Navigating Regulatory Compliance and Risk Management at the MichBio MedTech Summit

Written By Richard Love

At this year’s MichBio MedTech Summit, the FDA Town Hall was a central session focused on medical device regulatory compliance, inspections, risk management, and recalls. Moderated by Nicole Hoppe, Vice President of Quality, Regulatory, and Clinical at Terumo Cardiovascular, the session featured insights from key FDA officials, including David Gasparovich, Sargum Morgan, and Cynthia Aycock from the Office of Medical Devices and Radiological Health Operations (OMDRHO). Here’s a summary of the critical discussions that took place during this informative session.

David Gasparovich: Inspections and Risk Management

David Gasparovich, an Inspection Investigator at the FDA, kicked off the session by providing insights into the FDA’s approach to medical device inspections. He emphasized the integral role of risk management throughout the lifecycle of a medical device. While risk analysis typically begins in the design phase, David highlighted that it must be updated continuously as new data is collected during production and post-market activities.

Key points from David's presentation include:

  • Risk-Based Inspections: David explained that FDA inspections are increasingly risk-based, with investigators focusing on areas that pose the greatest potential harm to patients. He discussed how risk management tools, such as Failure Mode and Effects Analysis (FMEA) and Fault Tree Analysis, help companies identify and mitigate risks. However, he cautioned that companies often miss risks related to normal use conditions or fail to update risk analyses as products evolve.

  • Common Inspection Findings: David noted that some of the most frequent inspection deficiencies include incomplete or inadequate risk analysis and failure to maintain updated risk documentation. He advised companies to incorporate real-time data from production and post-market surveillance to ensure that risk management remains proactive and comprehensive.

Sargum Morgan: Regulatory Compliance and FDA Classifications

Sargum Morgan, a Compliance Officer at the FDA, followed David’s presentation with a deep dive into regulatory compliance and how the FDA handles violations discovered during inspections. She explained the FDA’s inspection outcomes—No Action Indicated (NAI), Voluntary Action Indicated (VAI), and Official Action Indicated (OAI)—and how companies can avoid serious regulatory actions by proactively addressing inspection findings.

Key takeaways from Sargum's discussion include:

  • Compliance Strategies: Sargum stressed the importance of responding thoroughly and promptly to FDA Form 483 observations. She advised companies to document corrective actions clearly and provide timelines to demonstrate their commitment to addressing deficiencies. Proactive communication with the FDA can prevent escalation to a warning letter or more severe regulatory actions.

  • Pattern Recognition: The FDA also looks for patterns of non-compliance, such as repeated failures across multiple areas of the quality system, which can indicate deeper issues within the organization. Sargum emphasized that companies should regularly review their quality management systems and ensure all risk-based decisions are thoroughly documented.

Cynthia Aycock: Recall Management and the New Interactive Form

Cynthia Aycock, a Recall Coordinator at the FDA, focused her discussion on medical device recalls and the FDA’s efforts to streamline the recall process. Cynthia introduced the FDA’s new interactive 806 form, which is designed to make the submission of recall information more efficient for companies and reduce delays in processing.

Key insights from Cynthia's presentation include:

  • The Recall Process: Cynthia outlined the steps involved in initiating a medical device recall, emphasizing the need for a clear and effective recall strategy. She highlighted how the new 806 form can help companies provide all necessary recall information upfront, minimizing the need for back-and-forth communication with the FDA.

  • Effectiveness Checks: Companies should conduct thorough effectiveness checks during a recall to ensure that all impacted devices are removed from the market and that consignees understand the risks of continued use. Cynthia noted that recall documentation should include complaints and MDR (Medical Device Reporting) data to help the FDA evaluate the scope and risk of the recall.

  • Post-Recall Follow-Up: Cynthia also discussed the importance of post-recall follow-up, advising companies to work closely with the FDA to ensure that all corrective actions are complete before the recall can be officially closed.

Preparing for the QMSR Transition: Harmonization with ISO 13485

Moderating the session, Nicole Hoppe steered the conversation toward the upcoming transition to the Quality Management System Regulation (QMSR), which harmonizes the FDA’s current medical device regulations with ISO 13485, the international standard for medical device quality management.

David Gasparovich explained that the new QMSR framework places a stronger emphasis on risk management and makes compliance clearer than 21 CFR Part 820, where risk management guidance is often derived from the preamble. Nicole emphasized that companies should start aligning their internal audit programs and risk management processes with ISO 13485 well in advance of the February 2026 compliance deadline.

Key Audience Questions

During the Q&A session, attendees raised several important questions, which sparked further discussion:

  1. ISO 13485 and Supplier Qualification: One attendee asked about the new supplier qualification requirements in ISO 13485. David Gasparovich clarified that QMSR provides more explicit guidance on risk management, making it easier for companies to implement supplier qualification based on risk.

  2. Overthinking vs. Underthinking Risk: Another question focused on how companies can avoid both overthinking and underthinking risk. The panelists agreed that companies typically underthink risks by failing to account for normal use conditions or by not updating risk assessments based on real-world data.

  3. Advice for Startups: Startups developing risk management processes without much initial data were advised to use standards like ISO 14971 and gather data from competitor recalls and real-world product usage to inform their risk analyses.

Conclusion: Proactive Compliance and Risk Management

The FDA Town Hall at the MichBio MedTech Summit provided attendees with valuable insights into how to navigate the evolving regulatory landscape for medical devices. David Gasparovich’s discussion of inspections and risk management, Sargum Morgan’s guidance on regulatory compliance, and Cynthia Aycock’s focus on recalls offered a comprehensive look at how companies can maintain compliance while minimizing risk.

Moderated by Nicole Hoppe, the session emphasized the importance of proactive compliance, especially as the industry prepares for the transition to the new QMSR regulations. Companies are encouraged to begin aligning their quality management systems with ISO 13485 and ensure their risk management processes are robust, well-documented, and continuously updated.

For medical device companies, this session underscored the need for a strong compliance strategy, effective recall management, and ongoing risk assessment to ensure long-term success in a highly regulated market.

Richard Love
Previous

Implementing QMSRpro for Medical Device Quality Management While Ensuring GDPR Compliance
Next

Transform Your MedTech Data with HarborView’s QMSRpro: A Solution Built Around Your Needs, Not Theirs