Insights

How to Avoid the Biggest Mistakes in Medical Device Development

How do some medical device firms manage to trip over their own feet? Trying to get away with “good enough” and consequently earning a reputation for sloppy work are not uncommon. But the biggest single mistake is putting risk management, verification and validation at the end of the product development project instead of building it in from the start.

 

The U.S. Food and Drug Administration regulates the medical device industry strictly to prevent design and implementation flaws that sometimes plague other electronics and software. Under its quality system regulations to assure safe and effective devices, the FDA requires “design controls” and “validation” as part of the product-development process. These are really nothing more than good engineering practices camouflaged as regulations. In addition to preventing defects from being embedded in products, these practices allow medical device manufacturers to enjoy the benefits of a well-defined engineering process – shorter time to market, more maintainable and more reliable products.

 

FDA statistics show that 90 percent of all software related product recalls are related to design flaws. (The remaining 10 percent had to do with managing the configuration such as shipping the incorrect version.) While electronics can fail due to the reliability, stress and wear of individual components, field failures today are more often caused by faulty design and development, especially with software. That’s why regulators are so concerned with the design process and product validation process.

 

The FDA requires manufacturers to validate that a medical device’s specifications conform to user needs and intended uses, and that those specifications can be consistently fulfilled. The FDA defines “validation” as the entire collection of activities that provide objective evidence that a device works the way it’s supposed to. Besides testing, these activities include risk analysis, risk management, configuration management, control and the design and development life cycle, design reviews/inspections, plus verification activities at each phase of the development life cycle.

 

The biggest mistake medical device designers can make is to ignore the importance of a well-defined engineering process and the regulatory control of that development process. It’s also the easiest mistake to avoid.

 

Many medical device companies are staffed with engineers from non-medical device industries who aren’t aware of, aren’t convinced of, or simply don’t believe that the engineering process for medical devices needs to be well defined, executed, managed and documented. When design controls are ignored, the lack of process and control lowers the quality of a design. Taking risks with the quality of the device translates to risks for the end users.

 

Design engineers sometimes resist a well-defined development life cycle with scheduled reviews. They refuse to design products through requirements and specifications and insist on composing at the keyboard as they start writing software or designing circuits on the first day of the project. This disorganized process is destined to meander through many iterations as the design narrows on the final solution. And it makes verification and validation by independent testers nearly impossible.

 

Other engineering groups often follow the initial “random walk” approach. Near the end of the project, quality and regulatory engineers descend to prepare documentation for submitting the device to the FDA. If a process was not predefined or was not followed, they “retro-document” the project to make it look as if it was managed under well-defined design controls. The engineers resent this phase and consider all the documentation a waste of time. They’re right! If designs don’t spring from requirements, or if software and circuits aren’t based on designs, then the value of having those documents (except for regulatory purposes) has passed.

 

There’s often a flurry of activity at the end of a project. An afternoon-long failure modes and effects analysis (FMEA) meeting is held to satisfy risk management requirements. The “final release” is handed off for some quick testing so the product can get to market. Packing all these activities at the end of the project simply ignores the intent of the regulation: to improve the quality of the product. Reviews, risk management and verification testing should take place during all phases of the development life cycle. At the end of the project it’s too late to design any controls to reduce risk.

 

A failure in the quality system can harm patients and others. Recalls can damage credibility of the company and cost millions. Regulatory action against a company can include fines, additional controls on the company, loss of time and extra costs while processes are implemented after the fact. Regulators can seek personal fines and jail time for individuals found to intentionally disregard the regulations, alter records or data, or cover up infractions.

 

A failure in the quality system can harm patients and others. Recalls can damage credibility of the company and cost millions. Regulatory action against a company can include fines, additional controls on the company, loss of time and extra costs while processes are implemented after the fact. Regulators can seek personal fines and jail time for individuals found to intentionally disregard the regulations, alter records or data, or cover up infractions.

 

Following a controlled process makes both engineering and business sense – and is simply the right thing to do.