NMI – It’s a Swedish thing

National Medical Information Systems – NMI – are information systems that are not medical devices in themselves, and therefore regulated by the provision HSLF-FS 2022:42. The provision is a standalone regulation, however very similar to MDR Annex I.

Since 2014, software systems in Sweden that are used on a national and regional level for handling data related to patient treatment, diagnostics, or prescriptions that are not medical devices are defined as National Medical Information systems (NMI). These systems are regulated under provisions provided by the Swedish Medical Products Agency (Läkemedelsverket, LMV). The most well-known examples are software systems used for sharing and distributing prescriptions and other pharmaceutical information as well as parts of the 1177.se services.

In the original NMI provisions from 2014 (LVFS 2014:7) the definition was fairly short. Manufacturers of such systems were imposed to follow applicable medical device requirements and register the system at the Swedish Medical Products Agency. The required handling of NMIs was very similar to class I MDD software, apart from some elements that were not applicable since these products are not classified as medical devices. Most importantly, this means that an NMI shall not be CE marked and that the clinical evaluation requirements don’t apply since the system by definition has no medical purpose.

However, in 2022 a new provision, HSLF-FS 2022:42, replaced the old text and included a more extensive definition, and the previous referral to the medical device regulations was removed. Instead, the provision is a standalone regulation very similar to the MDR Annex I General Safety and Performance Requirements with the same exceptions as earlier, but with the notable addition of a system for marking replacing the UDI requirement in the MDR. Software NMIs now need to be marked with an NMI-ID, an exclusive identification system defined in an annex of the provision.

Furthermore, the new definition includes a slightly wider range of products, including shared systems on a municipal level, placing more importance on the concept of joint and uniform use. Therefore, the number of systems registered as NMIs are expected to increase.

The transition period to release NMIs according to the requirements in LVFS 2014:7, or to put them into use, has expired. NMI released and put into service after 1st February 2023 must comply with the provisions of HSLF-FS 2022:42.

At QAdvis we see an increased number of questions regarding NMIs. If you need help with the regulatory aspects of your NMI, don’t hesitate to contact us. We can support you with the product qualification, technical documentation, quality management systems, and software specific tasks such as cybersecurity.

For more information we also recommend visiting the Swedish Medical Products Agency’s section on NMIs (in Swedish).

If you have any question, contact us at info@qadvis.com.

FDA´s QMSR: ISO 13485:2016 and beyond

In our previous article we described FDAs effort to align the Quality System Regulation with the global Quality Management System standard ISO 13485:2016. Although this is still a proposal, it is planned to be a Final Rule in December 2023, with implementation 2024.

Even though ISO 13485:2016 will largely replace a lot of the requirements in the QSR, many other regulatory requirements still apply. The new Quality Management System Regulation (QMSR) also includes several new sections.

The main differences between ISO 13485 and the proposed QSMR are in Clause 4: Quality Management System and clause 7: Product Realization. FDA has added requirements from the current Document Controls, Labelling and Packaging Control, Records, and Servicing. The differences have been addressed in the new § 820.35 and § 820.45.

In the proposed § 820.35 FDA has added a requirement that require signature and date for records subject to Clause 4.2.5 of ISO 13485. They also added specific requirements to ensure that the information required by part 803, Medical Device Reporting, is captured in certain records of complaints and servicing activities. Unique Device Identification (UDI) is also a requirement which is not defined in 13485, only mentioned briefly in clause 7.5.8.  An interesting addition is also a clarification from the current 820.180 that reminds firms that FDA protects confidentiality of records it receives.

The additions in the proposed new section Device labelling and packaging controls, § 820.45, FDA primarily emphasises the importance of control of labelling. Manufacturers must ensure labelling and packaging has been examined for accuracy prior to release and the results of the labelling inspection must be documented. The release of the labelling for use must also be documented.

Further clarifications have been added in §820.15, for example that;

  • the term safety and performance mean the same as safety and effectiveness,
  • the organization also includes the term manufacturer,
  • validation of processes should be understood to be the same as process validation.

This is in not a complete list of the changes but highlights the main differences.

Our conclusion is that if you have an ISO 13485:2016 certificate already, and especially if your quality management system already includes requirements from the current QSR 820, the changes will be more of administrative character than a system overhaul. But for manufacturers with only ISO 13485-certificates that want to expand to the US, things may become a little bit easier. We keep our fingers crossed.

If you have any question, contact us at info@qadvis.com.

Swedish Medtech Summit 2023

QAdvis är så klart representerade på höstens Swedish Medtech Summit den 21 november i Stockholm. Kom och prata med våra konsulter Ladan Amiri och Krishnadev Moothandassery Ramdevan.

Konferensen kommer ge en belysning av hur vården– och omsorgen håller på att utvecklas och hur stor betydelse de nya teknikerna kommer ha i framtiden.

Som konsultföretag inom Medtech och med fokus på bland annat cybersäkerhet, mjukvara och klinisk utvärdering vill vi ta del av det som händer och de utmaningar som industrin och sjukvården står inför. Med vår kompetens och förståelse av komplexiteten kan vi på ett effektivt sätt bidra med den regulatoriska analysen och hjälpa till att identifiera vilka aktiviteter som behövs för CE-märkning av medicintekniska produkter. Inte minst med avseende på kraven för egentillverkning som med MDR 2017/745 och IVDR 2017/746 är tydligare reglerat.

Kontakta oss om du vill veta mer info@qadvis.com

Is it time to scrap the DHF, DMR and DHR?

To successfully navigate an inspection by FDA, it’s essential to maintain three separate buckets for your device files: the Design History File (DHF), the Device Master Record (DMR) and the Device History Record (DHR). However, with the upcoming update to the US Quality System Regulation, these terms may no longer be used.

Since 2018, the FDA has been working to align its Quality System Regulation QSR 21 Part 820 with the global standard for Quality Management Systems, ISO 13485:2016. And this is for a very good reason. The FDA played a key role in developing this standard and is also a member of the Medical Device Single Audit Program (MDSAP)accepting audit reports from MDSAP-recognized Auditing Organizations instead of FDA audits.

The implementation of this new regulation, Quality Management System Regulation (QMSR)  has however faced repeated delays. But in May 2023 Dr. Jeff Shuren, director of FDA’s Center for Devices and Radiological Health (CDRH) stated that the publication of the QSMR is a “high priority” for the FDA and should be out by the end of this year. So maybe the new QSMR will be a long-anticipated Christmas present.

The new regulation will eliminate most of the requirements in the current Part 820. Changes in the QSMR will primarily be made by referencing ISO 13485 rather than duplicating the exact text of the standard. However, some sections will include clarifications, and it’s crucial to remember that the other regulatory requirements will still apply. For instance:

  • 21 CFR Part 830: Unique Device Identification Requirements
  • 21 CFR Part 821: Traceability Requirements, if applicable
  • 21 CFR Part 803: Reporting to Regulatory Authorities
  • 21 CFR Part 806, Advisory Notices

A significant difference between the QS regulation and ISO 13485 is that the risk management requirements are integrated throughout all aspects of the quality management system in ISO 13485. This contrasts with 21 CFR 820, where the risk-specific requirements are only listed in §820.30(g) as part of design validation.

If you’re already ISO 13485 certified, changes to your system will be minimal. If you only operate within the US, changes will be more substantial.  If you plan to remain solely within the US, you don’t need to obtain a notified body or 13485 certifications. You can continue as before but follow the QMSR instead of the QSR. The FDA will continue its usual site inspections but will use its new audit method based on QMSR (i.e., ISO 13485) instead of QSIT.

It’s important to note that an inspection from FDA won’t result in a 13485 certificate since this is a government inspection and not a Notified Body audit. It’s also crucial to understand that even if you already have a 13485 certificate, the FDA will continue to inspect your site as long as you sell in the US, unless you participate in the MDSAP audit program.

While it’s uncertain whether the QMSR will indeed be published by the end of 2023, we will certainly keep a close watch on this development and hope that “a watched pot never boils” proves to be incorrect in this case.

In the next follow up article we will go through the major differences between the ISO 13485:2016 and the proposed QSMR.

If you have any question, contact us at info@qadvis.com.