After years of development, an extended comment period by industry and final review by the Office of Management and Budget, the FDA has at last issued the final rule on unique device identification. Mandated by the FDA Amendments Act of 2007, unique device identifier regulation is aimed at reducing medical device-related errors, injuries and deaths.
The UDI rule establishes a system that, once fully implemented, will provide a consistent and automated way to identify and track medical devices distributed within the United States. Specifically, it requires that medical devices be assigned a unique code that is tied to associated device and packaging information housed in a central FDA database. Such a system ensures a substantially higher degree of oversight in the medical devices industry which, ultimately, holds the promise of a significantly higher level of patient safety. And, while UDI regulation also promises numerous business benefits to organizational stakeholders, it also opens the doors to a host of data challenges, particularly for those required to comply. Yet, as this and subsequent articles will point out, enterprise information management, with a focus on data governance, data quality management and product information management, can facilitate compliance efficiently and effectively in a timely manner.
UDI regulation is directed primarily at medical device manufacturers, although it is officially targeted at all device labelers, where a labeler is “any person who causes a label to be applied to a device . . . [or] who causes the label of a device to be replaced or modified with the intent that the device will be commercially distributed without any subsequent replacement or modification of the label. . . .” While the definition outlined in the official rule describes a labeler more precisely, it is noted that a labeler may also be a specification developer, a single-use device reprocessor, a convenience kit assembler, a repackager or a relabeler.
A Two-Part Code
According to this new regulation, a medical device’s UDI will be a unique numeric or alphanumeric code consisting of a device identifier (DI), or a static code that identifies the specific version or model of the device and the device labeler, and a production identifier (PI), or a variable code that provides production or control information specific to the device such as the lot or batch number, serial number or the manufacture and/or expiration date. That is,
UDI = DI + PI
UDI rule further stipulates that each code is to be provided in both plain text and at least one form that employs automatic identification and data capture (AIDC) technology, such as a barcode or a radio frequency identification tag. Labelers will create, assign and maintain their own UDI codes with the help of accredited issuing agencies (e.g., GS1, HIBCC and ICCBBA).
Four Core Requirements
The UDI rule identifies four core requirements:
- Device and package labeling
- Database submission
- Date formatting
- Direct part marking
First and foremost, the UDI rule requires that the label of a device as well as all levels of packaging must bear a UDI. Data about the device and its packaging must then be submitted to a master database created and administered by the FDA called the Global Unique Device Identification Database, or GUDID. The FDA has identified a number of specific attributes — including, but not limited to, device model number or version, industry- and FDA-assigned codes and certain device or packaging conditions (e.g., sterility status) — that are to be submitted along with the device identifier component (but not the production identifier part) of the UDI code. Manufacturers and other labelers will submit data via the GUDID Web interface or as an XML file according to the Health Level Seven Structured Product Labeling standard. While most of this information will be made available for public search, submitted data will not contain any identifying patient information.
Stemming from the need to eliminate ambiguity concerning date stamps, the UDI rule also stipulates that a specific format be used with any dates that appear on device labels, such as expiration or manufacturing dates. The required format — YYYY-MM-DD (all numeric) — is internationally recognized and accepted.
Lastly, UDI rule mandates permanent, direct part marking of the UDI code on devices that are intended to be used more than once and reprocessed (e.g., cleaned, disinfected or sterilized) before each use. This is to ensure that applicable devices are still identifiable if they become separated from their labels.
A Seven-Year Implementation Time Frame
In acknowledging the focus on patient safety while also spreading the cost and burden of implementation, the FDA has established a risk-based, phased schedule for meeting compliance deadlines. Specifically, UDI requirements are being phased in over a seven-year period following rule finalization (September 24, 2013) based on device risk.
In the first year, with a deadline of September 24, 2014, the riskier Class III devices (comprising most of the implantable, life-supporting and life-sustaining medical devices) plus devices licensed under the Public Health Service (PHS) Act are required to meet the first three UDI requirements: device and package labeling, GUDID submission and date formatting. All remaining implantable, life-supporting and life-sustaining medical devices will have until the following year to comply with those same requirements.
Also by this second-year deadline, all life-supporting or life-sustaining devices required to be labeled with a UDI must comply with the fourth core requirement — permanent, direct part marking — if the devices are intended to be used more than once and reprocessed before each use.
The table below outlines the full implementation schedule.
An Assortment of Exceptions
Taking into account industry feedback from the proposed UDI rule, the FDA is allowing a number of explicit exemptions and other exceptions to the standard UDI requirements. Such exceptions range from labeling exemptions for specific types of devices (e.g., investigational devices and individual devices or component parts of certain convenience or combination kits) to compliance deadline extensions (e.g., for devices in existing inventory and certain Class III devices) and direct part marking exemptions in certain situations.
The FDA may also grant other exceptions on a case-by-case basis if a labeler makes a compelling case. Once an exception is granted, it will be made available to any other device meeting the same specifications.
The benefits of unique device identification are many and span stakeholders along the whole health care value chain. However, the driving force behind the UDI initiative remains improved medical device-related patient safety. A national UDI system can achieve that goal on many levels, from enabling faster and more accurate device recalls and facilitating more reliable and efficient post-market surveillance to reducing or preventing distribution of counterfeit devices and eliminating medical errors due to device misidentification.
Beyond patient safety, however, a UDI system can benefit medical device manufacturers, distributors and purchasers by reducing errors, streamlining development and supply chain processes and, ultimately, reducing costs. A UDI system can also benefit all types of health care service providers — including hospitals, medical offices, clinics and medical personnel — as well as regulators and patients, particularly as it relates to documentation of device use and access to accurate, complete and timely device information, which in turn facilitates comparative cost and post-market analyses.
Importantly, some of these benefits can only be realized after the UDI and associated attribute information is combined with electronic health and other patient-specific records as well as with other industry and regulatory databases. This, of course, will require industry stakeholders not expressly required to comply with UDI rule to nonetheless update their own systems, policies and processes to accommodate UDI codes.
The eventual game plan, with the promise of an even greater level of safety and more expansive business benefits — and one that has already played an influential role in the development of the current UDI system — is to take medical device identification a step further with a globally harmonized UDI system.
But a Host of Data Challenges
But, for individual organizations tasked directly with UDI compliance, the challenges will be many. Aside from the technical, operational and organizational challenges they will face, manufacturers and other labelers will also need to address the data implications of UDI compliance. Challenges will result from the need to collect, integrate, clean and rationalize all the data required both for the creation of the UDI code and, more so, for submission to the FDA’s GUDID. All of this new data will also need to be proactively maintained. New polices, processes and standards will need to be established and implemented throughout the organization, and, of course, employees will need to be trained on them.
Understanding how to approach these and other data challenges will be critical as organizations tackle UDI compliance.
Enterprise information management as a discipline can provide practical guidance on dealing with the data challenges imposed by UDI regulation. With an EIM strategy in place, an organization can ensure that enterprise data — including data needed for UDI compliance — is not only available, accurate, complete and secure but is efficiently managed based on having the right organizational players, policies, processes and technologies in place.
Within the framework of EIM, data governance, data quality management and master data management for product data all play important roles in an organization on the path to UDI compliance. My next three articles will address each of these components of EIM as they are applied to the data challenges of UDI compliance. I will close out the series in the final article by outlining specific actions your organization can take to get started with EIM for UDI compliance.
Editor's note: Click here to read part 2 of this series on EIM and data governance.