1. Post-market surveillance: What is required from you by law
The EU’s Medical Devices Regulation (MDR) lays down exhaustive requirements for Post-Market Surveillance (PMS):
- Chapter II Article 10: The QM system adopted by every(!) manufacturer must include a post-market surveillance system (PMS).
- Chapter II Article 15: The “person responsible for regulatory compliance” must monitor this PMS system.
- Chapter VI Article 61: Manufacturers must include post-market surveillance data in a clinical evaluation.
- Chapter VII Article 83: Manufacturers are obliged to plan, establish, document, implement and maintain a PMS system.
- Chapter VII Article 84: The manufacturer also must set up a post-market surveillance plan (PMS plan) for each product.
- Chapter VII Articles 85 and 86: The MDR requires manufacturers to prepare regular reports on the results of post-market surveillance.
- Annex III describes in detail which elements should be included in the plan.
ISO13485:2016 also requires a system that continuously collects and evaluates information to determine what measures are needed.
Conclusion: The laws require manufacturers to plan and operate effective post-market surveillance systems. These systems must systematically and continuously collect and evaluate all relevant information.
PLEASE NOTE: A violation of these requirements may result in a major non?conformance in the audit and, in the worst case, a suspension of the certificate.
2. What makes post-market surveillance so challenging
It is no surprise that many manufacturers feel overwhelmed by these legal requirements:
- Quantity of information sources
The number of sources of information is constantly increasing. While many auditors used to be satisfied with merely analyzing the BfArM reports, manufacturers today are expected to collect and analyze all available data:
this includes additional government databases such as SwissMedic, FDA and, in the future, EUDAMED, social media channels such as Twitter or LinkedIn, SOUP manufacturers’ and other suppliers‘ websites, databases outlining IT vulnerabilities such as those in NIST, etc.
- Unmanageable amount of information per source
The sheer number of publications is becoming a challenge. The NIST is required to publish thousands of reports. Every month! The number of notifications to the authorities is growing every year. Social media also provide an unmanageable amount of information. This is like searching for a needle in a haystack.
- Lack of accessibility and analyzability of information
Most of the information is publicly available. However, it is difficult to access and analyze: Each source uses a different format and interface, and these are constantly changing. The data sources are difficult to search. For example, searches on the BfArM page do not include manufacturer reports. Searches by search terms are sometimes ineffective because product codes need to be entered. It is highly likely that a great deal of information can be simply overlooked.
- Frequency of publications
Collecting and evaluating post-market data once a year? This was perhaps acceptable in the past. Today, for example, the UL 2900-2-1 standard recognized by the FDA expects published IT vulnerabilities to be addressed within two weeks.
- Monitoring effort
The consequence of the aforementioned points is clear: the effort required to continuously collect post-market data is reaching a level that exceeds the capabilities of many companies, in terms of resources, time, and money.
Conclusion: The amount of available post-market data is growing exponentially. As a result, it is increasingly difficult to find all relevant information in a timely manner with reasonable effort.
How the Post-Market Radar reduces your workload
a) How it works
The Post-Market Radar automates the following steps in whole or in part to continuously (!) collect and evaluate information:
- Download or/and retrieve data from a wide range of information sources that you choose
- Transfer data to standardized and searchable formats
- Search data based on search terms that you specify
- Filter out redundant and non-relevant information (minimize false positives)
- Submit the results to the experts of the Johner Institute for a final assessment and to add recommendations for action
- Generate and send manufacturer-specific or product-specific reports