Device Companies Struggle With Electronic Record, CSV Challenges

The FDA's steady drumbeat of warning letters and other enforcement activity against medical device manufacturers is due in part to an industry failure to adequately address edata and computer system validation (CSV) compliance, Brooks Software experts said at a recent audioconference.

The trend line for medical device recalls is generally rising, noted Brooks' life science software expert Milan Bhalala. He cited FDA data showing 480 total device recalls in 2002, climbing to 608 in 2003, 638 in 2004 and dropping somewhat to 533 in 2005. In addition, the total number of medical device reports has shown a steady climb to more than 160,000 in 2004 from about 90,000 in 2000, he noted.

While the number of device warning letters issued by the FDA's Center for Devices and Radiological Health (CDRH) fell from 173 in 2004 to 132 in 2005, the agency maintained its focus on quality control procedures, equipment maintenance, device history records, and corrective and preventative action (CAPA), Bhalala noted.

"There has been increasing focus from the FDA on transparency, reporting and risk mitigation," Bhalala said.

But medical device firms face a number of challenges when working to improve their access to einformation. For example, gathering analytical information means logging into and understanding different software applications and databases. Also, generating reports that include edata from multiple sources is not easy, and different systems may provide different results for the same metric.

Medical device firms are also struggling with edata security and access controls issues, he said. Challenges there include:

Providing controlled access to information; Adequately auditing and monitoring user interactions; Juggling sometimes different credentials and security protocols among various software applications; and Managing role-based einformation access across the computer system.

Improve the Vision

Unfortunately, too many device firms place "myopic attention on solving tactical challenges" without considering the bigger compliance picture, said Brooks Software life science software expert Zak Merzouki. "Their decisions on IT projects are generally based on reactions to events such as warning letters, and this creates substantial long-term headaches."

Part of the problem is that many device firms view FDA compliance as a one-off project instead of providing it with the "constant attention" it requires, he added.

It doesn't help that different disciplines within a device firm tend to approach compliance from their own viewpoint. "Divisional executives, such as quality, manufacturing, R&D and regulatory affairs, are generally driven to purchasing niche applications [merely] to address tactical challenges," Merzouki said.

The problem, among others, is that these niche applications often don't meet long-term compliance requirements. They may not "extend to support inevitable refinements," he added.

Bhalala and Merzouki advocated a new approach to compliance challenges called services-oriented architecture (SOA). In essence, SOA is a new technology that enhances business processes with transactional transparency, which serves as a "fundamental response to FDA regulatory requirements" including Part 11, Merzouki said.

SOA is a global computing model that eliminates interoperability limitations. It offers a software architecture that defines the use of "services" to better support software users.

A service is defined as "what is rendered" by a provider to a consumer in the form of messages and implementation code. For example, using SOA to deconstruct an electronic data health record (eDHR) report means pulling out its fundamental parts to yield a set of services, among them:

A presentation service to deliver the web pages; A search service to find the appropriate device; All the compliance and manufacturing services required to make up the eDHR report; and A print service allowing the user to print out a snapshot of the report in a PDF or paper format.

SOA works behind the scenes and is not visible to the user, Bhalala said. It is designed to enable businesses to respond more quickly and cost effectively to changing conditions by promoting reuse of existing software applications, interoperability using standard XML messaging and platform independence. -- Michael Causey