Search results

Rework requirements

No, MDR does not have any impact on the repair, as long you have control over the process. 

MDR Labelling

Yes, you are right that for reusable medical devices class I the deadline is to put UDI until 26th May 2027. The UDI carrier shall be placed on the label of the device and on all higher levels of packaging and in case of reusable devices on the device itself (direct marking). The UDI carrier for reusable devices that require disinfection, sterilization, or refurbishing between patient uses shall be permanent and readable after each process performed to make the device ready for subsequent use throughout the intended lifetime of the device.

As a part of the UDI you can put the date of the production (in the part UDI-PI) therefore, thus all elements of traceability can be satisfied.

Complying with retention rules when using pseudonymized personal data

If the information to re-identify the person is completely removed from all system and the person is no more identifiable, the data become anonymous, but if the information to re-identify the person is kept in another system (or if the person is identifiable from other information processed) the data will be pseudonymized.

I make you an example of an identifiable person. Let's imagine that you remove contact details (name, surname, mail, telephone, etc.) because you need to make some statistics on the kind of occupation of your clients.

The person will be identifiable even if you assigned an ID reference and you keep only age, job, location if from the combination of parameters you can identify the person. Let's say it is a small town, where there are only 10 plumbers and only 2 of that age. In such a case, the person is considered identifiable, but if data are aggregated so that you cannot go to the single ID, then it will be anonymous.

So, if the information in system B cannot make you identify the person, it will be anonymous.

Auditing and creating checklist for medical device labeling

The best guidance on which elements for medical devices must be on the labels is in section 23.1, 23.2, and 23.3 of the General safety and performance requirements (Annex 1 of the Medical device regulation 2017/745). So, create the checklist according to that and then audit the responsible person for preparing the labels according to all applicable requirements from section 23 of the General safety and performance requirements.

For more information, see:

• EU MDR Annex 1 - General safety and performance requirements https://advisera.com/13485academy/mdr/general-requirements/

• Most difficult issue and challenge during initial implementation

  The most challenging part is that you have to be sure that you have designed your medical device according to all applicable requirements stated in Annex 1 – General safety and performance requirements. Following the requirements on that list will give you information on whether your product is well designed, manufactured and packaged, and whether you have proven the safety and effectiveness of your product with appropriate tests.

  The next thing concerns the technical documentation. Technical documentation covered in Annex 2 is extensive but durable. Preparing the necessary applicable documentation takes time.

  The third thing that is challenging is preparing the documentation for the quality management system. In Article 10 General obligations of the manufacturer, point 9, is stated which elements must be covered by the quality management system. This quality management system is based on ISO 13485:2016, but there are some more requirements in the MDR that also need to be part of the quality management system.

  On the following link, you can see how we prepared the documentation toolkit for ISO 13485 to be in compliance with MDR requirements:

  • ISO 13485:2016 & MDR Documentation toolkit https://advisera.com/13485academy/iso-13485-eu-mdr-documentation-toolkit/

  For more information, please see:

  • EU MDR Article 10 General obligations of the manufacturer https://advisera.com/13485academy/mdr/general-obligations-of-manufacturers/
  • EU MDR Annex 1 – General safety and performance requirements https://advisera.com/13485academy/mdr/general-requirements/
  • EU MDR Annex 2 – Technical documentation https://advisera.com/13485academy/mdr/technical-documentation/
  The following articles can be helpful:
  • What is EU MDR? https://advisera.com/13485academy/what-is-eu-mdr/
  • How can ISO 13485 help with MDR compliance? https://advisera.com/13485academy/blog/2020/03/09/how-can-iso-13485-help-with-mdr-compliance/

  On the following link, you can even find the webinar where you can find out the steps of the implementation of the MDR:

  • Understanding the new European Medical Device Regulation and how ISO 13485 supports it https://advisera.com/13485academy/webinar/understanding-the-new-eu-mdr-and-how-iso-13485-supports-it-free-webinar-on-demand/

  • PMS process

    This document, Post-Market Surveillance Report, is a report that you need to have for class I medical devices and that you will submit it for the audit.

    You can use any form for presenting data that you find useful, both figures and graphical form with appendices.

  • GDPR and DPA Genome/Sensitive data

    Who collected the genetic data? A hospital? A research lab? The data subject should contact the data controller who collected the data and exercise the right of erasure according to the privacy notice.

    The data controller will verify if the request can be fulfilled or not. Member States may introduce specific limitations to data subjects' rights (even to the sensitive data under Article 9 GDPR) in order to protect scientific research programs, for example. So maybe there is a legitimate base to keep the genetic data in the database without the consent of the data subject.

    Controller processing genetic data should have a Data Protection Officer (DPO), so the data subject may contact the DPO in order to have clarification.

    Here you can find more information about consent:

    • Is consent needed? Six legal bases to process data according to GDPR https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
    • Four main questions for obtaining and managing data subjects’ consent under GDPR: https://advisera.com/eugdpracademy/knowledgebase/four-main-questions-for-obtaining-and-managing-data-subjects-consent-under-gdpr/
    • Everything you need to know about the GDPR Privacy Notice: https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/

    If you need to understand how to process consent under GDPR, you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • Quality audit in manufacturing company

    We can have vertical and horizontal audits. A horizontal audit is when you audit one process across many departments in the organization. A vertical audit is when you audit all the processes used by a department. Process audits are another name for horizontal audits. You can find more information in this article - ISO 9001 Horizontal audit vs. vertical audit - https://advisera.com/9001academy/blog/2015/03/03/iso-9001-horizontal-audit-vs-vertical-audit/

    We can have also product audits.

    The following material will provide you information about audits:

    • ISO 9001 – ISO 9001 internal auditor training: Is it for me? - https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
    • Free online training ISO 9001:2015 Internal Auditor Course – https://advisera.com/training/iso-9001-internal-auditor-course/
    • Book -  ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/