SBS - The best value in QMS software

How medical device manufacturers are implementing standards like GDPR and HIPAA

#1
I’m curious from a tactical standpoint how medical device manufacturers are implementing standards like GDPR and HIPAA either inside or outside the QMS. Do you use the same quality systems and the SOP hierarchy you use for QMS processes or roll them into a different business process?

There is resistance to release Operating procedures and Work instructions within the QMS as there is concern that they could be “discoverable” by regulators like FDA and ISO auditors.

I’m concerned if they aren’t structured as QMS requirements they not be followed strictly, and there could be real or perceived conflicts.
 
Elsmar Forum Sponsor

Ed Panek

QA RA Small Med Dev Company
Trusted Information Resource
#2
We added a section to our QMS called BUS for business because is satisfies customer or partner queries and interest. Our QMS is a nice way to control all our documents, not only ones related to a standard. Yes an auditor can review them but what standard and scope would they claim that gives them authority over these processes? We also have in our QMS disaster and recovery plans, some ISMS documents but any 9001 or 13485 auditor would have no governance over them.

If they argue about it show them this from ISO 13485: "It is not the intent of this International Standard to imply the need for uniformity in the structure of different quality management systems, uniformity of documentation or alignment of documentation to the clause structure of this International Standard."
 
Last edited:

yodon

Staff member
Super Moderator
#3
This is an interesting discussion. ISO 13485 states:

5.2 Customer focus
Top management shall ensure that customer requirements and applicable regulatory requirements are
determined and met.


Further:

8.2.4 Internal audit
The organization shall conduct internal audits at planned intervals to determine whether the quality management system:
a) conforms to planned and documented arrangements, requirements of this International Standard, quality management system requirements established by the organization, and applicable regulatory requirements;


(my emphasis added in both).

If you're 13485 and selling into Canada, the AOs I've worked with require that an internal audit cover MDSAP requirements. If you're selling in the US, they can look at compliance to the QSR. And if in EU, the MDR is now in play So where IS the line drawn? What constitutes a 'complete' internal audit? GDPR and HIPAA are "applicable" regulatory requirements if you're in those areas. Why should those be out of scope for either internal or external audit?
 

Ed Panek

QA RA Small Med Dev Company
Trusted Information Resource
#4
Interesting.

Can you be non GDPR but CE compliant? Non HIPAA but QSR compliant? Not FCC but QSR compliant? What if a MDR audit finds a a problem with MHLW (Japan) compliance?
 

yodon

Staff member
Super Moderator
#5
If you're not collecting / managing protected (health) info then yes.

By MDR audit, do you mean technical file review? If so then they wouldn't care. If an ISO audit and Japan is in scope, ???
 

Ed Panek

QA RA Small Med Dev Company
Trusted Information Resource
#6
What if you are collecting data? Would an ISO auditor in the USA know enough to protect EU patients under GDPR and make a finding?
 
Thread starter Similar threads Forum Replies Date
JoCam Certified QMS for MDR - Class I medical device manufacturers EU Medical Device Regulations 4
I Japanese medical device recall requirements & procedure for foreign manufacturers Japan Medical Device Regulations 4
H Is Product Liability Insurance Compulsory for Medical Device Manufacturers? Other Medical Device Regulations World-Wide 2
S Manufacturers Obligations for Medical Device Servicing and/or Repair EU Medical Device Regulations 10
A One Medical Device - Two Legal Manufacturers ISO 13485:2016 - Medical Device Quality Management Systems 5
M New Medical Device Contract Manufacturers Excise Tax Requirements US Food and Drug Administration (FDA) 8
Marc Guide To Inspections Of Medical Device Manufacturers - 1997 (06/08/2010) US Food and Drug Administration (FDA) 3
M Problems implementing ISO 13485 for Software-Only Medical Device Manufacturers? ISO 13485:2016 - Medical Device Quality Management Systems 4
B FDA Requirements for Retaining Non-Conformance Tags (Medical Device Manufacturers) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
L First Article Inspection Criteria for Medical Device Manufacturers Inspection, Prints (Drawings), Testing, Sampling and Related Topics 5
S First Article Inspection - General Practices for Medical Device Manufacturers Inspection, Prints (Drawings), Testing, Sampling and Related Topics 3
A Home Based Medical Device Manufacturers or Component Vendors (Suppliers)? Other US Medical Device Regulations 3
S MSA (Measurement System Analysis) for Medical Device Manufacturers Other US Medical Device Regulations 3
A Validation of PLC's with Medical Device Manufacturers 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 7
T Korean requirements for foreign medical device contract manufacturers? Japan Medical Device Regulations 2
T Definition Certificate of Conformance - Meaning and Definition of - Medical Device Manufacturers Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 4
A FDA Compliance Manual, Inspection of Medical Device Manufacturers, Available ISO 13485:2016 - Medical Device Quality Management Systems 2
V Records of Obsolete Medical Device(s) for Contract Manufacturers Records and Data - Quality, Legal and Other Evidence 6
L Medical device registration in Iran Other Medical Device Regulations World-Wide 0
H EU CE marking for Medical Device Class I EU Medical Device Regulations 0
A Medical Device Contract Manufacturer - Does the CM need to register with FDA? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
R Compatibility studies - Medicinal Product and Medical Device Other ISO and International Standards and European Regulations 0
K CE Marking Class 1 (Non sterile) medical device CE Marking (Conformité Européene) / CB Scheme 3
J Medical Device Regulations in Lebanon? Other Medical Device Regulations World-Wide 2
J Calibration cycle for monitoring & measuring tools used in medical device manufacturing General Measurement Device and Calibration Topics 5
S Medical Device MRI Compatibility EU Medical Device Regulations 3
A ISO 13485 for Class 1 Medical Device ISO 13485:2016 - Medical Device Quality Management Systems 7
R Components to a finished medical device, MDR requirements Other US Medical Device Regulations 1
J Warnings/Cautions in Medical Device IFU Medical Device and FDA Regulations and Standards News 4
L Medical device HIPAA compliance in encryption Medical Information Technology, Medical Software and Health Informatics 1
M V&V phase: Justification of acceptance criteria (statistical method ) - (Medical Device) Design and Development of Products and Processes 2
E Medical Device - CE marking - Local market notifications EU Medical Device Regulations 1
S Medical Device Registration in Qatar Other Medical Device Regulations World-Wide 1
M Medical device substance based-leachables Other Medical Device Related Standards 2
P Anyone have an Idea on UAE Medical device registeration- Class B with FDA only Other Medical Device Regulations World-Wide 0
F Mobile app regulations - Class II medical device 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
M What are the basics of Medical Device Single Audit Program (MDSAP)? ISO 13485:2016 - Medical Device Quality Management Systems 7
U Medical Device CE Marking - Using a disposable bearing CE Marking (Conformité Européene) / CB Scheme 3
L Medical Device Registration in Macau Other US Medical Device Regulations 1
A Medical Device Registration in the Dominican Republic Other Medical Device Regulations World-Wide 4
Aymaneh Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
T B2C Medical Device Shipping across the US Other Medical Device Related Standards 0
M Medical Device Registration In Malaysia Other Medical Device Regulations World-Wide 2
N Adding unclassified product to the medical device registration US Food and Drug Administration (FDA) 1
V Sister companies selling same medical device under different names ISO 13485:2016 - Medical Device Quality Management Systems 3
K CE Marking for Class I Medical Device? CE Marking (Conformité Européene) / CB Scheme 7
L Medical device storage conditions ISO 13485:2016 - Medical Device Quality Management Systems 1
F USB powered handheld medical device - Isolation requirements IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
L How to determine / validate Medical Device Storage Conditions ISO 13485:2016 - Medical Device Quality Management Systems 1
P Best european location to set up for a virtual medical device manufacturer? EU Medical Device Regulations 4

Similar threads

Top Bottom