Featured Product
This Week in Quality Digest Live
FDA Compliance Features
Matthew M. Lowe
Don’t wait until something bad happens to make a change
Kari Miller
A lack of integration hampers quality compliance across a product’s life cycle
Etienne Nichols
A well-defined CAPA program is a framework for quality and effectiveness
Grant Ramaley
IAF CertSearch now mandatory for accredited certification bodies
Etienne Nichols
What’s the difference?

More Features

FDA Compliance News
Creates one of the most comprehensive regulatory SaaS platforms for the industry
Company’s first funding round will be used to accelerate product development for its QMS and MES SaaS offerings
Showcasing tech, solutions, and services at Gulfood Manufacturing 2022
Easy, reliable leak testing with methylene blue
Now is not the time to skip critical factory audits and supply chain assessments
Google Docs collaboration, more efficient management of quality deviations
Delivers time, cost, and efficiency savings while streamlining compliance activity
First trial module of learning tool focuses on ISO 9001 and is available now
Free education source for global medical device community

More News

Grant Ramaley

FDA Compliance

MDSAP’s Final Pilot Report: A Glass 10% Full

The program attempts to ensure absolute confidence in medical-device certification, but at too great a cost

Published: Wednesday, November 22, 2017 - 13:03

I have written previously about the Medical Device Single Audit Program (MDSAP) created by the International Medical Device Regulators Forum (IMDRF). MDSAP is viewed as a single audit covering the United States, Canada, Brazil, Australia, and Japan. The intent was to establish one medical-device certification that would be accepted by multiple countries. It is actually much bigger and deeper than that.

The pilot phase for the program began in January 2014 and finished in December 2016. A report on the outcome from the pilot program was recently published, including data on the number of manufacturers that have signed up through the end of June 2017. The report indicates a number of successes across many of its proof-of-concept requirements, but a key disappointment remains: Only 10 percent of 3,300 Canadian medical-device manufacturers that were solicited to participate actually signed up, even under some pressure from Health Canada’s announcement that MDSAP certification would be mandatory to sell medical devices in Canada by Feb. 1, 2019.

Auditing organizations (AOs)—the IMDRF name for what ISO/IEC call conformity assessment bodies (CABs)—must undergo a rigorous assessment process by the regulators. Indeed, it is so rigorous that only three AOs from among the 13 that applied were able to meet all the requirements for being an AO. By comparison, there are more than 2,000 accredited CABs worldwide providing audits to certify nearly 1.6 million manufacturers, including 30,000 of them to ISO 13485, according to the latest ISO Survey.

Ask any MDSAP auditor, and you will learn of the long journey that the auditor and his or her organization had before arriving at your door—that is, if you were one of those few medical-device manufacturers that hired them. Most medical-device manufacturers will never know about that journey, or the many parts of the MDSAP structure that auditors and AOs have to meet, but they will see it reflected in the cost of their MDSAP audit. AOs are not going to bear the cost of becoming a MDSAP AOs on their own; that cost is going to be passed along.

The report concludes that, as of Dec. 31, 2016, nearly all of the MDSAP proof-of-concept criteria were met. What is a bit alarming is how little was accomplished. As mentioned, only three AOs out of 13—BSI, TUV, and Intertek—are fully qualified to do MDSAP audits. At the end of August 2017, BSI reported having 184 companies signed up.

The cost to Canada

Here’s the problem: Currently, MDSAP is voluntary. You don’t have to do it; your company can stick with ISO 13485 or CMDCAS, for instance. But Canada is taking a different track. It is the only country that has said it will make MDSAP a mandatory condition for selling medical devices into Canada, after Jan. 1, 2019.

The biggest concern remains, why did only 10 percent of medical device companies sign up for MDSAP? Surely the Canadian Parliament hasn’t actually made this a regulatory requirement, but if it did, would that cause all 3,300 companies to sign up for MDSAP? If all 13 AOs could get qualified, would everyone sign up?

I don’t think so. Aside from being a more complex and lengthy audit, the overhead costs of MDSAP add even more expense. So what does the bottom line look like from the perspective of a small or micro-sized company?

One company with nine employees received a quote for a MDSAP audit that was $50,000. By comparison, $50,000 is more than double the cost of a full ISO 13485 certification for a company with 10 times as many employees. The company complained that its entire margin for all sales in Canada would be consumed by the cost of MDSAP. The concern over the return on investment threatens to drive many smaller companies, worldwide, out of the Canadian market. Health Canada still claims it will make MDSAP mandatory by January 2019. Which begs the question: Is it worth it?

According to USDOC and www.trade.gov statistics, Canada spends 1/20th as much on medical devices as the United States. The U.S. Food and Drug Administration (FDA) continues to retain MDSAP as a voluntary program. If companies do not use MDSAP, they get a free FDA inspection. Japan, Brazil, and Australia continue to hold off on making MDSAP mandatory as well. Are these other countries viewing the cost and low adoption rate as a concern to their own healthcare systems?

Considering that a small company gets FDA inspections for free and 20 times as many sales, the incentive to use MDSAP here in the United States doesn’t add up, and most companies probably won’t bother. But Canada, according to the USDOC, gets 45 percent of its medical devices from U.S. industry! If industry keeps MDSAP at arm’s length, and Canada mandates the standard, that could have enormous negative implications for Canada’s healthcare system, essentially blocking the availability of a majority of the world’s medical devices from the Canadian healthcare system.

Meanwhile, the rest of the world seems to be moving toward use of ISO/IEC-based accreditation for ISO 13485, without requiring MDSAP. But there is an even greater irony in the last MDSAP report: Canada relies entirely on ISO 13485 for its QMS requirements.

One odd surprise presented in the last MDSAP report is that Health Canada did not review the MDSAP audit reports, as it has no requirements aside from ISO 13485 certification. So the question arises, why is Health Canada using MDSAP at all?

Health Canada currently uses CMDCAS, supported by its national accreditation body, the Standards Council of Canada (SCC). Moreover, SCC is a member of the International Accreditation Forum, which backs the credibility of 29,617 ISO 13485 certificates worldwide (based on data from ISO Survey 2016). It appears that the only country that plans to make MDSAP mandatory is actually the country that needs it the least.

Moreover, if Health Canada decided to use the international accreditation system recognized for ISO 13485, to which SCC belongs, Canada could have access to nearly 10 times as many medical-device manufacturers worldwide than it has now under CMDCAS. And that’s 100 times more than have signed up for MDSAP.

The goal of MDSAP is to provide one audit that every regulator can trust. That is important indeed. However, it can also be argued that allowing doctors and dentists a wider range of medical devices does much more for the healthcare system. Blocking out so many healthcare products in the name of “public health protection” really doesn’t seem to make a lot of sense unless it can sustain access to medical devices the healthcare system so badly needs. In fact, the FDA has 32,000 manufacturers selling into the U.S. market, with no plans to make MDSAP mandatory. Why is that?

The World Health Organization and many other regulators know we need to have a good balance between access to devices and reasonable protections. That means keeping the regulations in balance with the financial capacities of small and micro-sized companies. These companies are also among our most important innovators. According to a FDA report, 50 percent of new 510(k) applications come from small medical-device firms. They are indeed a very powerful engine of innovating healthcare. Charging them two or three times as much as they would pay for an ISO 13485 audit, for countries that give a 1/20th the return on their investment—how can that really fill Canada’s more critical healthcare needs?

MDSAP is an attempt to ensure the highest degree of confidence in certification, but at the greatest costs we have ever seen. With 90 percent of CMDCAS-certified medical device manufactures refusing to sign up, will the Canadian healthcare system end up 90-percent empty, or 10-percent full?

Discuss

About The Author

Grant Ramaley’s picture

Grant Ramaley

Grant Ramaley is the director of regulatory affairs for Aseptico Inc., a manufacturer and marketer of dental support equipment in the United States and Canada since 1975.  Ramaley also is co-chairman of the Regulatory Affairs and Standards Committee for the Dental Trade Alliance, Convener for the ISO 13485 Medical Device Working Group at the International Accreditation Forum, and Technical Committee Advisor to the Global Harmonization Working Party.

Comments

MDSAP program

We were in the MDSAP pilot program from the start and were excited.

This year we got a quote from BSI for MDSAP audit of our 25 person company, 

Double the cost and more than twice as long auditing days compared to 13485 - MDSAP initial audit - 7 audit days, surveillance 5.5 days.

In contrast, the avoided FDA and TGA are only every 3-4 years.

Additionally, having a diversity of auditors at different times I find adds value in giving different perspectives and experience to our QMS.

We have notified Canada Health we will not undergo MDSAP and will discontinue our License and indeed we have removed CMDCAS from next ISO13485 audit.

Unless MDSAP is rationalised, it will increase costs of devices and stifle smaller innovative companies. 

MDSAP

Can't speak for everyone, but my company of 45 FTE received a quote from one of the MDSAP organizations approved to do audits for $36,000. We were able to certify to ISO 13485:2016 and MDSAP in 6 months.