Overview of Medical Device

Post-Market Surveillance

Medical device post-market surveillance (PMS) is more than a regulatory requirement, it’s good
business practice. It helps the manufacturer understand the performance of the device once
placed on the market and provides continuous feedback that enables manufacturers to maintain
a high standard of product quality and consumer satisfaction. It also minimizes exposure arising
from incidents through effective warning and product recall processes and procedures. In this
article, we address the importance of implementing and maintaining a medical device post-
market surveillance system.

PMS was discussed by the former Global Harmonization Task Force (GHTF), and the GHTF
founding members published a review1 on the definitions and requirements in their jurisdictions.
The concept was assessed from the perspective of market surveillance by authorities and market
surveillance by manufacturers.

There is no definition of PMS in the European Medical Devices Directive (nor AIMDD and IVDD).
However, the Medical Device Regulations 2017/745 (MDR) and In Vitro Diagnostic Regulations
2017/746 (IVDR) defines PMS as all activities carried out by manufacturers in cooperation with
other economic operators to institute and maintain a systematic procedure to proactively collect
and review experience gained from devices they place on the market, make available on the
market, or put into service for the purpose of identifying any need to immediately apply any
necessary corrective or preventive actions.2

The term PMS in the US is very explicit and grants the US FDA the authority to require
manufacturers to perform studies of high-risk medical devices that have been granted 510(k)
clearance or PMA approval. The FDA introduced recent initiatives that have similar objectives
to collect and review data on medical devices: TPLC (Total Product Life Cycle) and IDEAL (Idea
Development, Exploration, Assessment, and Long-Term Study). In fact, TPLC is a pivotal aspect of
the FDA CDRH Vision and Mission.

The concept of PMS is not only embraced by the European Directives and newly published
Regulations but also by the ISO Quality Management and Risk Management Standards and
US FDA Quality System Regulation. All conformity assessment procedures (as well as medical
device quality systems) require the manufacturer to maintain a PMS system regardless of the
classification of the medical device.

What is Post-Market Surveillance vs. Vigilance?

Post-market surveillance activities can be divided in two categories:
1. Proactive – Customer surveys, PMCF Studies, etc.

2. Reactive – Vigilance, NCMRs, etc.

Many use PMS and vigilance interchangeably, but the scope of each differs. Vigilance is just one
aspect of PMS. It refers to incidents and FSCAs/Recalls, which can occur with medical devices
and in-vitro diagnostic medical devices when they do not perform as intended, in the worst case
leading to injury or death. Regulatory bodies often require timely, coordinated action and provision
of information from the manufacturer in relation to incidents and FSCAs/Recalls that are related to
the device. The purpose of medical device vigilance is to protect the health and safety of persons,
evaluate incidents to prevent recurrence, determine the effectiveness of corrective actions and
preventive actions, and monitor and learn from experience. For the purposes of this paper, we will
focus on PMS as a collection of activities that includes vigilance.

Page 1 of 6
 What Does a Post-Market
Surveillance System Do?

A PMS system should allow a manufacturer (through the company’s procedures) to collect,
review, and assess all information about the device, and related competitors’ devices, once the
device is on the market. The European Forum of Notified Bodies Medical Devices (NB-MED)
produced a guidance (NB-MED/2.12/Rec1)on PMS and outlined the possible achievements of
such a system, including:
• Detection of manufacturing problems;

• Improvement of medical device quality;

• Verification of risk analysis;

• Intelligence of long-term performance;

• Intelligence of chronic complications; performance trends;

• Intelligence of performance in different user populations and mechanisms the device may be misused;

• Feedback on indications for use, instructions for use;

• Feedback on training required for users;

• Feedback on use with other devices;

• Feedback on customer satisfaction and market performance and sustainability;

• And identification of incident reports (and field safety corrective action reports).

The guidance uses this example to illuminate the benefits of a PMS to the user and
the manufacturer:

A manufacturer of intraocular lenses collected numerous complaints from users about broken
lenses. The manufacturer assessed the complaints and deemed them statistically significant. After
investigation, it was deduced that the cases in which the lenses were transported were placing
increased pressure on the lenses resulting in breakage. The specifications were adjusted, and the
situation corrected, “thereby reducing breakage, increasing user satisfaction and reducing costs.”

As such, a well-established PMS system helps protect the user from risk, but it also benefits the
manufacturer by monitoring product performance and identifying areas to improve quality and
reduce costs.

Page 2 of 6
 PMS Systems and Risk Management

EN ISO 14971:2012 defines risk as the “combination of the probability of occurrence of harm and
the severity of that harm.” Risk management for medical devices is “the systematic application of
management policies, procedures, and practices, to the tasks of analyzing, evaluating, controlling and
monitoring risk.” Clause 7 under Product Realization of ISO 13485:2016 makes reference to ISO 14971
to use as guidance for medical device risk management.
It’s important to note that severity is a key component of risk management. Many people assume that
risk is purely a percentage, but the formula is more complex. For example, if 1 of every 1,000 people
dies due to a faulty pacemaker, that’s a more severe “risk” compared to 1 of every 300 who might suffer
minor burns due to poor design of an electrical component of a medical device.

Risk Assessment
The first step in implementing an effective medical device risk management process is to perform a
full risk assessment. This consists of two parts: risk analysis and risk evaluation. It should be noted that
this applies to all phases of the device lifecycle, including planning and product realization, design
and development, purchasing, service, and change control. And, there are several types of hazards
that need to be evaluated, including energy, biological, environmental, software, user error, labeling,
complexity of use, and functional failure hazards.
The first step in identifying hazards is to analyze your device for characteristics that could affect safety.
Once you have identified the device characteristics, the initial medical device risk assessment can
begin. This includes identification of risks/hazards known to the device, risks/hazard evaluation and, if
required, mitigation taken to reduce the risk/hazard to an acceptable level.

Remember that any mitigation taken needs to be re-evaluated to ensure that it has
reduced the risk/hazard, and that it has not created any new risks. (Annex B, C and D of
ISO 14971 includes many good examples of possible medical device hazards.)

After you have performed a comprehensive medical device risk assessment/evaluation and made
internal decisions concerning the acceptability of those risks, you must now create a plan for
monitoring and controlling the identified risks.

Monitor and Control

Monitoring risk is an important part of the risk management process. However, product risks can never
be completely eliminated, so companies need to continually monitor feedback through post-market
surveillance to maintain risk at an acceptable level. In Europe, for example, one of the key requirements
of ISO 14971 is to manage the risk of the product throughout its entire lifecycle. Your risk management
procedure should be directly linked to your PMS procedure and the requirement of the European
Medical Device Directive (93/42/EEC).
Post-market surveillance of medical devices should include:
• Determine if changes must be made to the original medical device risk assessment;
• A systematic process to evaluate a product (not just customer complaints);
• Inclusion of objective evidence in the risk management file;
• Evaluation of any new hazards;
• Determining whether there have been changes in the acceptability of risks as originally defined;
• Inclusion of feedback and revisions of risk assessment/management as required.

Page 3 of 6
 PMS Data: Sources and Procedures

PMS data is any information obtained about the device once it hits the market, including literature
reviews, post market clinical follow-up studies, patient registries, customer complaints, customer
surveys, expert user groups, user reaction during training programs, media, trade shows, maintenance/
service reports, field evaluation, retrieval studies on explants or trade-ins, in-house testing, and failure
analysis. This is not an exhaustive list of PMS data, and not all sources may be considered appropriate
for the particular medical device. Also, if the manufacturer produces more than one device, this should
be considered. Don’t forget to perform similar activities for a competitor’s devices and to review
regulatory authorities’ databases on incidents.

Data Collection Procedures

Medical device companies must ensure they have procedures in place to capture customer feedback.
Procedures that cover the collection of medical device post-market surveillance data can include, but
are not limited to, customer concerns and complaints, control of non-conforming material/products,
corrective and preventive actions, post-market surveillance, servicing, or customer surveys, etc.

It is important to ensure all applicable departments and personnel in your organization, such as
customer service representatives, sales representatives, distributors, and others who may be involved
in the collection of this data, are properly trained to ensure all information is documented.

Page 4 of 6
 PMS Data: Sources and Procedures

Data Review and Analysis Procedures

More importantly, you need to trend and review data on a periodic basis. At the very least, this should
be done annually at a formal management review meeting (required by FDA and ISO 13485). However,
to have a truly effective program, this should be performed more frequently (monthly, quarterly, etc.),
depending on the quantity and type of feedback being received.

Complaints and feedback should be evaluated to determine if further action is necessary, such as
vigilance reporting. Vigilance cases can be a source of information about a manufacturring problem.
It can also be used to evaluate the design of the device. Trending of vigilance cases may help in
evaluating if the risks of the device are still acceptable compared to the clinical benefits. You may also
determine whether corrective and preventive action (CAPA) is necessary to fix the problem, through
product design or manufacturing changes, product labeling, and/or training, etc.

Further, the collected data should feed into documents such as the Risk Management File and Clinical
Evaluation Report (CER). New data may identify additional risks that were not previously documented,
as well as demonstrate whether the risks are within the acceptable range. The CER is used to assess
and analyze clinical data pertaining to a medical device in order to verify the clinical safety and
performance of the device. The state-of-the-art concept introduced in the Essential Requirements
requires periodic updates to these documents as medical device technology is not stagnant.

Procedures that explain how the data is collected and analyzed often include measurement and
analysis, management review meetings, clinical evaluation reports, risk management, etc. These
explain how the feedback (gathered from the above procedures) is analyzed and evaluated, identify
the frequency for evaluation and reporting, and describe how this post-market surveillance data is
used to re-evaluate the risk of the medical device.

One important thing to remember: you need to show proof in the form of
documentation and audit trail that medical device post-market surveillance is being
performed and data is feeding into the other systems.

PMS Under the MDR/IVDR

The MDR and IVDR highlight the importance of PMS by outlining how the gathered data will be used:
• Update the benefit/risk determination and improve risk management
• Update the design and manufacturing information – including the IFU and labeling
• Update the performance evaluation/clinical evaluation
• Update the summary of safety and clinical performance
• To identify the need for preventive, corrective or field safety corrective action
• To identify options to improve the usability, performance and safety of the device,
• To contribute to the PMS of other devices

• To detect and report trends

A PMS plan and report is required under the MDR/IVDR.3 All device manufacturers will be required to
maintain a PMS system, which is based on their PMS plan. Depending on the device classification, the
manufacturer will be required to either create a Post-Market Surveillance Report or Periodic Safety
Update Report (PSUR).

Page 5 of 6
 To Learn More...

Conclusion
In summary, PMS is not a one-time project. It is an ongoing process of review and risk assessment
throughout the life of the device. Manufacturers that take the process seriously will reap the
rewards of fewer defects, increased user safety and, in some cases, reduced risk of litigation.
PMS and vigilance (alert watchfulness) are key tools in this process.

Manufacturers should understand that a PMS system is a regulatory requirement. This system
should have reactive and proactive elements, and compliance should be demonstrated and
documented. PMS data is so integral to a manufacturer’s success that the procedures should
similarly reflect the manufacturer’s commitment to collecting and reviewing this information.

Learn more about PMS changes in MDR 2017/745

If you enjoyed this white paper, we know you will like this white paper outlining the
new European Medical Device Regulations 2017/745 (MDR). We discuss the changes
in depth and how they will impact medical device companies, Notified Bodies, and
other aligned with the industry.

DOWNLOAD PDF

Need help with European compliance?

Emergo helps medical device companies comply with European regulations and
export to new medical device markets worldwide.
• MDR 2017/745 transition consulting and gap assessment
• ISO 13485 implementation and audits
• European device classification and regulatory strategy

LEARN MORE

About the Author

Elizabeth Pugh is a Regulatory Affairs Consultant at Emergo.
She has over 15 years of experience with regulatory affairs in the
medical devices industry, and previously held positions at Stryker,
FoxHollow Technologies, and DJO Surgical. Her areas of expertise
include CE Marking compliance, post-market surveillance, and global
vigilance reporting.

References:

1 GHTF SG2/N47R4:2005 Review of Current Requirements on Post-market Surveillance.

2 MDR Chapter 1, Article 2 (60); IVDR Chapter 1, Article 2 (63)
3 MDR Chapter VII Section 1/IVDR Chapter VII Section 1

Page 6 of 6