Pulse of the industry 2016
Taking a risk-based approach to EU MDR compliance
Lucien De Busscher
Partner, EY, Belgium
Executive Director, EY, UK
After four years of negotiation, the European Parliament has published the text of its EU Medical Device Regulation (MDR), setting the stage for sweeping changes across the medical device value chain.
As expected, medtechs will bear the brunt of the costs of complying with the new regulation. To reduce the costs — and execution hazards — associated with implementation, we recommend companies take a risk-based approach to compliance that involves a detailed assessment of the revenue impact, as well as the cost and complexity of remediation. By outlining a thoughtful, well-ordered approach now, medtechs can protect valuable and future revenues while making upgrades to critical business functions.
Resistance is futile
Spurred by safety concerns associated with breast implants and metal-on-metal hip replacements, the regulations come at a time when the medtech industry is under pressure: industry revenues are contracting, competitors from outside medtech are redefining innovation, and maintaining market share requires investment in new capabilities such as data analytics.
But resistance to MDR isn’t really a viable choice. Once the legislation is adopted, an event expected to occur by early 2017, medtechs will have three years to amend a range of activities spanning clinical trials, quality management and commercial activities such as product labeling and design. Products that fail to conform with all aspects of the regulation will lose their CE markings — and thus, the authorizations required to market them.
Simply put, complying with MDR is another stressor for medtechs at an already challenging time, potentially affecting both top- and bottom-line growth. Faced with needing to make significant investments in quality and data management in order to keep products on the market in Europe, some companies may have to forego strategic initiatives such as business development or R&D.
It’s difficult to estimate just how great the costs associated with MDR implementation will actually be. Medtechs will need to invest in upgrades to individual devices as well as broader business practices. It’s clear that regulators will scrutinize the sophisticated so-called Class III devices — for instance, heart valves and joint implants — more closely than simple Class I instruments such as sutures.
Added requirements mandating companies collect clinical data to support product performance, meantime, may necessitate improvements to — or the additional development of — quality management processes across the business.
Thus, just how much medtechs will have to spend to make sure their devices comply with the new regulation will depend on the overall product portfolio mix and the amount of remediation required at both a product and a systems level.
Developing a risk-based agenda
To develop a risk-based MDR agenda, medtechs must examine potential threats associated with three business areas:
- Revenue impact
- Cost of remediation
- Implementation complexity
As a first step, medtechs must identify which devices will be most affected by the new compliance regulations to predict the revenue impact. Second, companies must not only outline the remediation steps required to comply with the new legislation, but estimate the costs associated with these changes.
Third, medtechs should outline how to sequence the required changes to identify any potential capability challenges. Only after completing these three levels of analysis can companies begin to understand the trade-offs associated with retiring or replacing devices versus remediating them.
The uncomfortable truth is that the expenditures associated with MDR compliance could easily amount to hundreds of millions of dollars. Because of these costs, device developers will need to make hard choices about which areas of their business to remediate first. Some may decide the costs of remediation exceed the business opportunity, choosing to sell or close down certain product lines.
Since the changes required by the legislation are interdependent, a cross-functional approach is a must. Although clinical remediation work will take the longest to implement, companies should also be prepared to allocate significant time for labeling changes, since creating accurate translations in 28 languages is a bottleneck. The elephant in the room is whether medtechs have robust enough data management systems. Complying with MDR requires seamlessly moving information between functional groups, such as supply chain and commercial.
Unfortunately, much of this information is siloed, warehoused in databases that are incompatible, making the material difficult — and more expensive — to share.
A safer world
Viewing the new regulation as an onerous, costly and distracting business threat is an oversimplification. The legislation presents companies with an opportunity to build trust with patient, payer and provider stakeholders.
Also, while medtechs will bear much of the up-front costs of compliance, the investment in transparent clinical processes, product traceability and quality management systems will bolster companies’ reputations, potentially facilitating the market uptake of future innovations.
Those long-standing gains must be appropriately weighed against the short-term pains of compliance. It’s time for senior management teams to roll up their sleeves and begin the hard work of implementation.
Let the transition to MDR begin.