Healthcare regulatory changes for medical device manufacturers in 2019

By Christine L. Stanley, Esq.

Christine L. Stanley (christine.stanley@qpwblaw.org) is an Associate in the Lexington, KY office of Quintairos, Prieto, Wood & Boyer, PA.

International Organization for Standardization (ISO) is an independent, non-governmental, international organization with a membership of 163 national bodies (including the United States) that set class specifications for products, services, and systems to ensure quality, safety, and efficiency.[1]

ISO 13485 represents the requirements for comprehensive organizational goals and aspirations, policies, processes, documented information, and resources needed to implement and maintain this standard or a quality management system for the design and manufacture of medical devices, from simple devices (e.g., tongue depressors, thermometers, stethoscopes, blood pressure cuffs, latex gloves) to complex devices (e.g., computer-assisted medical testing, cochlear ear implants, prostheses).[2]

The global medical device market is expected to reach an estimated $409.5 billion by 2023 and the main drivers for the growth of this market are healthcare expenditure, technological development, aging population, and chronic diseases.[3] The ISO standards are considered instrumental in facilitating international trade[4] ; however, ISO 13485 is voluntary and is not law. The major suppliers of medical devices around the world include Medtronic Public Limited Company, Johnson & Johnson, General Electric Company, Siemens AG, and Cardinal Health Inc.[5]

In March 2019, the 2016 revision to ISO 13485 required the incorporation of risk management into every aspect of the quality management system.[6] The U.S. Food and Drug Administration (FDA) also released more than a dozen new medical device guidance documents in 2016 and 2017 that set expectations for how these risk assessments should look with an emphasis on cybersecurity.[7] Fortunately, for U.S. suppliers of medical devices, ISO 13486:2016 comports more closely with FDA quality system regulations.

Although certification is not a requirement of ISO 13485, third-party certification is a common way to show stakeholders and regulatory authorities that you meet the requirements.[8] Organizations certified to ISO 13485:2003 were granted a three-year transition period to migrate to the new edition of the standard.[9] For those companies that hoped to achieve ISO 13485:2016 certification but missed the March 2019 deadline, they can still certify, but their 2003 certificates are invalid and can no longer be modified or revised.

The most significant changes in the revised standard include using a risk-based approach for all Quality Management System (QMS) processes, medical device descriptions, training end users, and servicing records.

This document is only available to members. Please log in or become a member.
Become a Member Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings