Medical Device File For Repair and Resale

[User-name]

Greetings,

I've long read the forums here and just never really needed to ask a question but, I do now

I've read several of Marcelo Antunes' posts about the 13485:2016 standard and its writing inefficiencies (as well as it being published between 9001 versions, adding to confusion). And have read his input that the Medical Device File applies to all companies and not just manufacturers (whether or not it actually should).

Here are my difficulties/questions..


1. Part of 4.2.3 calls for "Packaging, storage, handling and distribution." We don't manufacture, label, package or distribute. We repair existing devices, or in some cases, resell devices. Odd how the standard adds "as appropriate" for installation and servicing of 4.2.3, but not these sections of 4.2.3. It truly isn't all appropriate in our case, as we're a repair and/or resale facility only. In 9001:2015 I could always counter-point with our auditor, that the spirit of the law is what should be audited in cases where it does not apply. It seems to me the "spirit" of this clause is manufacturers and/or distributors. However, I assume that will not fly, and I will have to simply create this file?

2. As we repair/resale various medical devices, many manufacturers do not always want to share their product information, manuals, specs, and other such things (as it robs them of business). So how do we create a complete Medical Device File called for in the standard, if we are not given access to all of that information in the first place? Just do our best?

3. Risk management, if both of the above are "yes." How does recreating a Device File for functions that don't apply to us, and aren't always available, accommodate better risk management? Would it not be more risky to create a potentially flawed device file, for an item we don't have all of that information for in the first place?

Coming from 9001:2003, & 2015 background, this 13485:2016 really seems to be confused. Is it me, or is it just confusing applying the current version of the standard to a non-design, non-manufacturer facility?

Thank you for your input, and time, much appreciated!

 

[Ronen E]

Hello and welcome to the discussion

General comment: Your "product" is not necessarily a device, it's sometimes the repair service. In that case the file should address the relevant aspects of the service. When you do sell devices (re-sell) your product is a device and should be addressed as a new device, generally.

1. Part of 4.2.3 calls for "Packaging, storage, handling and distribution." We don't manufacture, label, package or distribute. We repair existing devices, or in some cases, resell devices. Odd how the standard adds "as appropriate" for installation and servicing of 4.2.3, but not these sections of 4.2.3. It truly isn't all appropriate in our case, as we're a repair and/or resale facility only.

Don't repaired and resold devices have packaging, storage, handling and distribution aspects? Even if those don't exactly match the original ones, you must have some provisions in place, right? So these should be covered in the file. Even with "just" repair, unless it's done on-site, I believe there are some packaging, storage and handling, aren't there?

2. As we repair/resale various medical devices, many manufacturers do not always want to share their product information, manuals, specs, and other such things (as it robs them of business). So how do we create a complete Medical Device File called for in the standard, if we are not given access to all of that information in the first place? Just do our best?

Files asisde, my question is how can you take responsibility for repair or for placing those devices back on the market if you "are not given access to all of that information in the first place?"

Would it not be more risky to create a potentially flawed device file, for an item we don't have all of that information for in the first place?

In my opinion it is more risky to place a device on the market (or put it back to service) when you don't have all that kind of information in the first place.

Coming from 9001:2003, & 2015 background, this 13485:2016 really seems to be confused. Is it me, or is it just confusing applying the current version of the standard to a non-design, non-manufacturer facility?

In my impression there's a significant difference between ISO 9001 and 13485 (any versions). 9001 is more generic and less demanding, and I think that in general auditing to it tends to be less strict. ISO 13485 is coming from a regulatory (mandatory) context, while 9001 is usually voluntary or coming from a commercial context. Upgrading from 9001 to 13485 certainly requires some state-of-mind adjustment. Don't assume that "it's essentially the same", because often times it's not.

Cheers,
Ronen.

 

[User-name]

Hello Ronen,

Thank you for taking the time to answer, and providing so much depth. It does help a lot.

Don't repaired and resold devices have packaging, storage, handling and distribution aspects? Even if those don't exactly match the original ones, you must have some provisions in place, right? So these should be covered in the file. Even with "just" repair, unless it's done on-site, I believe there are some packaging, storage and handling, aren't there?

In our case, kind of, yes, but nothing necessarily specific in our situation. For packaging, we send the items back in the packaging they came to us in. Sometimes the device is in a case, in a box, we put them back in the case and back in the box, sometimes they're sent to us in bubble-wrap and we send it back in the same packaging (if possible). It's not always sent to us in the same packaging, but however we get it, we send it back. If we buy/resell we only buy them with original cases, pull them out to inspect/sterilize and put them back in the case, and on the shelf until they're sold. So maybe I'm just trying to be too specific, and wrongly thinking that if I can't clearly define it as a singular packaging process, that I shouldn't. When in fact I can and should, it'll be broad and general, but it can indeed be done. Is that correct?

Files aside, my question is how can you take responsibility for repair or for placing those devices back on the market if you "are not given access to all of that information in the first place?"

I'm probably not explaining that right, sorry. We have the specs we need to have for what we repair, and specs for the device itself. We don't always know their specifications or recommendations for manufacturing, labeling, distribution, packaging or handling, etc. All items are pre-labeled, unless the label section is in reference to the label on the outside of the box?? Since we don't manufacture or label the item itself, some sections would certainly have no bearing. But if I'm understanding your reply correctly, the file isn't about their specifications on how to do these things, but rather how we specify we do those sections that apply. So it doesn't necessarily have to match the OEM in regards to how the item is packaged etc. Is that where my error is?

Then there's the section of the standard that states we "shall include" manufacture/label in the device file. It doesn't state "as appropriate" like install/service does. Yet it truly doesn't apply to us (manufacture at the very least). So I'm assuming I can at follow 4.2.2(a) there, and simply document details for exclusion of that one part...

In my impression there's a significant difference between ISO 9001 and 13485 (any versions). 9001 is more generic and less demanding, and I think that in general auditing to it tends to be less strict. ISO 13485 is coming from a regulatory (mandatory) context, while 9001 is usually voluntary or coming from a commercial context. Upgrading from 9001 to 13485 certainly requires some state-of-mind adjustment. Don't assume that "it's essentially the same", because often times it's not.

So I am starting to see. I think once I wrap my head around the change it may actually be easier in a way, since it is more direct and specific. It means that I can learn the standard, and not just my particular auditor's interpretation of it (which can change with a new auditor).

In any event, I think my error was in my understanding of this section and trying to apply it to how the OEM specifically did it, and thinking I had to define that. When it's really just having a file stating what devices we repair/resell, and how we do what we do. And even if some sections are a little broad, they can still be defined. If I'm understanding that correctly then I believe I'm well on my way...