MDR reporting and CAPA thoughts? Classifying Complaints on Risk

Jkc3usc12

Involved In Discussions
System I am working with is classifying complaints on risk. If it is high risk and determine to report a CAPA is automatically initiated.

If a medwatch is received a 3500a is filled out no matter and again a CAPA is initiated.

MDR Reporting and CAPA have always been separate decisions for me in the past. I understand they can tie in together just not every time. Also reporting any medwatch received I have never done.

Thoughts?

Thanks
 
Last edited:

Marcelo

Inactive Registered Visitor
Usually, reportability is not directly related to risk classification (as it was done before by the regulator), it's simply a decision - does the event fits the criteria? If so, it's reportable, if not, it's not reportable.

As you mention CAPA (which is something that in practice do not exist, because you do not co CA PA or PA CA, you do either PA or correction, which may escalate to CA), maybe the problem is exactly in this distinction (which is a common problem in the US because people are really into the CAPA thing).

Normally, things would be like this:

- Event occurred.
- Is it reportable? If so, report.
- Is correction or any other immediate action necessary? If so, implement.
- What is the root cause of the event?
- Depending on the root cause, a CA may be necessary to prevent recurrence. It may be the case that a CA is not required.
 

Jkc3usc12

Involved In Discussions
A risk matrix for complaints is used to determine risk and which if coded high is reported. If reported a PA or CA is automatically initiated.

I feel the investigation of the root cause would be the determination of the PA or the CA if needed. Not just because it is high risk.

Also your thoughts on receiving a medwatch and automatically initiating a 3500 and another PA or CA.
 

Marcelo

Inactive Registered Visitor
A risk matrix for complaints is used to determine risk and which if coded high is reported. If reported a PA or CA is automatically initiated.

A report has to be submitted (I'm using a manufacturer as an example) when the manufacturer "they learn that any of their devices may have caused or contributed to a death or serious injury. Manufacturers must also report to the FDA when they become aware that their device has malfunctioned and would be likely to cause or contribute to a death or serious injury if the malfunction were to recur."

This has nothing to do with risk classification or analysis. It's either fir the trigger or not.

I feel the investigation of the root cause would be the determination of the PA or the CA if needed. Not just because it is high risk.

If the event already occurred, there can be no PA, as PA if before something happen. The investigation of the root cause (after any correction or other immediate action) would then be used to determine if a CA is required.
 

Jkc3usc12

Involved In Discussions
I agree with you. The risk assessment is to help determine a potentially reportable incident. I just having a hard time saying that every reportable event leads to the capa process and also determining to report is based solely off the risk matrix. Not actually what happened.

I also have a hard time reporting when any medwatch is received which also then goes through the capa process.

I am in the process of trying to steer this away from the direction they are in.

Just seeing if my thoughts are off base?
 

Marcelo

Inactive Registered Visitor
I agree with you. The risk assessment is to help determine a potentially reportable incident. I just having a hard time saying that every reportable event leads to the capa process and also determining to report is based solely off the risk matrix. Not actually what happened.

I also have a hard time reporting when any medwatch is received which also then goes through the capa process.

I am in the process of trying to steer this away from the direction they are in.

Just seeing if my thoughts are off base?

I think you are in the right path.

As I mention before, the problem seems to be in the concept of CAPA. A lot of people thinks that a CA is always required when a problem is found, which is not true. ISO 13485 makes it more clear, because the text in the CFR is misleading.

An correction or other immediate action is required after an NC is detected (see 8.3.2 of ISO 13485).

After that, you need to evaluate the root cause of the NC/complaint (8.5.2 b) of ISO 13485).

Then you need to device if there's a need to escalate to a CA or not (8.5.2 c) of ISO 13485).
 

Jkc3usc12

Involved In Discussions
Yes those steps make sense.

You agree that there can be MDR reporting without CA?

The view of risk dictates everything so one cant go without the other. high risk report and capa. Low risk nether.
 

Marcelo

Inactive Registered Visitor
You agree that there can be MDR reporting without CA?

Yes, it depends on the root cause analysis.

The view of risk dictates everything so one cant go without the other. high risk report and capa. Low risk nether.

This does not make any sense to me.
 

Jkc3usc12

Involved In Discussions
They view of risk dictates everything so one cant go without the other. high risk report and capa. Low risk nether.

So there is no possible MDR reporting without a CAPA being issued. Its ether both or nether. If the complaint is deemed high risk its reported and a capa.

Same thing with a medwatch received will automatically be reported and a CAPA issued.
 

Marcelo

Inactive Registered Visitor
They view of risk dictates everything so one cant go without the other. high risk report and capa. Low risk nether.

So there is no possible MDR reporting without a CAPA being issued. Its ether both or nether. If the complaint is deemed high risk its reported and a capa.

Same thing with a medwatch received will automatically be reported and a CAPA issued.

Yes, I understood what you said, but to do it this way does not make any sense.
 
Top Bottom