FDA Medical Devices' Ruling to Impact SMBs' IT Compliance
Any business that deals with medical devices at any phase of the supply chain will need to prepare to comply with a new rule published in the Federal Register on July 10th. Full IT compliance may involve the use of heightened IT services, particularly for small and medium-sized businesses that may not be well staffed at present to deal with the requirements of the new mandate.
First proposed by the Food and Drug Administration (FDA), the rule is intended to help protect the public against counterfeit medical devices since these can sometimes be of a low quality or fail to meet specifications vital for the health and safety of the ultimate end-user: the patient. The rule would require that such devices be tracked through a database to be administered by the FDA.
According to Jay Crowley, who serves the FDA as a senior advisor on patient safety, each device will need to carry upon it a UDI, or unique device identifier. Crowley explains further: "The UDI database will capture static information about devices, for example, manufacturer, make, model and some other identifying attributes. The database will not collect serial numbers or any patient information. Specific information like that would be collected in a patient's own e-health record."
Small and medium-sized businesses dealing with medical devices will need to be prepared to furnish data to the FDA in two separate forms: in a version that uses plain text only and in a form that incorporates some type of technology for capturing data automatically, allowing for the quick identification of any device. A bar code system, for example, would satisfy the latter criterion. In outward appearance, a UDI would resemble a label and would have to contain certain types of information including product name, manufacturer name, an expiration date, and numbers to identify the device's lot during the manufacturing process.
SMBs who want to ensure that they have proper IT governance and compliance framework in place, should consider adopting a managed programs approach. Retail businesses, for example, may already have a bar code reading system in place, but some kinds of SMBs will be new to the idea of automatic capture and may need assistance in setting up and maintaining a system that will allow them to comply without greatly increasing their cost factors.
Under a managed programs approach, an experienced IT consultant seasoned in IT governance and IT compliance, such as those at iCorps Technologies, visits the premises on a scheduled basis to provide on-site support coupled with remote monitoring services to ensure that you are meeting federal regulations and rulings.