Course reflection : Safety risk management and design control of combination products

Introduction

Last week I had the pleasure to teach a practical virtual workshop relating to the safety risk management and design control of combination products. Naturally, as a device specialist, my focus was on those aspects associated to the device constituent and in particular how we bring together our risk management systems and design control for a product that is neither just a medicinal product nor a medical device, but is what we know as a combination product.

The course was highly practical. What I mean by this is that I stepped through an accelerated product development process where a sponsor brings together a medicinal substance with a drug-delivery device. We worked through the regulatory requirements and then got straight down into how we translate these requirements into user needs, how they become acceptable and unacceptable risks, and then form the basis of design inputs that go through the journey of design control.

User needs that will be validated

User needs form the most critical component of requirements. The reason is that, according to design control logic, our user needs are validated with the final combination product design. That means we have to be very clear on what those user needs are.

I emphasized the importance of not confusing user needs in the context of design control with user needs in the context of user feedback and other patient, caregiver and clinician stakeholder statements of need. Regulatory requirements for combination products state, for instance, that use-related errors are controlled to an acceptable level or that, under normal conditions of storage and use, the system combined does not lead to extractable or leachable substances.

Obtaining user needs relies upon a very methodical and systematic process of understanding the product (Target Product Profile), the characteristics that impact safety and performance, the intended purpose of the combination product and of the drug-delivery system, as well as the intended user, use environment and, of course, the key markets.

Importance of regulatory strategy and compliance plan

Central to the formation of user needs is the process of understanding exactly what top-level requirements will be driving the design control. This means that a regulatory strategy and a compliance plan are central to the development.

A regulatory strategy is a comprehensive assessment of the regulations that a combination product will need to address in order to gain market access and remain there post-market, as well as the steps to be taken.

These regulatory requirements cover a huge amount of aspects, from safety of materials, environmental laws, quality management system requirements and labelling requirements, to connectivity and interoperability regulations. For the purpose of safety risk management and design control, we focused much more on those tangible requirements that influence product and process design.

The assessment of those identified regulations and their requirements is an extremely important process, reliant upon careful understanding of product-specific and cross-cutting regulations, standards, pharmacopoeia, specifications and norms. I stressed the importance of understanding product characteristics such as energy, data, communication, mechanical activation, user actions pre-administration, intra-administration, post-administration and disposal, and why knowing this helps you to correctly identify applicable laws, regulations and standards.

Needless to say, my course does not theorize over this. Instead, we get on and do it with an example: setting out search terms, identifying regulatory sources and then decomposing these into a top-level set of requirements.

For design and construction of combination products, I also ensure the students understand just how critical the essential principles of safety and performance of medical devices are, as well as identifying combination product-specific requirements contained in the various US FDA, EMA, Health Canada, TGA and MHRA guidances, and of course the medicinal substance laws. The reason for this is that ultimately, in European and many rest-of-world countries, there is an assessment either pre- or post-market of whether these were considered.

Importance of safety risk management

Before any design control can begin, we need to understand risks and set upon a process of determining risk analysis, estimation and evaluation to determine the acceptability and unacceptability of risks.

This is where the course comes into its own. I go through detailed examples of how we identify hazards, hazardous situations and harms, and explain who, what, how, when and why we do this with our development partners.

Common pitfalls here are that combination product sponsors, usually the drug company, make the classic mistake of thinking that the device developer or manufacturer has everything covered on this. Nothing could be further from the truth, as often they are not part of the same organisation that is going for the market authorisation, and so do not have a clear understanding of the formulation, the patient and their pathology, nor the user and use environment.

This creates a complete breakdown of the risk management process, as many people believe incorrectly that this can be outsourced to the certified ISO 13485 device entity utilising ISO 14971, for instance. I emphasise the extreme importance of not relying on this and, in fact, ensuring that the product development plan incorporates risk management-specific activities that onboard everyone in the project to a risk management plan.

I explain that we are not really wedded to any one particular system or standard for our early risk management work, whether ICH Q9, ISO 14971 or hybrids. But we are wedded to creating a risk management plan that establishes risk acceptability criteria derived from a knowledge of the actual intended purpose being defined in the target product profile and the device intended use.

The examples get much more technical, clinical and scientific, where we step through examples of auto-injectors, transdermal patches, metered-dose inhalers and novel drug-device combinations. Last week, I focused on an auto-injector for a GLP-1 inhibitor.

We created a list of hazards (potential source of harm), hazardous situations (where the source of harm is exposed to person, property or environment) and harm (degree of injury). This is where the rubber hit the road, as we discussed concepts such as P1, P2, circumstances leading to harm, probability of harm and systems of safety.

Here the students started to experience those “aha” moments where they got the importance of doing this now rather than subbing it out to the contract device manufacturer. We spoke about how the sponsor needs to bring all of this together and own the process and the data and information within it for the purpose of controlling the development, as well as ensuring all activities are then subsequently undertaken with this as input.

Risk acceptability: estimating and evaluating risk

We then worked through a series of risk chains, meaning linkage between a product characteristic (PC), hazard (Hz), hazardous situation (HzSit) and harm (Hm), and started estimating using qualitative and quantitative decision logic.

Here we began to understand that we needed medical, technical and scientific expertise relating to the specific formulation, in this case a GLP-1 inhibitor, as well as user expertise. We discovered that we cannot just sit in a room assigning numbers without asking ourselves whether we are truly competent, skilled, trained, qualified and experienced enough to answer it.

The students took away the clear knowledge that spreadsheets and colour coding are meaningless without the right people involved. The risk estimation was particularly useful because we were looking at two probabilities: P1 being the probability of a hazard leading to a hazardous situation, and P2 being the probability of a hazardous situation leading to a type and extent of harm.

This was really the most engaging part in the learning, as we look at the risk not in the context of “it won’t go wrong because we already know that the container closure material won’t cause extraction mechanisms because we’ve chosen the right material”, but in the context of “what if a high level of protection was not in place?”

This of course caused much debate, but I emphasized how important this is for demonstrating both good design control, risk verification and product validation, and also how it becomes really important in setting thresholds and monitoring risk later on.

Outputs of risk being an input to design

Lots of worked examples later, and we get down to which risks are so improbable in terms of P1 and P2 that they do not require risk control. I emphasise how important the user needs and regulatory strategy are at this point and show concepts in TR 24971 around risk acceptability.

For instance, I explain that if an essential principle of safety and performance requires that certain risks are controlled, then they override any attempt at ruling them out through your risk acceptability criteria. In addition, we discuss the concepts of reducing risk as far as possible and achieving a high level of protection, so that we do not inadvertently decide a risk does not require a control when in fact it needs one, for example needle-stick protection.

Our risk analysis and evaluation work then takes us to a list of risks, or risk chains, that now need to be reduced as far as possible to a high level of protection, taking into account the generally acknowledged state of the art. This is where we then reintroduce who can do this and design input.

For instance, P1 can be reduced by functions associated with the hazard, and we introduce the concept of sequence of events (SOE). This is a great way to think about how hazards can be initiated, whether design-related, production-related, use-related, or storage and transportation-related.

These enable us to think about how these can be initiated and assign the design input to the correct function to design out, reduce, or accept through benefit-risk.

Ultimately, we now have a list of risks that need to be controlled. P2 is an interesting aspect too, as we are now thinking about how, when a hazardous situation arises, such as the delivery of an overdose, that can impact the probability of harm.

Here we discuss concepts around mitigation, such as design-related mechanisms to ensure a maximum safety limit in dosing, or changing maximum doses for certain patient groups. Either way, our students begin to realise that it cannot be a spreadsheet enthusiast with an engineering degree getting involved in the final decision, but requires a carefully formed group of competent people to take those decisions. Importantly, we also talk about the role of medical affairs and medical safety in this part.

Design control

Our risk management work creates the flexibility for any assigned function that has design inputs linked to risk and user needs to be able to deploy any type of risk analysis and simulation tools to determine which sequence of events can lead from a hazard to a hazardous situation, and within their boundary of expertise deploy common risk controls from an array of tools.

For instance, engineers specifying materials and mechanisms, usability experts deploying URRAs and task analysis, as well as process specialists evaluating critical quality attributes and determining how they can be impacted by process design and variability. Whatever the discipline, we highlight the importance of linking all this up through a great taxonomy, ontology and, of course, good old traceability.

The course goes through the usual concepts of input, output, verification, validation and transfer at this stage, but introduces essential output as a concept and, for drug delivery, introduces the student to EDDOs.

Importantly, again, we step through really practical examples going from user need (UN), product characteristic (PC), hazard (Hz), sequence of events (SOE), hazardous situation (HzSit) and harms (Hms) to the actual risk controls (RC).

Here we introduce inherent safe design, inherent safe manufacture, design for patient safety using ergonomic principles, protection measures and information for safety — all in the context of design input, output, verification and validation.

Documentation

Design control requires a design history file, which will then be used as a basis for formulating the necessary elements of a combination product submission, including CTD module, eTD and, of course, the Notified Body Opinion submission documentation.

I explain the structure and content of this documentation and how the risk management and design history create the absolute foundations of this submission, as well as the validation and verification data used to demonstrate user needs have been addressed.

Summary

When you work with me in any training, you will always get a solid basis around concepts and terminology, a little splattering of regulatory principles and requirements, and a great big dose of practical demonstration and examples.

Over the years, I’ve noticed too many people thinking they are experts in risk, product safety, design control, verification and validation because they have read some requirements, yet when you ask them, “Have you ever managed a multi-million £/$/€ design, scale-up or remediation project?”, they always say, “No, but I read the regulations.”

I have over 30 years of applied experience working with patients, designing products and processes used commonly in drug-device combinations, working for notified bodies and testing, inspection and certification bodies, and importantly over the last decade defending manufacturers in courts of law around how they design, manufacture and support their medical devices and combination products when unfortunately real harm has been experienced.

If you are interested in training, consulting or expert witness support, please contact me.