Ken Miles, a 28 year veteran of the FDA, is today a widely-respected industry consultant to the medical device industry. He draws on his extensive experience to help firms effectively and efficiently comply with FDA requirements. Ken’s expertise includes evaluating Good Manufacture Practice (GMP) and Good Laboratory Practice (GLP) compliance, Quality System Regulations, and QSIT certification inspections (Management, Design, Process Controls, and CAPA).

In this multi-part series, we talked with Ken about FDA inspections, CAPA, quality systems, audits, training and more.

Q: When you were with the FDA, what did you look for during onsite inspections at medical device facilities?

A: What I primarily looked for was a robust quality management system that covered all of the key areas: CAPA, internal quality audit findings, training, MDRs and complaints, supplier quality, etc.   Supplier audits are also very important, and they should always tie back into CAPA and management review findings.

Q: You mention training as part of the overall quality management system –  what kind of problems did you see in that area?

A: The most common problem with training is that programs are often inadequate. Oftentimes procedures are either nonexistent or very poorly written. You need to have stringent management commitment and oversight, while also removing irresponsible people who can seriously damage the business. Procedures, management review and training are the primary areas that should generally be addressed through a CAPA program to make it work.

Q: Digging deeper, what were the CAPA-related issues you saw most often during inspections?

A: The one thing I saw often was that companies did not prioritize their CAPA items. You need to prioritize them using a risk-based approach. The highest priority ones should be put at the top of the list. Sounds like an obvious thing, but a lot of companies just throw all CAPA related issues into one bucket with no priority or even closure dates. If you don’t have some sort of prioritization system, you might become weighed down with too many assignments with no end in sight. Prioritize by low, medium and high priority, as well as severity of consequences. That would also imply that you have a target date, or closure date once you implement that program. A lot of companies don’t do that.

Q: You stress the importance of prioritizing and setting due dates for CAPA. Can you give us some examples of what you looked for during your inspections?

A: Medium and serious CAPA issues should be closed out within 30 or 90 days at the most. I’ve seen situations where CAPAs are still hanging out there after two or three years! And I’ve even some that have never closed or resolved! In certain situations, I’ve also seen CAPAs that don’t even have a closure date. Unfortunately, that’s typical of spreadsheet based CAPA systems.

In the next part, we will delve deeper into actual situations, and discuss some of the more egregious things that Ken Miles experienced as an FDA inspector.

Click here for more detailed information about CAPA.

In a recent FDA presentation Foster City, CA, Mark Roh, Regional Food and Drug Director outlined the most common cited 483 items for both pharma and med device companies:

The most common Drug GMP FDA-483 (observational) items:

• Responsibilities and procedures of the Quality Control unit are not in writing
• Written procedures are not followed
• Control procedures not established
• Inadequate specificatons
• inadequate written procedures
• Inadequate failure analysis

The most common Medical Device GMP FDA-483 (observational) items:

• Deficiencies in complaint file system
• Inadequate CAPA procedures
• Lack of written MDR procedures
• Corrective and preventive actions not documented
• Inadequate process validation

This doesn’t mean you won’t be cited for anything not listed in the bullet items or nabbed for all of the above. These are the most common observations cited by FDA personnel during an inspection. So now you may want to go back and take a good hard look at your SOPs, quality management system, CAPA process, complaint handling/MDRs as well as your validation documentation. Obviously training your personnel in these procedures and processes is also key.

Of course, everyone’s goal is not to end up here…

Also, you may want to check out our previous blog entry “Don’t Ignore 483s…it’s in Your Best Interest to Respond in Writing“

More than 30 million Americans are missing some of their teeth in one or both jaws, and with a growing aging population, that’s estimated to grow substantially. According to the American Academy of Implant Dentistry, an estimated two in three Americans have one or more missing teeth, due to the increase in periodontal disease as the population ages.

Three million people have dental implants and that number is growing by 500,000 per year with an estimated market for implants to reach $1.3 billion by 2010.  Dental implants are permanent fixtures of titanium posts anchored in the jawbone and topped with a replacement tooth. The technology was initially developed in Europe over 30 years ago and the success rate is remarkably high: 97 percent success rate in lower implants and 91% success rate in the upper implants.

Keystone Dental, based in Burlington, MA, was founded in March 2006, and aspires to build a market leading global brand recognized within the dental community for its integrity, trust and commitment to improving the standard of care for patients and their quality of life.

Since then, they have rapidly grown into a diversely skilled, fast-moving team of professionals committed to providing excellent customer service and producing high-quality products and services.

Keystone’s business plan called for an electronic quality management system to be implemented as soon as possible. Being an extraordinarily high volume medical device manufacturer, Keystone’s new system would have to handle an equally large volume of electronic records per year.

According to Richard Jancsy, Manager of Quality Systems, “A critical success factor for us is to effectively and efficiently manage a significant volume of regulatory documentation; in a rigorous and compliant manner…you need a reliable and highly configurable system to meet that challenge.  That’s why we selected CATSWeb.”

Instead of using a manual, paper-based system that tediously captures data, the new electronic system has streamlined the process; it’s focused on capturing the essential and actionable information quickly.  The implementation activity allowed Keystone to critically re-evaluate their current manual complaint handling system and design a robust solution by leveraging CATSWeb’s flexible capability.

“CATSWeb can mirror the process in a way that we get to choose, and not the other way around,” added Jancsy. Keystone will integrate the CATSWeb quality system with Salesforce.com and their IFS ERP.  The first process rolling out is complaint handling and then CAPA, audits, training and change control during 2009.

The idea of software as a service is not new and in fact AssurX has offered its CATSWeb enterprise quality and compliance system in a hosted environment for over 10 years.  However, there has always been a certain resistance in business for utilizing this software model.  The reasons have varied from security issues to wanting to have control over the platforms to a perception that the data just needs to be in-house.  For several years, though, businesses have been looking to reduce their overall costs, including those involved with IT.  As a result SaaS has much more appeal as it can significantly help to reduce the overall cost of ownership.

One of the chief issues that have confounded IT, though, is system integration.  No system is the be-all-to-end-all.  ERP systems will generally handle most of the basic functions of a business, however there are aspects like complaint management, auditing, CAPA, etc., that are not fully covered by these systems – hence the need for multiple applications and the need to integrate.

The next argument from many is that if our systems are all hosted we cannot integrate them.  That is not necessarily true.  Systems that have Web service capabilities are fully capable of being integrated regardless of their location.  This was recently proven by a very successful hosted NetSuite to CATSWeb integration.  The requirement was to allow customer service to enter their initial customer complaint as a Support Case in NetSuite (which the customer runs as a SaaS) and have a corresponding transaction triggered in CATSWeb (which is also running as SaaS) where the actual complaint processing occurs.  This was all accomplished by using a simple call from NetSuite to the CATSWeb web service.  CATSWeb creates the record and sends a success or error message back to NetSuite, which then either stores the newly created CATSWeb Record ID in the Support Case for reference purposes or sends an email to an individual in the case of an error message.  Additionally, because CATSWeb returns the Record ID created to NetSuite, any further changes to the NetSuite Support Case can be sent to CATSWeb, which will update the record accordingly.

So is system integration of SaaS applications possible?  Absolutely. And depending the capabilities of the systems involved it can be relatively easy to accomplish.  CATSWeb offers a fully functional Web services API, which will allow any external system to integrate with it.  The location of the external system does not matter.  The bottom line is that Software as a Service is a viable business model which can greatly reduce IT costs and the idea that just because your applications are hosted at offsite locations is no reason why they cannot be effectively integrated.

The FDA has had many challenges and setbacks in the past few years. From budget cuts to high-level departures, the agency has also faced fury from lawmakers on Capitol Hill over high-profile device, drug and food recalls.

Off the record, current and former FDAers have told us that they know they’ve been understaffed and underfunded in recent years, and that their enforcement capabilities often weren’t up to the task.

Now with a new president and renewed focus on government regulation in Washington, it’s likely pressure from the White House and Capitol Hill will spur the agency to be more active this year and in the next several years, experts say.

In a new white paper from AssurX, you’ll learn why a FDA’s new Good Importer Practices draft guidance is putting the device industry on notice. The white paper explains that the FDA will:

• Hold those at the top accountable for any import problems for their
  products,
• Expect medical device manufacturers to be vigilant about quality, and;
• Increase its emphasis on device firms’ catching and correcting mistakes and
• complaints.

As this new guidance demonstrates, a revitalized FDA today demands that medical device manufacturers to build quality into their products from the very beginning, and to spot procedural problems very early in the product lifecycle.

At its heart, the FDA guidance wants device manufacturers to:

1) Establish procedures for developing corrective action plans, and for taking corrective and preventive actions if non-compliance with a U.S. requirement or a safety concern should arise.

2) Identify and investigate the root cause of non-compliance with U.S. requirements for products they import, or by foreign firms with which they do business.

3) Take steps to remediate and prevent harm from present and future shipments, and to ensure non-compliance and safety problems do not recur.

4) Work with the non-compliant firm to meet U.S. requirements, or stop conducting business with that firm.

“This is part of a broader effort, pushing responsibility for manufacturing on the manufacturer,” says Mark Mansour, an attorney with Bryan Cave LLP in D.C. While the FDA is saying it will inspect and enforce more, manufacturers are counted on as the “first line of defense,” he adds. “Device firms should take this very seriously,” Mansour said.

Request your copy of the FDA Importer Guidance for Medical Devices paper here.