Reporting Incidents in Europe (Part 2)

Rene van de Zande

In the June issue, we started to address the issue of reporting incidents in Europe. We talked about the most common triggers of (near) incidents (hereinafter “Incidents”), types of incidents that must be (and don’t need to be) reported, time limits and consequences of not reporting.

Now, we’ll finish this discussion by talking about the procedures for incident reporting, communicating with distributors and your Authorized Representative (AR), working with Competent Authorities and more.

Procedures

If you are already selling in Europe, you likely have procedures in place for Incident Reporting. The European Union has a guidance document (MEDDEV 2.12-1 rev 4) on developing a Vigilance system, and you should read this carefully. Note that Revision 5 of this procedure is currently being circulated for comments. In any case, review Revision 4 carefully to make sure your vigilance system is up to date.

One aspect of your procedures that deserves extra attention is the section that addresses the responsibility of the distributors, AR and outsourced manufacturer (if applicable). Incidents often get reported directly to a Competent Authority (CA) by a user or hospital, or directly reported to the distributor or company. In the case of distributors, they need to be informed about the urgency of passing along these reports to you and to whom within the company they should be directed.

Communicating the News

The MEDDEV 2.12-1 rev. 4 provides some guidance for device manufacturers regarding to whom they should report incidents. As a general rule, Incidents should be reported to the CA of the country in which the incident occurred (unless an implant is involved, in which case the CA in the country where the implant was performed needs to be copied). If a distributor is the AR, it has the same responsibility as an independent, professional AR—including the reporting requirements spelled out in the distribution or AR agreement. If an agreement does not exist, the distributor may get into trouble because the responsibilities are different, if not at odds.

There is a common misconception that if the incident happens outside the European Union, it does not need to be reported to a CA there. This is an incorrect assumption. If the incident occurs in the United States, for example, and the device (or a similar CE Marked device) is sold in the European Union, the manufacturer is obliged to report to the European CAs. It is possible that the FDA and a European CA may require different courses of action, but neither the FDA nor the CA will defer to each other if recommending a course of action.

If the Incident involves an implant, you should also notify the CA in the country where the implant was performed (if known). You can find an up-to-date list of all CA contacts on the official Europa.eu Web site or by e-mailing me at the address provided at the end of this column.

What Happens Next?

You may recall from the previous article that you have 10 days (or 30 days for less serious issues) after learning of an (near) incident to file an Initial Report with the CA. After you submit an Initial Report to the CA, the authority should acknowledge receipt and classify your report by date, outcome, device type and other factors. Most important, it will provide a date by which your next action is due.  

When a CA receives an initial report, it usually doesn’t disseminate it to other CAs. If the CA does circulate it, the CA will inform you prior to doing so—but this is unusual. If incidents have occurred in more than one country, normally the CA that received the first initial report will monitor the investigation and communicate with you on behalf of the other CAs. In some cases, the CA in the country where your AR is located may play this role.

The coordinating CA will be in charge of monitoring your investigation, tapping the expertise of your Notified Body, if needed, discussing what correction actions may need to be taken and disseminating details of incidents to other CAs. Keep in mind, however, that this understanding between the CAs in Europe does not preclude any of them from conducting their own monitoring or investigation, and some may choose to do so.

This article doesn’t cover what needs to be included in the Initial and Final Reports. Please note, though, the CA is going to want some quantitative data such as the number of devices involved, how long they have been on the market and details of any design changes. The CA also will monitor the direction your investigation is taking, how quickly you are getting things resolved and the outcome.

Your Final Report to the CA will include the outcome of your investigation and how you plan to proceed. That may include initiating a recall, performing additional surveillance on devices in use, disseminating information such as Advisory Notices or nothing at all. Fortunately, Reports can be submitted in English.

Competent Authorities want to work with you to fix problems and prevent them from happening again. As such, they will often consult with you to determine which of the preceding courses of action best suits the situation. If a Corrective Action will be taken or there is a serious risk of injury to a user, the CA will likely disseminate the final report to other CAs. The Final Report will not be made public unless there is an overriding concern for public health that exceeds the obligation of confidentiality.  

Your Final Report should be maintained as part of your quality system records and kept on file for the expected life of the device or two years, whichever is greater. Eventually, all of these data will be put on the much anticipated EUDAMED database, which may be operational sometime in 2006/2007.

Involvement of Outsourced Manufacturers

If you outsource manufacturing, you will need to work quickly and collectively with the contract manufacturer to investigate what may have caused the incident. Regardless of whether the manufacturer owns the design, the manufacturer is responsible for the device you place on the market. If you do not own the design and simply private label the device, things may get tricky if your investigation points to a need for a design change. Remember, you only have 10 calendar days to file an Initial Report to the CA, if death or serious injury has been reported (regardless of whether this turns out to be true). Otherwise, 30 days is the time limit.

Towards a Global Reporting System?

Although we are a long way from a harmonized (let alone uniform) global reporting system, the requirements for reporting are rapidly converging. In addition, the upcoming MDD update will legalize or even mandate the rapid exchange of information that could be relevant to public health between, effectively, all OECD countries (30 total to date) and a few more, such as Brazil and Argentina. The idea is to disseminate information among global health authorities faster so if something happens to a patient in Bangkok, it might be prevented more quickly in Berlin or Boston. This is the global village that any company’s incident reporting system will have to cope with.

Preventing Future Incidents

The goal of a medical device vigilance system seems obvious but bears repeating. It is the moral and legal responsibility of the manufacturer to make sure the devices placed on the market are safe. In the long run, trying to hide or downplay incidents will not serve your interests. Be open and communicative with the Competent Authorities, your customers, distributors and your Authorized Representative.

A revision of MEDDEV 2.12-1 is in the works and provides much more detail than the current revision 4. A future column will discuss the changes to this MEDDEV once they are finalized, which is expected some time this year.

Rene van de Zande is president and CEO of Emergo Group, a consulting firm that provides quality assurance, regulatory affairs and distribution services. Emergo Group has offices in the United States, Europe, Canada and Australia. Rene can be reached at [email protected].