Image source: Pixabay
Given the drop in warning letters over the past few years and the expansion of the Medical Device Single Audit Program, it appears that FDA has been implementing a policy of “voluntary” compliance. However, FDA policy is basically controlled by Congress, so as result of the November 6 national election results, the medtech industry should expect a major shift. The country has voted out the industry-leaning Republicans, and the consumer-protecting Democrats have been given control.
Consequently, the industry could expect new policy from FDA. The present lack of regulatory actions and warnings could be replaced with a more diligent approach to 483s and warning letters. Past history with such a change in oversight from the Republicans to the Democrats has shown that the number of warning letters issued could return to higher numbers..
The medtech industry should be prepared to deal with the new Congress, which takes control in January. It may take a while for a shift in regulatory policies to occur, but a change is in the air.
FDA has issued a total of 24 warning letters to the medical device industry during fiscal year 2018. That is two warning letters per month. From the chart below, you will see that the number of warning letters issued to the industry has been falling from its high point in 2013.
Above: Number of FDA warning letters per year. Source: https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2018/default.htm
With the hundreds of inspections conducted by FDA worldwide, such low numbers suggest that the medical device industry understands what it means to comply with the QSR/cGMPs.
Or does it? Could it just be a policy change? I have seen FDA change its regulatory policies multiple times. Such change is a very daunting task, needing congressional approval and/or Federal Register announcements and industry comments. Usually, Congress (the House of Representatives) sets policy on how FDA should regulate the industry. The party in power takes the lead in the oversight committee and sets the agenda. For example, in 2009 there was a new FDA Commissioner, and the Democrats were in charge of the FDA oversight committee.
Then-FDA Commissioner Dr. Margaret Hamburg stated that FDA would expect full compliance from recipients of a 483 within 15 days. In other words, companies had to show how they had addressed all inspectional observations within 15 days after receiving the 483. Prior to this change in policy, a company could provide a response to FDA on how it was going to ensure compliance in a reasonable time frame. This “new” FDA policy was impractical because there were many situations where it was impossible for a company to achieve compliance in three weeks. During this time, the number of warning letters more than doubled, hitting a new high of almost 200 by 2013—almost 10 times the number issued in 2018.
What had changed by 2018? Had the industry brought themselves into compliance in 2018? Or did the Republican-controlled oversight shift FDA policy toward a policy of voluntary industry compliance? The latter is probably a more reasonable assumption.
The Medical Device Single Audit Program
Another interesting development is that FDA has been accepting MDSAP audits for companies in lieu of FDA inspections. The MDSAP program aims to reduce inspectional time for companies by having one audit performed by a certified body, which would include the quality system requirements of five countries: Canada, Brazil, Japan, Australia, and the United States (still in draft). The EU is now looking to accept the MDSAP audit as well. The MDSAP audit is basically a combination of the ISO 13485 program along with each country’s special requirements. This means that there would be one annual audit covering all the regulations for all the listed countries, instead of having five separate audits (though Canada, Australia, and the EU were previously covered under the ISO 13485 [CMDCAS] audit already). As of now, Canada is the only country making the MDSAP audit mandatory by 2019.
Having been involved with both ISO audits and now MDSAP audits, I can safely say they are nothing like what an FDA QSR/cGMP audit used to be. The ISO audits were mainly documentation audits, not device safety related audits typically covered in an FDA inspection.
Currently, FDA is asking companies whether they have had or will have an MDSAP audit. If so and the information is sent to the agency, FDA will forego the FDA inspection. I ask, does FDA really believe that the MDSAP audit is a good substitute of a true FDA QSR/cGMP audit?
This leads to another set of questions: What is FDA’s mission now? Does FDA really believe the industry does not need to be regulated?
While the regulatory pendulum swings back and forth as the oversight committee changes, the real problem is that the pendulum never falls in the middle. For now, this current FDA policy of voluntary compliance is only temporary. Either one of two things will happen: there will be some major health-related incident that will cause Congress to demand that FDA tighten up its policies, or a change in Congressional makeup will encourage stronger FDA actions. Industry should be prepared when it does happen.