Regulatory Compliance & Quality Assurance: Is Outsourcing the Answer?
As firms compete in an increasingly global market, consultants and service providers offer a cost-effective solution for regulatory checks and balances.
Business is booming for third-party regulatory compliance and quality assurance consultants and vendors who work in the medical device industry. As markets grow more competitive, reducing time to market becomes more critical. Investors are eager to see streamlined, mistake-free production with a minimum amount of rework, which means quality is a high-level concern. Globalization has increased the outsourcing of manufacturing of products and components overseas, where different sets of regulations could impact outcomes. Serious problems with product and material contamination (and fraud) in China, for example, have made medical device companies keenly aware of the importance of compliance, especially in their supply chain and offshore operations.
“Look at the number of device recalls over the past several years and you will see that many have resulted from faulty components supplied by outsourced companies,” said Ronald Johnson, director of the Regulatory and Quality Practice for Quintiles Consulting, a division of Research Triangle Park, NC-based Quintiles Transnational Corp. “FDA inspections have focused on supplier management; a majority of its warning letters cite companies for failing to adequately control products purchased from their suppliers.”
New US regulations and directives are being issued by the FDA as it continues to implement requirements such as those mandated by the recent FDA Amendments Act of 2007. Other significant regulatory compliance changes over the last two years include the revisions to Europe’s Medical Device Directive, which introduced the concept of software as a medical device, and the third edition of the International Electrotechnical Commission’s (IEC) 60601-1, with its references to ISO 14971, which introduce risk management as a component of product conformity.
Tim Anschutz, vice president of sales and marketing for Lakewood, CO-based Reglera LLC, a company specializing in quality and regulatory consulting and process outsourcing, believes most of the additional regulatory complexity for medical devices results from an increasing number of combination products coming onto the market (device/drug, device/biologic, device /tissue).
“These types of products present the manufacturers and the FDA with a complex set of regulatory questions regarding such issues as FDA center jurisdiction, pre-market submission type, multi-center review and clinical trial design,” he said. “Using specialized third parties with specific domain regulatory expertise can help companies successfully navigate this complexity.”
Then, of course, there is the fear factor. Government enforcement is on the rise and has triggered the proliferation of industry codes and guidelines and a heightened awareness within the device community of the importance of effective compliance and safeguards.
“While a government investigation by itself is disruptive, there’s also the costly and highly public settlement, replete with invasive compliance requirements, multi-year reviews and audits by third parties—also costly—and state settlements, followed by piggy-back litigation from company shareholders and other aggrieved plaintiffs who’ll claim that they paid more than they should have for the device,” said Bell. “The industry has learned that the benefits of prevention and effective compliance far outweigh the costs.”
Relying on Experts
A growing number of small to medium-sized medical device companies are realizing that using highly experienced third-party consultants or specialists to take care of regulatory compliance needs saves time and money.
“Our consultants work with regulations and guidance all day, every day, and are aware of the latest updates, issues and trends,” said Brent K. Noblitt, senior partner with Noblitt & Rueland, a medical device consulting firm based in Irvine, CA that specializes in FDA and international regulatory issues.
“Anyone who works in the medical device industry knows how difficult regulatory compliance is. I can’t imagine any small or midsize company wanting to tackle this kind of work on its own,” said Steve Durnil, president of Linear Medical Corporation, a medical contract manufacturer based in Westminster, CO. “When regulatory changes come through, they are often broad in scope and require a lot of attention and resources to fully understand and use appropriately. Third-party consultants have been dealing with the regulations for a long time, have important connections and ties, and often have employees who worked previously with the FDA and other regulatory agencies.”
Third-party regulatory experts also handle related work such as quality assurance, process/equipment validation, internal auditing management, complaint investigation and reporting, document control, design control and internal/supplier audits. Related fields include regulated financial relationships, such as anti-bribery (including Foreign Corrupt Practice Act violations), anti-kickback, licensure and unfair trade laws.
While non-regulated industries have used business process outsourcing (BPO) to improve productivity and lower costs, BPO is less common in the medical industry because of fears related to control and regulatory risk. This is, however, beginning to change as consulting companies and service providers add value through business process outsourcing. “Not only does BPO save companies money, it can reduce regulatory risk,” Anschutz said. “Today, what were once internal administrative tasks such as complaint handling, document control, training records management, supplier quality assurance and internal audits can be outsourced to quality assurance/regulatory affairs (QA/RA) services firms that
specialize in these areas.”
Usually it’s impractical for small or mid-sized firms to hire their own regulatory compliance staff. Not only are these high-salary positions, but finding top talent is tough. “Because the current talent pool in QA/RA for medical devices is quite small, and the competition for the available talent is intense, companies are faced with settling for people without the ideal skill sets,” Anschutz added.
Also, because QA/RA tasks often are cyclic in nature (submissions, audits, compliance remediation), “smaller firms rely on third parties because they just don’t have enough work to keep regulatory compliance staff busy on a full-time basis,” said Nancy Singer, president of Compliance Alliance, a regulatory compliance firm in Arlington, VA. “By hiring skilled consultants on a part-time basis, they can access qualified talent at a reasonable cost, keep their overhead down, and focus on what they do best.”
Another reason to hire third parties is that they work with a variety of companies within the medical device industry and know the latest developments. “Companies like to know how other companies are addressing these same issues, what industry standard and best practices are and what are the government’s expectations,” said Bell. “Knowledgeable third parties can provide this information, while adding scale, bandwidth and bench strength to the internal team.”
“Globalization has made it very difficult for in-house regulatory departments to keep up with various regulatory requirements and changes,” indicated Anil Patel, general manager for Underwriters Laboratories’ Medical Business Unit in San Jose, CA. “Countries around the world such as China, Brazil, Taiwan and Australia are all instituting or mandating new requirements. Therefore, companies are increasingly outsourcing to the third-party vendors that are involved in the development of national and international standards, or participate in global regulatory schemes, to provide medical industry expertise and compliance across multiple markets. Essentially, the third party acts as a harmonizer in the absence of harmonized requirements, via integrated regulatory assessments to national requirements.”
Cost of Doing Business
Using a third party has the potential to provide overall greater value than doing all regulatory work internally.
“On purely a per-hour billing rate basis, the cost of a consultant may appear high, which scares some clients,” admitted Noblitt. “However, third-party consultants can help with efficiency and allow the company’s in-house resources to focus on the daily issues with which they are most familiar.”
Consultants usually complete tasks quickly without the need to redo work, which saves a tremendous amount of time and money. Consultants argue that they also are faster because they have performed the tasks numerous times, know the procedures and have contacts in place, and don’t have the distractions of everyday projects and crises that face in-house departments.
“The use of third parties and consultants fails when the objectives and tasks are not well defined,” added Noblitt. “It’s also critical that the third party is truly an expert for the area in which the client needs help. This is where some clients go wrong and shop for a third party according to billing rate—cheaper does not mean less expensive. Doing a job wrong or incorrectly at a lower rate inevitably results in higher overall costs and delays.”
Quintiles’ Johnson agreed.
“Maintaining a QA/RA capability within a company is costly and won't provide a ROI unless the capability is consistently and effectively used,” he said. “Outsourcing provides opportunities to tap expertise only when it is needed. Moreover, outsourced companies may be in a better economic situation to provide the same level of internal service but at reduced costs—for example, the outsourced supplier has state-of-the-art equipment with faster throughput.”
Anschutz noted that consultants are trending away from time-and-material consulting work toward more toward fixed-price, defined deliverables-based projects.
“Companies can achieve a lower overall total cost in some cases by carefully choosing the types of projects and process that they outsource,” he said. “Top candidates for outsourcing of QA/RA activities are those that require a high degree of specialization and which occur on a periodic or project-based frequency.”
Durnil, who established Linear Medical Corporation in August 2006, understands firsthand how daunting performing such tasks in house can be and the bottom-line value of turning certain functions over to a consultant.
“We needed to get set up and get ISO 13485-certified right away,” said Durnil. “On our own it would have taken 12 to 18 months. Using a third-party consultant we were certified in two and one-half months and ready to start building medical products in December.”
Using a consulting firm for regulatory compliance and other tasks saves the company nearly $200,000 a year, according to Durnil.
“If I did this all in-house I’d have to hire a full suite of regulatory and quality control personnel for a total salary range of $250,000-$300,000,” Durnil added. “Instead I pay a consulting firm about 20% of that amount to do the work.”
But no matter what the bottom-line savings initially, there remains the question of liability should something go wrong down the line with a medical product, which raises the question: Who accepts liability if something goes wrong—the consultant or the client?
“There are no standards in the industry related to BPO,” said Anschutz. “There is wide latitude for how different entities would treat this type of scenario. As in any business/service, the client should perform adequate due diligence, seek an industry proven entity, and always ask for at least three references when looking to engage a relationship with a new consulting firm or outsource partner.”
According to Bell, it would be unusual for a consultant to do all the regulatory legwork.
“Rather, consultants usually work closely with compliance, regulatory and/or legal personnel within the organization, and all important information, decisions, interpretations, etc., should be discussed with and made by senior leadership,” he said.
Responsibility for compliance with any law or regulations ultimately rests with the organization, but intent and penalties can be mitigated based on reasonable reliance upon consultant advice, according to experts who spoke with Medical Product Outsourcing. Consultants generally do not offer guarantees in the area of legal compliance, as too much is out of their control.
“This doesn’t mean that they cannot be sued for gross negligence or intentional misconduct,” Bell added. “Vendors of solutions, on the other hand, can and should guarantee that their products will perform as represented in agreed upon requirements documentation. Companies should look for and be comfortable with both the substantive expertise as well as the technology being deployed, if any.”
When looking for a highly qualified consultant, Durnil recommends making sure the firm is ISO 13485-certified (medical grade), has a deep knowledge of FDA procedures, and a solid history of filing and registering pre-market approval applications and 510(k)s.
The declining economy and worries of a deep global recession present significant challenges to medical device designers and manufacturers. Will companies do more in-house and cut out consultants to save money, or will companies rely even more on third parties to speed up production and lower costs to be more competitive?
“There will probably be a little bit of both as we wrestle with the economy,” said Noblitt. “Companies that were already failing will probably cut everywhere inside and outside. For a company to succeed in this market, products still have to get to the market quickly and without delay. There will be even less room for error; therefore, good consultants that can be called on when needed will be invaluable to companies. Having specific tasks completed quicker, with less chance of redo, and for less money, makes a lot of sense.”
During an economic downturn, there is increased pressure for companies to manage their overhead. Often, internal QA/RA departments are among the first to encounter cuts, according to Anschutz. This, however, does not necessarily mean a boom time for third-party consultants, he advised.
“Individual consultants are likely to face extreme pricing pressures,” he explained. “The segments of the QA/RA consulting and outsourcing business that will be successful are those that offer services that have a compelling business case, such as risk reduction, cost reduction and time-to-market reduction.”
No matter how much a company downsizes or how lean it tries to operate, regulatory requirements, customer expectations and potential legal exposure are not diminished, advised Mary McAtee, vice president of implementation services for IBS America, a provider of enterprise compliance management software in Lexington, MA.
“They remain unchanged or may even increase because people fear that companies are going to try to do more with less,” McAtee said. “Effective business and compliance software tools will be especially valuable to companies for scaling up and down with minimal impact on process quality, compliance and customer satisfaction.”
In the ever-evolving global marketplace, more companies are realizing the strategic importance of QA/RA. In many cases, a product’s time to market depends greatly on the effective development and execution of regulatory and quality assurance strategies.
“Through this realization, companies have begun to demand higher and higher performance and specialization from internal QA/RA departments,” said Clay Anselmo, a 19-year industry veteran and president and CEO of Reglera. “Often these are expectations that internal QA/RA departments are unable to meet, resulting in companies looking to third parties for out-of-the-box solutions that reduce time-to-market, regulatory risk and overall cost.”