the very least, acceptable when weighed against the benefits received from its use.
Types of medical device testing
Medical device testing is broadly categorized into physical, chemical/biological and cybersecurity testing. Physical testing involves the tests such as electrical testing, MRI safety, functional safety tests and EMC tests.
IEC 60601 series is a widely accepted technical standard for the safety and performance of electrical equipment. EMC/EMI tests ensure that the overall device is compatible with other medical devices and works optimally in the device environment when subjected to interference and immunity. Conformance to this standard provides that medical equipment does not create electromagnetic fields that could impair the operation of other devices in the usual environment.
Chemical or biological testing help achieve device compatibility with the surface of the skin. Medical devices that contact skin must comply with the ISO 10993 series- Biological evaluation of medical devices. For this, the manufacturer must consider the choice of material used compatibility between device materials and the biological tissues, cells, and body fluids. Testing methods like stress, shear testing, and ageing tests are performed so that the final product causes the least quality concerns.
Cybersecurity testing is crucial to medical devices so that risks such as unauthorised access to data and breaches are identified, and their occurrence minimised. A common standard followed for medical device software is IEC 62304 and ISO27001. IEC 62304 standard specifies the life cycle requirements for medical device software, whereas in ISO 27001 focuses on data and information security.
It should be noted that each of the above standards is closely related to the ISO standard for risk management of medical devices (ISO 14971). The risks associated with the medical device should be correctly identified, and appropriate tests should be done, proving that the relevant standards are met. Please read our article on global ISO requirements for a better understanding of the ISO standards.
Testing requirements around the world
To fully comply with the regulations of each country, one must also align with the testing standards accepted within each country. ISO and IEC standards are accepted across the globe. Compliance with these ensures that the devices can be marketed without any major difficulties. This article discusses the testing standards followed in major medical device markets.
In Europe, close to 80% of electrical and electronic standards follow the various IEC International Standards. Standards for electromedical equipment include IEC 60601 series standards for the requirements for high-frequency surgical instruments, short-wave therapy equipment and so on. The EU from time to time releases the harmonized standards list which are the most acceptable standards for the EU compliance.
In the US, accepts certain ISO standards however there are a list of recognized consensus standards that the FDA accepts for medical devices in the US. These include ANSI, AAMI, ATSM and so on. ANSI standards are applicable to a variety of industries like the ISO whereas AAMI testing standards are specific to medical instruments and ATSM standards are specific for materials used in medical devices.
Testing standards ensure that the medical device is fit for use not just for the patient but also for the healthcare professionals handling them. Most countries do not have stringent requirements for testing standards, but it is recommended that the devices have some form of tests done.
Why are risk management and testing standards closely linked?
Risk analysis is a crucial step in designing a medical device. Certain identified risks can be managed with a minor change in the initial stages of the manufacture and these can be identified with the help of an appropriate test.
Disclaimer: Regulations/legislations are subjected to changes from time to time and the author claims no responsibility for the accuracy of information.
ISO – International Organization for Standardization, is the international, non-governmental body for drafting and establishing technical and non-technical standards. These standards are developed by different committees within the ISO. Having around 165 member states, with one representative from each, ISO is a global entity catering to the needs of industry requirements.
Are ISO standards important?
The ISO medical device standards are the Bible for many countries, especially ones which do not have predefined regulations or processes. For regulated countries, in addition to their respective regulations and guidance, ISO standards are also preferred. The most popularly referred ISO standard is the ISO 13485:2016 Medical devices — Quality management systems — Requirements for regulatory purposes. In addition to general standards, ISO also publishes product-specific guidance such as for Implants, Orthopedic, Medical Electric Equipment, and many more.
Global ISO Requirements
In Europe, the European Commission has the Medical Device Regulation MDR 2017/745 and In-vitro Diagnostic Device Regulation IVDR 2017/746. These regulations provide a detailed framework for introducing a medical device in the European market. However, in addition to that, certain ISO standards may also be referred to for ensuring a better-quality product. Some of the many popularly used standards include:
ISO 14971:2019 Medical Devices – Application of Risk Management to medical devices
ISO 15223-1:2021 Medical devices – Symbols to be used with information to be supplied by the manufacturer – Part 1: General requirements
IEC 60601-2-83 Medical electrical equipment – Part 2-83: Particular requirements for the basic safety and essential performance of home light therapy equipment
IEC 60601-1 Medical electrical equipment – Part 1: General requirements for basic safety and essential performance
The European Commission also has Harmonized Standards, developed by European Standards Organization CEN, CENELEC, or ETSI, per the international standards. It provides a list of the applicable harmonized standards for enhanced product safety and quality.
In the USA, the US Food and Drug Administration (FDA) has a Code of Federal Regulations (CFR) and Guidance.
CFRs are legally binding. Manufacturers must comply with the requirements of CFR
The guidance provides Agency’s thinking on regulatory issues. They are NOT legally binding
In addition to these, the FDA also accepts certain recognized consensus standards from different organizations such as ISO, CLSI, ANSI, IEC, CEN, etc. These standards may be used to justify a Declaration of Conformity for a product. The widely accepted medical device ISO standards are, but are not limited to:
ISO 10993 – Biological Evaluation for Medical Devices
ISO 14160 – Sterilization of Healthcare Products
ISO 11737 – Sterilization of Medical Devices
In Canada, the Standards Council of Canada (SCC) is the ISO member body. Similar to the US FDA, the Therapeutic Products Directorate (TPD) of Health Canada periodically releases a list of acceptable international or national standards for medical devices. Manufacturers can use these recognized standards in conjunction with the Health Canada’s Medical Devices Regulations (SOR-98/282) and the Guidance Documents, to prove product conformity and safe use in the market.
China‘s National Medical Products Administration (NMPA) is developing indigenous standards that more closely align with those of ISO. Biocompatibility testing is one avenue where the scope and requirements for China are more than that of the US/EU. Hence, NMPA has developed various biocompatibility testing standards which are to be used in addition to the ISO standard.
For the rest of the world’s medical device industry,
India encourages ISO certification for all its industries. The medical sector must be ISO 13485 compliant while the pharmaceutical sector must be ISO 9001 compliant for Quality Management Systems, in addition to other relevant and applicable ISO standards.
Japan’s The Japanese Industrial Standards Committee (JISC) is an ISO member body. The regulatory authority, Pharmaceutical and Medical Device Agency (PMDA) revised its Ordinance No. 169 in 2021 to closely align with the ISO 13485:2016 standard. The transition period is 3 years and must comply by March 25, 2024
For the Korean regulatory authority, aligning the requirements of Korean Good Manufacturing Practice (GMP) to that of ISO 13485:2016 is believed to be a step closer to entering the Medical Device Single Audit Program (MDSAP)
Russia’s Federal Service for Surveillance in Healthcare (Roszdravnadzor) is known to accept ISO 13485:2016 certification. Information on acceptance of other ISO standards cannot be confirmed. It does not accept market approvals in the US, EU, or other countries as a reference for market authorization in Russia
Australia’s Standard Australia is a member of the ISO, IEC, and ICSID. It strongly encourages the use of international standards, except where their use is ineffective or inappropriate and does not develop any national Australian standard for which there is already an international standard in existence. In 2019, TGA published Therapeutic Goods (Conformity Assessment Standard for Quality Management Systems) Order 2019which provides a list of applicable conformity assessment standards.
Brazil’s ANVISA accepts Good Manufacturing Practices (GMP) along with the ISO 13485
Can QMS be established solely based on ISO standards?
For countries that do not have their own QMS regulations, the ISO standard can be used as a reference. For countries with established local regulations, and that accepts ISO, both ISO standard and local/national regulations must be considered.
Are ISO standards freely available?
No. ISO standards are available for purchase from the ISO official website. However, they do have FREE read-only formats available.
Comparing ISO standards to local regulations, which one takes precedence?
The local or national regulation always takes precedence over the ISO standard.
Can the manufacturer use an older version of an ISO standard for compliance?
No. Manufacturers must make sure they comply with the active or most recent version of the ISO standard. This is not restricted just to ISO standards but applies to National regulations too. Manufacturers must keep their QMS up to date with the latest requirements of the industry. The ideal way to be updated is to refer to the latest version of any Standard or Regulation.
Disclaimer: Regulations/legislations are subjected to changes from time to time and the author claims no responsibility for the accuracy of information.
The EU MDR 2017/745 imposes more stringent requirements for Class I devices. Under the new regulations, Manufacturers must righty classify a medical device and provide technical documentation following the device class. The risk class under MDD could change under MDR. In some cases, medical devices could be up classified from Class I to Class II a/b or Class III. Please read our article on the classification of medical devices to understand how to classify your current device per MDR.
Step 1: Integrate MDR into the existing Quality Management System.
This allows the correct documentation to be created following the risk classification of the device.
Step 2: Confirm whether the product is a medical device under the scope of MDR.
Confirm that the product meets the definition of a medical device as stated in Article 2 of EU MDR based on its intended use and primary mode of action. In some cases, the product may be out of the scope of MDR and may be termed as a medical device ‘accessory ’. EU MDR also states how accessories for a medical device is also to be classified on its own apart from the main medical device.
Step 3: Confirm whether the medical device is a Class I medical device.
It must be noted that several MDD Class I devices will be reclassified under the MDR as per the new classification criteria in Annex VIII, such as most software (rule11) and devices made up of chemicals or combinations of substances (rule 21).
Step 4: Pre-market procedures.
Verify that the device meets the General Safety and Performance Requirements (GSPR).
A proper and well-established risk management system should be implemented. Manufacturers must ensure that the associated risks are identified, analysed and appropriate corrective actions are taken. This must be guaranteed throughout the product’s lifecycle and documented. When standard specifications are available, Manufacturers must adhere to them unless they can demonstrate that they have adopted a solution that is at least as safe and effective.
The Manufacturer should periodically update the clinical evaluation report, risk management and post-market reports.
Conduct Clinical evaluations
All devices require clinical evaluation, Class I devices are not exempted from this requirement. A clinical evaluation report must contain essential information such as device descriptions, literature reports and post-market surveillance reports to name a few. MDR also emphasises the need to consider available alternatives and the acceptability of the benefit-risk ratio.
Prepare an up-to-date technical file.
The Manufacturer will draw up the technical documentation that demonstrates the conformity of their devices with the specific requirements of the MDR. Technical documentation is mentioned in Annex II and III of EU MDR.
The Manufacturer is obligated to keep the file updated and make them available to competent authorities, notified bodies and the authorised representative.
The technical file must contain the following elements. The detailed information can be found in Annex II of EU MDR.
Device description and specification, variants, and accessories
Information to be supplied by the Manufacturer
Information on Design and manufacturing
General Safety and Performance Requirements
Verification and validation of product
Demonstration of Conformity
The documents in the technical file should be made available in the language accepted in the Member State in which the device is sold. Please read our article on EU Requirements for translations to understand this requirement specified in EU MDR.
Involvement of Notified Bodies
Most Class I devices do not require the involvement of a Notified Body. However, device Classes ‘Ir’, ‘Is’ and ‘Im’ have this requirement. ‘Ir’ devices are those which are reusable instruments. ‘Is’ are devices to be used in a sterile condition. ‘Im’ are those devices with a measuring function. For these devices, the involvement of Notified Bodies is limited to audit and the NB assesses those specific controls. For example, an “Is” device assessment of NB would involve auditing the Sterilisation process and controls.
Prepare Instructions for Use and Labelling
Medical device manufacturers must ensure that the instructions for use and labels are available in languages accepted within the Member State they decide to market in. The instruction for use must indicate the safety and performance information so that its users are aware of its intended use. The instructions for use (IFUs) should have drawings and internationally accepted symbols. Read our article on Information to be supplied by manufacturers to understand more about this topic.
The Declaration of conformity (DoC) is a document signed by the Manufacturer that states the device fulfils the requirements set forth by MDR. For more information, read our article on Declaration of conformity.
Step 6: Affix CE mark.
CE mark should be placed on the medical device to show compliance. If it cannot be placed on the product itself, it must be placed on the packaging.
Before placing in the EU market, all devices must be registered on EUDAMED. EUDAMED is a secure, web-based European Databank on Medical Devices. Although Class I devices are not much of a threat to human life, they must be made available on EUDAMED. It ensures that the device information is accessible to the public.
Transitional provisions are in place to help manufacturers transition to MDR from the directives. Article 120 of EU MDR gives an idea of the exemptions from MDR and greatly helps manufacturers by providing more time to meet the requirements.
The following conditions must be met to be able to market a device according to Directive 93/42/EEC until 26 May 2024:
The device complies with Directive 93/42/EEC.
The device has not undergone significant changes in device design or intended purpose.
The device has a valid Declaration of Conformity (DoC)
The post-market surveillance, Market Surveillance, Vigilance and Registration of economic operators and devices requirements are met.
Does a Class I Device manufacturer require an ISO certificate for the Quality Management System?
Not necessarily. The Class I manufacturer must have an established QMS, and obtaining a certification is not mandated. Although globally, there is a significant benefit for the Manufacturer to hold an ISO QMS certification. Major markets worldwide accept ISO 13485 certificate as one of the key entry factors into their geography. A few key markets, such as Canada, Japan, Australia, Singapore, and Malaysia, require ISO Certification. The ISO 13485 certificate is recognised worldwide as a significant standard for a quality management system for medical device manufacturers.
Should Class I Device DoC contain the reference to MDR Annex (s)?
Yes, but this has been considered of less importance while drafting the DoC. Declaration of Conformity (DoC) must mention the respective Annex(s) in the MDR that it has complied with for any device class. This is one of the required information to be entered while performing product registrations in many countries.
What is the conformity procedure for Class I devices?
The conformity procedure for all Class I devices is mentioned in the flow chart.
SaMD is software intended for one or more medical purposes that perform these without being part of a hardware medical device. Medical device software is meant to be used, alone or in combination, for a purpose specified in the definition of a “medical device” in the MDR or IVDR, regardless of whether the software is independent or driving or influencing the use of a device. You can read more on the SaMD Regulation here.
To be qualified as medical device software, the product must first fulfil the software definition according to this guidance and the description of a medical device according to Article 2(1) of Regulation (EU) 2017/745 – MDR. To be qualified as an in vitro diagnostic medical device software, the product must additionally fulfil the definition of an in vitro diagnostic medical device according to Article 2(2) of Regulation (EU) 2017/746 – IVDR.
Decision steps for qualification of software as MDSW
Decision step 1: If the product is software according to Section 2 of the guidance (link provided at the bottom), then it may be a medical device software; proceed to decision step 2; else, it is not covered by this guidance but may still be covered by the Medical Devices Regulations.
Decision step 2: If the product is an MDR Annex XVI device or an accessory for a medical device, or is software driving or influencing the use of a medical device, then it must be considered as part of that device in its regulatory process or independently if it is an accessory. If it is not, proceed to decision step 3.
Decision step 3: if the software does perform an action on data or performs an action beyond storage, archival, communication, simple search, lossless compression, then it may be a medical device software; proceed to step 4.
Decision step 4: is the action for the benefit of individual patients?
Examples of software that are not considered as being for the use of individual patients are those which are intended only to aggregate population data, provide generic diagnostic or treatment pathways (not directed to individual patients), scientific literature, medical atlases, models, and templates as well as software intended only for epidemiological studies or registers.
Decision step 5: Is the software medical device software (MDSW) according to the definition of this guidance?
Decision steps for qualification of MDSW as either a medical device or an in vitro diagnostic medical device
Decision Step 1: Does the Medical Device Software (MDSW) provide information within the scope of the in vitro diagnostic medical device definition?
MDSW, which provides information according to Regulation (EU) 2017/746 – IVDR Article 2(2), should qualify as In Vitro Diagnostic Medical Device Software (IVD MDSW)
Concerning a physiological or pathological process or state (by investigation of this process or state)
Concerning congenital physical or mental impairments
Concerning the predisposition to a medical condition or a disease
To determine the safety and compatibility with potential recipients
To predict treatment response or reactions
To define or monitor therapeutic measures.
An MDSW that falls under the definition set out in EU Article 2 (1) of Regulation (EU) 2017/745 – MDR should qualify as Medical Device Software (MD MDSW). In specific, the following considerations should apply to the provision of information by software:
Diagnosis, prevention, monitoring, prediction, prognosis, treatment or alleviation of disease
Diagnosis, monitoring, treatment, alleviation of, or compensation for, an injury or disability
The investigation, replacement, or modification of the anatomy or a physiological or pathological process or state
Control or support of conception
Products specifically intended for the cleaning, disinfection or sterilisation of devices as referred to in Article 1(4) and Annex XVI products.
Decision Step 2: Does the MDSW create information based on data obtained by in vitro diagnostic medical devices only?
Suppose the information provided is based on data obtained solely from in vitro diagnostic medical devices. In that case, the software is an in vitro diagnostic medical device and is, therefore, an IVD MDSW. If the data analysed is obtained from both in vitro diagnostic and medical devices, proceed to step 3.
Decision Step 3: Is the intended purpose substantially driven by in vitro diagnostic medical devices?
The applicable legislation is Regulation (EU) 2017/746. If the intended purpose is substantially driven by data sources coming from medical devices, then the relevant legislation is Regulation (EU) 2017/745.
In the condition where the intended purpose of the MDSW output data fulfils both the medical device and in vitro diagnostic medical device definitions set out in the MDR and IVDR, a weighting of the data sources based on the significance of the information concerning fulfilling the intended purpose should be conducted to aid the manufacturer in determining which regulation to apply.
Consideration of changes to an MDSW
Manufacturers shall evaluate the potential impact of any changes to the function, intended use, basic design, and manufacturing characteristics on the software’s qualification as MDSW and its classification.
It is to be noted that a change to or the addition of functionality to software may lead it to be qualified as MDSW or a revision of the classification of the MDSW. Similarly, a module that is added to software might be equipped as a MDSW on its own. When determining the risk class of a combination of a modified MDSW and a medical device, the intended purpose and functionality of that (new) combination must be considered.
How MDD considered SaMD classification approach and what difference has MDR brought in it ?
Most standalone medical software falls into the lowest risk category — Class I — under the EU MDD. The only software used for specialised diagnostic activities obtained a higher classification.
This categorisation has been altered in the EU MDR. The risk classification of software is covered under Rule 11. The legislation specifies that software used for diagnostic or therapeutic purposes must be classified as Class IIa (or higher). Rule 11 was added to the MDR to address the risks associated with information provided by an active device, such as the MDSW. The significance of the information provided by the active device to the healthcare decision (patient management) in connection with the healthcare situation is described and categorised in Rule 11.
Rule 11 states:
Software intended to provide information that is used to make decisions with diagnosis or therapeutic purposes is classified as class IIa, except if such decisions have an impact that may cause:
Death or an irreversible deterioration of a person’s state of health, in which case it is in class III
Severe deterioration of a person’s state of health or surgical intervention, in which case it is classified as class IIb.
Software intended to monitor physiological processes is classified as class IIa, except if it is designed for monitoring vital physiological parameters, where the nature of variations of those parameters is such that it could result in immediate danger to the patient, in which case it is classified as class IIb.
All other software is classified as class I.
What is the transition plan from MDD to MDR for SaMD devices ?
While many devices approved under the MDD can continue to be sold until 2024, Class I items and those that have been “up-classified” due to the MDR do not have that opportunity; they must be compliant by May 2020.
The MDR regulation’s wording has been clarified – it’s all about the expiration dates of CE mark certificates. MDD-certified products can be used until the expiration date on their CE-marking certificate (a soft transition, potentially up to 2024). However, there are specific additional requirements, such as post-market surveillance. On the other hand, Class I products are self-certified and so lack a certificate with an expiration date. At the end of the transition period, they must be compliant on May 26, 2020.
How is MDSW classified under IVDR ?
In determining the proper classification of MDSW under the IVDR, the manufacturer shall consider all categories and implement the rules of Annex VIII of the IVD Regulation (EU) 2017/746.
Examples for the classification of MDSW under the IVDR:
Software intended to be installed on a fully automated enzyme-linked immunosorbent assay (ELISA) analyser, and intended to determine the Human HbA1c concentration in serum from the results obtained with a Human HbA1c ELISA, designed to screen for and diagnose diabetes and monitor diabetic patients, should be in class C per Rule 3(k).
Software within a PAP stain automated cervical cytology screening system intended to classify the PAP cervical smear as usual or suspicious should be in class C per Rule 3(h).
Software for the interpretation of automated readings of line immunoassay to confirm and determine antibodies to HIV-1, HIV-1 group O and HIV-2 in human serum and plasma should be in class D per Rule 1.
Software that uses maternal parameters such as age, the concentration of serum markers and information obtained through foetal ultrasound examination for evaluating the risk of trisomy 21 should be in class C per Rule 3(l).
Classification examples in Annex IV are provided for guidance purposes and illustrate how a particular rule may be applied to a device. The indicated classification in the example is not a confirmation of the final classification of the device, as other laws must also be considered.
What are the risks SaMD medical devices possess ?
While SaMD has the potential to improve the healthcare system significantly, the International Medical Device Regulators Forum (IMDRF), a collection of medical device regulators working toward international regulatory harmonisation, has recognised that SaMD poses new problems to medical device regulation.
Regulators face the difficult task of regulating software that undergoes frequent changes, potentially affecting the software’s safety and efficacy. Because the conventional physical constraints of containment are no longer present, the ability to download the software through the internet creates a risk.
To identify and track SaMD throughout its life, regulators and the industry must agree on globally applicable device identification and coding standard. They’re not like a standard medical device, which can be labelled with a Unique Device Identifier on the outside.
Another issue with SaMD is the software’s security. The medical device’s use may be jeopardised due to cybersecurity vulnerabilities. It could allow the attacker to take control of the device remotely, modify its operation and compromise its safety or effectiveness, or expose confidential data.
From a regulatory standpoint, the following are some of SaMD’s challenges:
Medical Device Regulations establish guidelines for categorising medical devices from low to high risk. Some SaMD do not fall neatly into the classification scheme designed for traditional medical devices.
Artificial Intelligence is already improving several SaMD systems in image-based healthcare by continuously learning from the data provided to the software.
MSDW Risk Classification based on Rule 11 of the MDR
Any action performed to reduce the risk of death or serious deterioration in health connected with the use of a medical device is referred to as Field Safety Corrective Action. The manufacturer is required to take action to remove or limit the risk of the recognised dangers.
If a medical device malfunctions in Switzerland, the manufacturer is required to undertake an FSCA and Swissmedic keeps track of all FSCAs regarding medical equipment sold in Switzerland.
Reporting a Field Safety Corrective Action
Field safety corrective actions involving items placed on the Swiss market must be reported to Swissmedic by manufacturers
The Swiss authorised representative is responsible for reporting for manufacturers who are not headquartered in Switzerland
When a field safety corrective action is recorded, Swissmedic determines whether the risk can be effectively mitigated by the manufacturer’s steps and supervises their execution
The content is the responsibility of the manufacturer or an authorised representative (accuracy, completeness, and data protection)
Importers must immediately notify the manufacturer and its Swiss authorised agent of any complaints or reports of suspected incidents involving a device they have placed on the market
Distributors who receive complaints or reports about a device they sold must immediately notify the manufacturer, as well as the manufacturer’s Swiss authorised agent and the importer, if relevant
Healthcare professionals also must report serious occurrences to the supplier and Swissmedic
Such reports should be sent as soon as possible to the supplier organization with the help of the form available on the Swissmedic website.
A combined Initial-Final Report (combined initial-final MIR)
Evaluation by Swissmedic
FSCAs must be reported with the help of the form released by Swissmedic. The Swissmedic website has this form available for download. This form must be used to send all FSCA reports to Swissmedic in an electronic, machine-readable manner. Reports can be submitted in English or one of the official Swiss languages. All required fields must be filled out. The completed report form, the field safety notice (FSN), the customer list, and any other supporting paperwork should be emailed to [email protected]. If Swissmedic has any additional questions about an FSCA, it will contact you by email.
Timeline for reporting
If the serious incident clearly poses or has the potential to pose, a serious and imminent threat to the lives or health of a large number of people (serious public health threat), the report must be submitted as soon as possible, and no later than 2 calendar days after becoming aware of the incident
If the significant incident resulted in death or an unexpected serious worsening in a person’s health, the report must be submitted immediately, and at the latest within 10 calendar days
All other major incidents must be reported as soon as possible and no later than 15 calendar days after the date of discovery
An Initial Report must be made to Swissmedic if the manufacturer or Swiss authorised representative has not received sufficient information within the statutory time limit to determine whether or not a reportable occurrence has occurred
Types of Reports
1. Reporting of Trends
If a manufacturer sees a statistically significant increase in the frequency or severity of non-serious occurrences or expected negative side effects, they must notify Swissmedic by sending the Trends report form to mailto:[email protected]. The Swiss authorised representative is in charge of this role for producers who are not headquartered in Switzerland. The manufacturer or the Swiss approved representative might submit the report in this scenario.
2. Periodic Summary Report (PSR)
Serious incidents where the root cause is known (and/or) the serious incident is already the subject of an FSCA (and/or) the serious incidents occur frequently and are well documented then these incidents can be grouped and reported together to Swissmedic in the form of Periodic summary Report. This process can be initiated by sending Swissmedic an email of this Periodic summary report form in English or any of the Swiss national languages.
3. Periodic Safety Update Report (PSUR)
Manufacturers of class IIa, IIb, and III medical devices must develop and submit a Periodic Safety Update Report (PSUR) for each product and, if relevant, for each product category or group, to the responsible notified body. The PSUR and the Notified Body’s evaluation outcome must be submitted to Swissmedic upon request by the manufacturer or its Swiss authorised agent.
What is Field Safety Notice?
Every manufacturer is required to inform its users and, if applicable, patients about field safety remedial actions that have been implemented. Typically, this involves sending a Field Safety Notice (FSN). The European Commission website has FSN templates as well as a confirmation form. The templates are designed to help manufacturers create high-quality customer letters that include all relevant information. In the event of publishing, the FSN must not contain any information that would be in violation of data protection laws. Before publication, particularly sensitive personal data should be removed or, if absolutely necessary, anonymized.
Do Hospitals have to maintain a medical device vigilance system?
Yes, Hospitals are legally required to establish a reporting system. They must designate someone to be responsible for serious occurrences involving medical devices and they must publicly notify Swissmedic of this vigilant contact person for medical devices. If there are any new vigilance contact persons for medical devices, or if the contact details of existing registered contact persons change, Swissmedic must be notified. Swissmedic inspects the reporting systems in hospitals.
Summary of Safety and Clinical Performance (SSCP) acts as a vital document that allows the public to access information quickly. The information in the SSCP can be sourced entirely from the technical file. The technical file consists of the Post Market Surveillance (PMS), risk assessment, post-market clinical follow-up (PMCF) plans and reports. The SSCP document is required for high-risk devices only-this includes Class III and all implantable devices. Manufacturers of custom-made or investigational devices need not produce this document. Implant card together with SSCP enables an efficient system to access device information.
SSCP for medical devices under MDR
Under MDD, the information on medical devices was not easily attainable. Therefore, the end-users of most medical devices were deprived of information regarding even high-risk medical devices. As a result, medical devices under the directives lacked clarity. The main reason why SSCP is introduced is that MDR, unlike the directives, brings accessibility of information into account. The SSCP should be made available on the EUDAMED website for easy access. It should be assigned an identifier that remains the same throughout the document’s lifetime. This identifier is not subjected to changes even when the content of this document is revised.
Language and readability requirements
SSCP follows the MDR language requirements like the other technical documents, such as Instructions for Use. All intended users within the EU understand no single language. Therefore, language translations should be made available to intended users and patients. The SSCP should be translated into the languages accepted in the Member States where the device is intended to be sold.
Healthcare professionals widely understand English. Having an English translation available is essential, even if it is not available in selecting the official languages of each Member State. This enables the access to information that EU MDR strives to achieve.
While preparing SSCP, readability is an essential factor. The manufacturers must bear in mind to produce two sections. One part for intended users/healthcare professionals, and a second part for patients if applicable. It is recommended to use an appropriate method to confirm that the document is understandable to the member of both categories. Further guidance on the readability, translations and other factors involved in SSCP can be found in the MDCG guidance on Summary of safety and clinical performance.
Sections of Summary of Safety and Clinical Performance
Article 32 of the EU MDR states some sections that are a must. The manufacturer may add further information from the Technical Dossier/File if relevant to the users.
The following sections are mandatory in an SSCP for healthcare professionals:
Details of the device and manufacturer (including UDI details).
Intended use of the device.
Description of the device and its components. Previous variants of the device.
Indications, contraindications, and target demographic.
Details of residual risks, undesirable effects, warnings, and precautions
Risks, undesirable effects, and warnings should be mentioned in SSCP. Other relevant aspects of safety, serious events, and a summary of any field safety corrective action must be included if applicable.
A summary of the Clinical Evaluation of the device.
This section is intended to summarise the clinical evaluation results and the clinical data, the evaluation of undesirable side-effects, and the benefit-risk ratio’s acceptability.
It is an objective and balanced summary of the clinical evaluation results of all the available clinical data related to the device. It should comprise favourable, unfavourable, and inconclusive data.
Conclusions based on evidence and the safety and performance of the device.
Suggested profile and training for users
Applied harmonised standards
All commonly applied specifications and international standards harmonised and adopted monographs should be listed in SSCP.
Revision history should contain details such as revision validated by Notified Body (NB) and the language of SSCP validated.
A patient-specific SSCP template follows the same high-level structure as the clinician SSCP but does not include the reference to harmonized standards and common specifications. This decision focused on the information most relevant to patient health.
Validation of SSCP
When the Notified Bodies (NB) have assessed that all the required elements are included in the draft SSCP with the most current version of relevant documents in the TD, the SSCP has been validated by the NB. SSCP validation may depend on the class of device and the conformity assessment routes chosen. More guidance on validation by NB can be found in the MDCG guidance on SSCP.
Uploading SSCP to EUDAMED
SSCP should be made available online for the users who intend to read the document. It is uploaded in EUDAMED by the Notified Bodies, the only actor managing the SSCPs in EUDAMED. After each validation process, NB shall upload the updated SSCP by replacing the older version. However, once the ‘master’ SSCP is uploaded, it is up to the manufacturer to upload the translations to EUDAMED.
What resources can be used for the SSCP?
The technical files like the design validation report, risk management report, clinical evaluation report (CER), as well as Post-Market Surveillance (PMS) and Post-Market Clinical Follow-up (PMCF) reports. The Instructions for Use of the device can also be used as information for preparing the SSCP. Please note that SSCP cannot replace the IFU.
How frequently should SSCP be reviewed or updated?
The SSCP should be ideally updated annually. Documents like the PMCF evaluation and periodic safety update reports (PSUR) are updated annually. It is recommended to update SSCP along with the other technical documents.
How can I access the SSCP?
SSCP will be made available with the launch of the EUDAMED database. SSCP is accessible to both healthcare professionals and patients. SSCP has clear information for healthcare professionals with prior knowledge of medical terminologies. In addition to this, SSCP should also contain a section that patients of different levels of expertise easily understand.
When should a manufacturer of Class III medical devices prepare SSCP?
SSCP should be made available at the time of registration.
Is there a similar requirement under IVDR?
Article 29 of In Vitro Diagnostics Regulation 2017/746 (EU IVDR) describes a requirement like the SSCP: the Summary of Safety and Performance (SSP). The SSP requirements are almost identical to those of the SSP, replacing ‘clinical’ for ‘performance’ evaluation. Also, it includes a requirement for metrological traceability of assigned values intended for analytes used in IVDs. For more information on IVDR, read our article on IVDR 2017/746.