In 2007, the US Congress passed legislation directing the Food and Drug Administration (FDA) to develop regulations establishing a unique device identification (UDI) system for medical devices. A similar system for drugs intended for human use, the National Drug Code (NDC), was implemented back in 1972. Europe and other regions have comparable legislation in the works. In April 2013, the International Medical Device Regulators Forum (IMDRF) UDI Working Group released a framework for regulatory authorities that intend to develop their own UDI systems.
A globally consistent system will benefit public health by providing global visibility to a medical device’s unique identification and will improve patient safety through higher quality information used in post-market surveillance and in medical device reporting, including adverse events. This will enable manufacturers and regulators to identify product problems more quickly and target field actions more precisely. The systems should also reduce medical errors and provide a foundation for a global, secure distribution chain, helping to reduce counterfeiting and product diversion.
The system can also help purchasers identify, order and receive the correct device. It can create supply chain efficiencies for manufacturers through increased visibility of products across manufacturing and logistics.
Not Just a Label Change
Implementation of UDI will require more than just changes to product package labels. A host of product information, some of which may not be easily accessible from existing databases, must be submitted and kept up to date in a global UDI Database (UDID) in order to obtain and maintain market access for new and existing products. Certain products (implantables, devices intended to be sterilized before each use, and stand-alone software) will likely be required to be directly marked with UDI codes.
That’s not all. Business processes and standard operating procedures will need to be modified to aggregate the required UDI data attributes. New or modified business roles and governance will need to be put in place to manage the UDI system and data. And all of this will have to be done in a GMP compliant manner.
Think you’re ready? If so, you’d better have answers for all of the following questions.
1. Do you fully understand the proposed rules?
There are three core components to UDI compliance:
i) Labeling and Packaging
ii) Submission of UDI data to a FDA GUDID
iii) Direct Part Marking
Product package labels will include a unique numeric or alphanumeric code that includes a device identifier (DI) — which is specific to a device model — and a production identifier (PI), which includes the current production information for that specific device, such as the lot or batch number, the serial number and/or expiration date. Together, the DI and PI make up the ‘UDI’. These codes must be printed on the label in both human-readable and machine-readable formats.
In the US, the FDA has proposed a risk-based implementation timetable that will stagger the timeline for compliance in the three core areas over a seven-year period, with higher risk devices (class III and implantables) given the earliest implementation dates, followed by class II and class I devices.
A European timeline is expected to be published in 2014 with a similar risk-based phase over a three-year period. Through alignment in the IMDRF, the European regulation is expected to be largely in line with the US regulation.
There are 12 to 15 data elements associated with each medical device model that will need to be submitted to the FDA’s GUDID, representing as many as 60 individual data fields. Companies with existing master product data may have a head start on collecting the required UDI data, but data are still likely to come from a variety of internal sources. Some attributes may not currently be stored in any existing system and will have to be created from scratch.
Publishing the data to global UDID databases is anticipated to be accomplished using Structured Product Labeling (SPL), which is the HL7-approved XML standard used to define the content of human prescription drug labeling.
2. Is your organization committed and aligned?
Like all major change initiatives, UDI needs clear ownership and active sponsorshipnto be successful. Executive-level sponsorship and governance will likely be required from the following areas:
- Regulatory Affairs
- Supply Chain and Operations
- Information Technology
- Product Development / R&D
- Quality Assurance and Compliance
Sponsors should be aligned on the program intent and scope, implementation timing and approach, technical solution, and business process and organizational recommendations. Funding must be secured to complete the project to ensure compliance.
A cross-functional project team that cuts across business operating units should be put in place, supported by engaged subject matter experts from key functional areas and operating companies.
3. Do you really know where your product and regulatory data are?
UDI compliance will require collection and aggregation of data that are typically stored in multiple systems and formats. Even companies who feel they have their product master data in one place may find that many required UDI fields are not contained in these systems.
To assess the effort required to collect UDI data, you should:
- Assess your product portfolio: determine the profile of your product volume vs. timing of UDI implementation (quantity, device class, implantables etc.)
- Identify internal vs. external products: product labels and certain data attributes may not be as readily available for externally manufactured/labeled products
- Map your data sources: identify sources and owners for all UDI data fields, by operating unit, across three categories of data — regulatory, product and labeling
4. Do you understand the full impact of UDI on your operations?
UDI compliance will affect many areas of company operations beyond the processes used to create and manage the data in the UDI data repository, including the following:
- Device identifier and barcoding standards
- Labels and labeling systems
- Technology options and process to identify exemptions for direct part marking
- Processes and procedures within quality systems
5. Is your IT infrastructure extensible to meet future UDI requirements?
All new regulatory paradigms evolve over time. UDI requirements will remain fluid for the foreseeable future as additional countries adopt their own and interpret existing rules.
In this environment, companies should take steps to plan their UDI technology platform with extensibility to handle future requirements and enhancements in mind. Flexibility should be a primary consideration when evaluating options for the future application architecture. Dependencies with other major technology-enabled change initiatives should be considered, but resist the temptation to fold in UDI as ‘just one more module’ of another larger program.
6. Are you thinking beyond the immediate horizon?
FDA regulations for UDI are expected to be finalized first but the European regulations are expected to follow soon. Medical device manufacturers should stay abreast of international regulatory developments to maintain alignment between their UDI initiatives in Europe and the US and future requirements in other countries (notably Japan, Brazil and China).
Many companies may consider UDI to be a compliance initiative only. Clearly compliance and patient safety will be the short-term drivers. But longer-term strategic thinkers will appreciate the innovation opportunities that UDI will enable in the future. Supply chain efficiency and security, product traceability, post-market surveillance, internal regulatory operations — all these areas could ultimately be transformed by the capabilities a UDI system will offer.
The Bottom Line: Get Started Now
UDI will soon be a reality in the US and Europe. Companies should not wait for final rulings before mobilizing UDI efforts. The clock is already ticking… it’s time to get started.
Wait! Before you go…
Choose how you want the latest innovation content delivered to you:
- Daily — RSS Feed — Email — Twitter — Facebook — Linkedin Today
- Weekly — Email Newsletter — Free Magazine — Linkedin Group
Cathi Crist is a Partner at Kalypso and has over 20 years of engineering, product development, operations management and consulting experience across multiple industries with an emphasis in life sciences.
Scott Gibbard is a Senior Manager at Kalypso and has over 20 years of experience in engineering, product development, strategic planning, performance management and change management in biopharma and other science-driven industries. He holds an MBA from Cornell University, a Master of Applied Science from the University of Toronto Institute for Aerospace Studies (UTIAS) and a Bachelor of Applied Science in Engineering Science from the University of Toronto.