The FDA steps up efforts at bringing about medical device cyber security

This FDA guideline seeks to enforce medical device cyber security by ensuring that the manufacturers take steps to secure medical devices by clearly defining medical device cyber security.

Advertisements

It is a disturbing, but true fact that medical devices are hacked. Medical devices have inbuilt software, and hackers try to breach this. Medical device cyber security is thus critical, because lack of it can bring harm to patients who use medical devices that come with software built into them.

An important factor that makes medical devices vulnerable to cyberattacks, thus triggering and hastening the need for medical device cyber security is that many times, medical devices are not standalone devices. They are connected via the Net to a number of important sources such as hospitals, electronic records and healthcare providers.

This fact makes it easier for hackers to carry out cyberattacks on medical devices because it is not necessary for them to actually have access to the device to carry out their breach. All these factors combine to make medical device cyber security a much needed system.

The FDA guideline of June

Keeping in mind the nature of fallibilities in a medical device; the FDA, with the intention of bringing about medical device cyber security passed the draft guideline on this topic in mid-2013. Titled the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices; this guideline sought to address the issue of medical device cyber security by making an attempt at identifying the issue from its root.

That is, this guideline on medical device cyber security put in place security checks and procedures that manufacturers of medical device have to put in place right from the earliest stages of manufacture, going all the way up to the time it is implanted in or used by the patient.

The main intention of this FDA medical device cyber security guideline is to offer recommendations that medical device manufacturers need to take to reduce the intentional or unintentional risk of an attack on a medical device. This FDA guideline seeks to enforce medical device cyber security by ensuring that the manufacturers take steps to secure medical devices by clearly defining medical device cyber security.

Terms clearly defined

The FDA defines medical device cyber security as steps taken to prevent any of these:

  • Unauthorized modification
  • Misuse of the device
  • Denying the use of the device
  • Unauthorized use of the information that is stored in these devices. This relates to the information stored, accessed and modified when the device is transferred from one source to another

Documentation is at the heart of ensuring medical device cyber security

Towards ensuring medical device cyber security as defined by it; this FDA guideline requires manufacturers to monitor and document all the aspects of medical device cyber security at all stages. Medical device manufacturers should bring about medical device cyber security by developing a set of controls in three vital areas:

  • Firstly, medical device manufacturers should take steps to permit only authorized personnel into the software of the medical device
  • Medical device manufacturers should also ensure medical device cyber security by filling only relevant and accurate data into the device
  • They should also ensure that data is available when asked for

For more interesting https://goo.gl/ZrJ6sv

Cold chain challenge is key to making vaccines ubiquitous

A power outage can break this cold chain and result in the vaccine losing its effectiveness.

Over the years vaccines have prevented countless cases of disease and saved millions of lives. Infectious diseases like polio, measles, diphtheria, pertussis (whooping cough), rubella (German measles), smallpox, mumps, tetanus and rotavirus used to be common around the world. Today vaccines can prevent them.

Despite this, one in five children in the world aren’t fully protected by even the most basic vaccines. In addition, almost 20 million are at risk of contracting preventable diseases because they are under-vaccinated. As a result about 1.5 million children die every year from diseases that can be prevented by vaccination coverage.

One of the main reasons is that there are many rural areas in the world that don’t have reliable power supplies. Vaccines need to be kept at particular temperatures, usually refrigerated, to remain effective. Cold chain conditions aren’t possible without power. A cold chain is a temperature-controlled supply chain that runs from the time the vaccine is produced until it’s administered. It holds the vaccines in a temperature of between 2°C and 8°C. A power outage can break this cold chain and result in the vaccine losing its effectiveness.

Vaccines-for-Life

The Global Alliance for Vaccines and Immunization estimates that only 10% of health care facilities in the world’s poorest countries have a reliable electricity supply. In Uganda, for example, over 70% of health care facilities have inadequate access to mains power.

The World Health Organisation estimates that more than 50% of vaccines may be wasted globally every year because of temperature control, logistics and shipment-related issues.

Most government guidelines recommend that vaccines that have potentially been compromised should be discarded. This can be costly. In 2011, according to UNICEF, an estimated USD$ 1.5 million worth of vaccines were lost in five months, often due to difficulties maintaining cold chain vaccine supply to their remote location.

The WHO has developed a set of guidelines for governments in a bid to minimise exposure to high temperatures if a power outage happens. But our research shows that these guidelines don’t have any specific instructions on how health care facilities and pharmacies should implement backup systems. They also don’t provide a list of standardised equipment to prevent and deal with power outages. This would be helpful in both developed and developing country scenarios. Our research attempts to plug this gap.

Read more at http://bit.ly/2NR2C0q

Facts About Compliance Courses

What is compliance? We all know the commonly used meaning of the term. One of the meanings The Oxford Online Dictionary has for compliance is its being “(t) he state or fact of according with or meeting rules or standards”. So, in the context of the regulated industries, compliance is being in a state of acquiescence or agreement with the regulatory requirements. The rules or requirements are set out by the regulatory authorities such as the US FDA or the European Union’s European Medicines Agency (EMA), or The Medicines and Healthcare Products Regulatory Agency (MHRA) of the UK, or The Pharmaceuticals and Medical Devices Agency (PMDA) of Japan, or any other around the world.

The regulations these regulatory agencies set are aimed at ensuring compliance with standards. Of course, it goes without saying that these standards are aimed at ensuring quality and safety of drugs and other health-related products such as medical devices, food, medicines, life sciences and pharmaceutical products. It is to be in compliance with the regulations set out by these agencies that organizations that come under these regulatory bodies spend a fortune.

child Head with symbol

Why? Simple:

– Being in compliance ensures that their products are approved for release into the market, failing which all that they spend on producing the product goes down the drain;

– Lack of compliance results not only in hefty penalties and fines and other punishments which could go all the way to imprisonment; it could also result in earning a bad reputation, the quickest means to get out of business.

Compliance requirements, expectedly, are very stringent. This is very natural, considering the nature of the products that are regulated. No regulatory agency likes to take chances with the health of the people. One spurious drug in a lot of thousands could be enough to cause damage to the consumer. So, regulating these products is as onerous as ensuring the security of every individual in a nation or society.

Compliance requirements are couched in very formal and often incomprehensible language. Since the industries are highly specialized, it is impossible for the regulatory agencies to avoid jargon or legalese. It is to help understand the nuances of these regulations that organizations need the services of compliance professionals. These professionals are specialized in the particular and exact nature of these regulations and do what is required to ensure compliance.

Despite the existence of these compliance officers, many organizations could still need understanding of the regulations. This could sometimes be because of the frequency of the regulatory updates or the urgency in meeting their requirements. Or, these could be beyond the resources the organization can allocate or afford for meeting compliance requirements. Further, the nature of some regulations could be such that even experienced compliance officers may need clarity. On such occasions, organizations need the services of compliance trainings.

Continues here http://bit.ly/2vhqsuC

How can a Culture of Quality and Compliance Impact your Company’s Success?

At this very important learning session on Quality, Suzanne will cover all the perspectives of Quality.

If there is one attribute that sits at the very core of an organization, it has to be Quality. If Quality is this critical to organizations; then, what is Quality in the context of an organization?  If Philip Crosby defined Quality as conformance to requirements and Sam Walton considered it as being able to give the customers what they want; William A. Foster explained Quality in an organization in the following words: “Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution. It represents the wise choice of many alternatives”.

Those in charge of Quality in organizations have to consider many questions relating to it. These are some of them: do we consider it an attribute or characteristic in relation to a certain standard or customer requirement? Is it all about achieving a state where our product is free from defects? Is it a system that we create for holding inspection standards or making the Quality System accountable to? Or is there something beyond all these?

Quality should become part of the organization’s culture

If there is one truly critical work that an organization has to carry out to become successful and to stay ahead; it is to imbibe Quality into its very core. Going beyond the semantics; Quality should become a way of life for the organization. it should become a philosophy, an inalienable part of its culture, and a habit. For organizations to meet and exceed customer expectations all the time and every time, Quality has to be implanted into the very essence of an organization.

Compliance4All, a well-known provider of professional trainings for the areas of regulatory compliance, explain all the elements of Quality at a webinar that it is organizing. Susanne Manz, a highly regarded leader in the medical device industry, who emphasizes Quality, compliance, and Six Sigma, and who brings extensive background in Quality and compliance for medical devices from new product development, to operations, to post-market activities, will be the speaker at this webinar.

Please register for this webinar by visiting http://bit.ly/2Hs2QMI

Quality from all perspectives

At this very important learning session on Quality, Suzanne will cover all the perspectives of Quality. Among the important learning objectives of this session is to teach participants to identify the warning signals that indicate that there could be Quality issues within the organization and the risks the organization faces from Quality and compliance issues. Participants will understand the ways of changing their organizations from being reactive to becoming proactive. Participants will understand how a culture of Quality and compliance can impact their organization’s success, and will learn the ways of creating a culture of Quality and compliance at all levels in their organization.

Suzanne will cover the following areas at this webinar:

  • FDA and NB expectations for Quality Systems
  • Lessons Learned from 483s and warning letters
  • How culture can impact Quality and compliance risk
  • Management commitment and responsibility
  • Maturity Modeling
  • Key capabilities
  • Roles and responsibilities
  • Quality planning and strategy
  • Tools and techniques
  • Best Practices.

Where does GMP Training end and HR training begin?

HR could be in a predicament about what kind of training to impart to consultants.

That pharmaceutical companies need to hire professionals with the requisite qualifications is beyond question. This is not only required for the smooth conduct of activities in their course of their day-to-day work, but also because the FDA has set out its requirements for the proper educational and skill set qualification of employees in this profession in 21 CFR 211.25(a).

This FDA section underlines the need for educational qualifications, training and experience to carry out their job functions, which cannot be carried out in the absence of these requirements. The consequences of having ill qualified and ill-equipped staff can be of a grave nature. This scenario calls for a thorough look at the way pharmaceutical companies select and train their staff engaged in their work that must incorporate Good Manufacturing Practices (GMPs), while also maintaining quality, which is of paramount importance in this industry, all within the ambit of the organizational culture.

Challenging questions relating to training requirements

Meeting the educational and training requirements for pharmaceutical professions in a GMP environment, while complying with the provisions of 21 CFR 211.25(a) can be quite a challenge for the pharmaceutical companies’ HR. HR training should align with the requirements set out by Quality Assurance. There must be consistency and alignment of the priorities and need of the stakeholders in these two crucial departments.

successful-employees

HR could be in a predicament about what kind of training to impart to consultants, a practice that is quite prevalent in this industry. Are they to be trained the way regular staff is, or do they have a different set of training requirements? Another practice that abounds in this industry is transferred employees. What about the training for such employees?

Get to understand the elements of onboarding in a GMP environment

A webinar from MentorHealth, a leading provider of professional trainings for healthcare professionals, will be setting doubts relating to all these core areas at rest at a webinar that it is organizing. The speaker at this webinar is Michael Esposito, who has over 30 years of experience in the pharmaceutical industry, during which he has world in a variety of areas including packaging, project administration, Quality Assurance, Government Contracts, translations, systems training, and international operations in many reputable companies such as Wyeth Pharmaceuticals, Pfizer and Johnson & Johnson’s McNeil Consumer Healthcare Division. Michael has more than 17 years’ experience in GMP training and document management.

Please visit http://bit.ly/2HJdw93 to enroll for this very useful session.

Familiarization with the onboarding strategy

shutterstock-cropped

The essence of this webinar is familiarization with the onboarding strategy needed for professionals in the pharma industry. Michael will help participants understand how to put in place an onboarding strategy that combines the inputs of all the major stakeholders and put in place a consistent and comprehensible onboarding and training process that the organization can adapt for its employees.

Participants at this webinar will be able to define the onboarding process in the context of compliance. Michael will help them understand how to interact with HR to create a coordinated onboarding strategy. They will be able to implement a training program that takes into account the differences between the training requirements for full-time employees and contractors, and between new employees and employees transferring internally. They will also be able to prioritize training, so that they not only ensure compliance; they also reduce the learning curve for new or transferred employees.

This session is of value to professionals such as Managers with direct reports, HR professionals, and Quality Assurance and training departments. Michael will cover the following areas at this webinar:

  • FAQs for employee onboarding
  • Management’s expectations for new employees
  • HR onboarding
  • Quality’s role in the onboarding process
  • GMP training requirements
  • Handling full-time employees vs. contractors and other temporary personnel

Benchmarks for training and competency.

When the medical device company makes patent claims on its process

The Design Control and Design History File have become inseparable twins.

The Design History File (DHF) is one leg of the all-important triad of documents required for the manufacture of a medical device. While the Design History File is a core requirement set out by the FDA; its counterparts, the Technical File and Design Dossier are required for the EU’s regulatory body, the MDD, and serve the same purpose.

The importance of the Design History File can be gauged from the fact that DHF is a part of the Safe Medical Devices Act passed by the American Congress in 1990 with the intention of establishing standards for safety of medical devices.Design History File is not only required for each and every single type of device; when the medical device company makes patent claims on its process, its development documentation has to be shown to have been followed properly.

files

History of the Design History File The FDA’s requirement of a medical device’s Design History File did not appear out of the blue. It developed and evolved over time, mainly as a result of the realization on the part of the FDA that it was at the design and change phases that the device’s problems had been originating, irrespective of whether the device was new or was a changed one.

Analysis over a period of time led to the idea of Design Control. Design Control is a principle by which the design elements of medical devices are tracked, monitored and corrected at every stage, right from beginning till end. Because of this, the Design Control and Design History File have become inseparable twins. A few points corroborating this observation:

  • The DHF is the source that contains or references the records needed for demonstrating that the device’s design is developed in accordance with both the approved design plan and the design control requirements as stated by the FDA
  • Formal and proper Design Control and Design History File are part of the FDA’s Good Manufacturing Practices requirements
  • Design History File combines with Design Control to create another critical yield: the Device Master Record

slide_24

These are the core elements of a DHF:

  • The FDA states that the medical device company has to ensure that the Design History File should be a “living document”. This means that it has to contain all the details of the design and development plan. In this, the medical device company should clear state and specify the design tasks and deliverables
  • It should have many copies of the approved design input and design output documents
  • The Design History File should contain the design review documentation
  • It should also document verification and validation
  • In cases where it is necessary, the Design History File should have copies of Design Control documents, apart from the records of change control. The reasons for change should also be stated.

 

The EU’s Pharmacovigilance Directive

The Pharmacovigilance Directive underwent a major revision in 2010, by which a new legislation came into effect.

Pharmacovigilance is a major public health initiative of the EU. It is aimed at reducing the risk attendant in any part of the production, marketing and supply chain of medicinal products. Monitoring is done not only before the medicinal products enter the market; it is done at every stage after, too.

safetyandsurveillance
The aim of putting a strict vigilance regimen is to help detect any aspect of a medicinal product that could compromise on its safety. This whole system of monitoring is called pharmacovigilance.

The EU’s Pharmacovigilance Directive is the legal structure that spells out the objectives and implementation plans for the EU’s pharmacovigilance system. The Pharmacovigilance Directive is part of the EU’s efforts to enforce very stringent assessment of all medical products for their safety, quality and efficacy before they become authorized.

Regulation on all areas of medicineIn essence, the Pharmacovigilance Directive lays out the conditions and rules by which medicinal products have to be marketed within the EU and beyond. It prescribes the manner in which products have to be manufactured, labelled, marketed, recalled and destroyed. The Pharmacovigilance Directive, which applies to products for human use, bans any medicinal product that is not authorized by any member state of the EU from being marketed.

The review of 2010The Pharmacovigilance Directive underwent a major revision in 2010, by which a new legislation came into effect. The legislation passed that year further fortifies and streamlines the system relating to the safety of medicines that enter the European market.

The Pharmacovigilance Directive of 2010 strategizes areas relating to preventing, detecting and assessing of adverse reactions in patients to ensure improved patient safety and with it, public health. One of the major features of this amendment is that patients are empowered to directly report adverse drug reactions to the designated competent authorities. Another important aspect is that the definition of an adverse reaction has been widened to include issues like overdose and medication errors.

Important features of the Pharmacovigilance Directive of 2010The Pharmacovigilance Directive of 2010 seeks to take concrete steps to enhance its core objectives of patient safety and public health. It is built on these foundations:

  • It puts in place a robust, proportionate and proactive risk management regimen
  • It enhances safety data quality
  • It strengthens the link between safety evaluations and actions from regulatory authorities
  • The Pharmacovigilance Directive of 2010 has led to greater communication, transparency and patient involvement
  • It assigns clear-cut responsibilities and tasks for everyone concerned
  • It facilitates the decision-making apparatus within the EU
  • The Pharmacovigilance Directive of 2010 has established The Pharmacovigilance Risk Assessment Committee, a new scientific committee to be based at the European Medicines Agency (EMA).