A quick comparison of how Europe and the United States monitor medical device safety differently – and how those differences highlight Europe’s weaknesses.
America already insists on transparency
The United States Food and Drug Administration is responsible for monitoring all malfunctions, injuries and deaths possibly linked to medical devices – from low-risk wheelchairs and bandages to complex implants such as pacemakers, heart valves and neurostimulators.
Last year, the agency received more than 870,000 reports of such incidents, submitted by hospitals and manufacturers, which it published in an FDA online database, available for anyone to search. Many years of reports are available and contain a valuable trove of information for patients, doctors, research scientists and regulators.
The FDA reports are far from perfect. For instance, ICIJ research found 2,100 filings between 2013 and 2017 concerning patients who had died but that had been classified not as deaths but as device malfunctions or patient injuries. There are also long-standing concerns that many device-related incidents go unreported in FDA records.
Nevertheless, the agency’s reports are an essential component in U.S. oversight, helping to monitor risk and to detect defective products.
Behind Europe’s veil of commercial secrecy
In the European Union, the picture is different. Reports are not gathered into a single database nor have they ever been made public. Each national regulator collects so-called “incident reports” in individual countries, sharing them with European counterparts – but then only privately – when they spot serious issues.
For years, these arrangements have caused concern. As early as 2002, a survey carried out for the European Commission found that reporting malfunctions and injuries potentially linked to medical devices was “uneven.” The survey conductors urged European countries to “verify and improve” their practices.
It is clear that the vigilance system and reporting of vigilance issues need to be improved
– EU consultation paper on medical device safety
But six years later, problems persisted. A 2008 consultation paper proposed more oversight, arguing that it was key for timely warning of safety issues.
The paper noted that the EU has a low overall reported rate of incidents, adding: “As it is unlikely that medical devices are ‘safer’ if used within the EU… it is clear that the vigilance system and reporting of vigilance issues need to be improved.”
In 2010, a scandal pointed to continuing shortcomings. A French company, Poly Implant Prothèse (PIP), collapsed after regulators in France discovered it had been illegally filling rupture-prone breast implant shells with cheaper industrial-grade silicone rather than medical grade. A later inquiry found that for years regulators in the UK had been concerned that the company had a “tendency to draw inappropriate conclusions” in reports on implants that were surgically removed, attributing problems to other causes.
The episode showed how Europe’s regulatory regime is over-reliant on manufacturers. Most incident reports are effectively self-reports, sent to regulators by device makers. While health care workers, and even patients, are welcome to file reports, only device makers are legally required to. And in most cases, regulators then ask the device manufacturer to investigate reported incidents and assess whether the device is at fault.
During ICIJ’s Implant Files investigation, European journalists used freedom of information (FOI) laws to seek data from dozens of national regulators, many of which held tens of thousands of incident reports that had never been disclosed to the public.
Regulators resisted fiercely. Some cited patient confidentiality, while others said it would be too costly to meet requests for large volumes of information. But the main reason given for denying journalists was that releasing reports of patient harm and danger would damage device makers’ commercial interests.
Many faulty device investigations are inconclusive
Most FOI requests produced little detailed information, but persistence led to modest victories. In Norway — not part of the EU but subject to many of its regulations — journalists at Aftenposten managed to get hold of almost 400 incident reports submitted since 2010, relating to such high-tech implanted devices as pacemakers, defibrillators and vagus nerve stimulators.
The Norwegian files were illuminating. An Aftenposten analysis of 81 final reports to the regulator of incidents in the last two years found that the device was at fault in about one in three cases. However, more than half of all investigations were inconclusive.
In 34 of the 81 incidents, the role played by the medical device could not be determined because it had never been returned to the manufacturer for analysis.
In some instances, removing the device surgically may have been too high-risk to do so. In others, carelessness played a role: devices that should have been sent to the manufacturer for analysis were instead discarded by the hospital.
Incident reports rising sharply
Having received only patchy information from regulators across Europe, journalists working on the Implant Files tried a new approach, sending a short survey to more than 30 national regulators.
ICIJ journalists wanted to know: How many incident reports had been filed in the last decade? And how many staff were employed to regulate the medical device industry? Nineteen European regulators, including those representing the largest EU nations, wrote back.
Staffing numbers were small: In Germany, there were 72 staff members regulating medical devices; in Denmark there were 14; in Sweden the figure was 39 and in Belgium, 44.
In most cases, these numbers had increased only modestly in the last five years, while the number of incident reports arriving on regulators’ desks ballooned, the survey showed.
Last year, the equivalent of 70 incident reports were received every working day by French medical device regulators, up from 30 a day 10 years ago. In Germany, the equivalent of 54 reports each working day were received in 2017, up from 18 a day in 2008.
Meanwhile, the U.K’s regulator — in most years the busiest in Europe — said it was on track to receive about 20,000 incident reports this year. Among its staff of 106, just 13 were qualified health professionals.
While the number of reports sent to national regulators varies considerably between European countries, the reasons are not clear. One reason may be the way the data is held. Agencies collect reports in different ways, and, in some countries, the total number may include duplicates.
Regulators ask manufacturers to investigate their own devices
Journalists at the Guardian, an ICIJ media partner in the U.K., found that despite a steep rise the number of U.K. incident reports, the regulator had actually cut the number of cases in which it carried out its own investigation into the cause of an incident.
In 2008, the U.K. regulator investigated one in three incident reports received, but during the first 10 months of 2018, just one in 100 led to a special investigation by the regulator. Instead, reports were routinely passed back to manufacturers for follow-up.
The U.K. agency insisted that the lower number of investigations reflected a change in the way it worked and not a reduced level of scrutiny. “We have been moving towards a more sophisticated and trend-led approach,” Graeme Tunbridge, group manager for devices regulatory affairs at the Medicines and Healthcare Products Regulatory Agency, told The Guardian.
“Most problems are systems-level issues, not unique to a single instance, for example where a whole batch is manufactured with a defect. Grouping incidents allows us to see the bigger picture and find the true causes of issues and solve them,” Tunbridge said.
An opportunity to make incident reports public
Current EU rules on the oversight of incident reporting are due to change as part of an update to European medical device regulation, which takes effect in 2020. By then, all reports will be held on a newly expanded – but not fully public – database, run by the European Commission. The changes are designed to make it easier for regulators to spot problems and remove dangerous devices from the market sooner.
The new legislation promised to ensure that doctors and the public are kept “adequately informed about devices” — but it deliberately left open the question of whether incident reports will be published online, as in the U.S.
Although rules on transparency remain to be spelled out, the Commission, which is expected to make an announcement early in the new year, has already told ICIJ it does not expect to make all the data public.
Erik Hansson, deputy head of the Commission unit responsible for medical device regulation, told ICIJ media partners: “It doesn’t make sense to publish incidents before it is verified that the incidents are linked to the medical devices. There is no need to create unnecessary worries.”
But as the incident reports obtained by Aftenposten in Norway show, a large number of cases are closed without verifying whether a device is at fault. And these unverified reports remain vitally important to monitoring the safety of devices. In 2007, for example, a high number of serious health problems had been identified in patients with miniature defibrillators implanted along with a set of thin wire leads known as Sprint Fidelis. It was correlation, not a firmly established causal link, that prompted U.S. manufacturer Medtronic to issue a worldwide recall for 235,000 lead sets that year.
Doctors call for transparency as one manufacturer admits underreporting
Many leading doctors and healthcare experts have responded to the Implant Files with calls for the publication of European incidents on a searchable website. Dr. Christian Gluud, head of the Copenhagen Trial Unit in Denmark, told ICIJ keeping European incident reports confidential was effectively an “expropriation” of information belonging to patients, which should be shared openly in the interests of public health. “To me, this looks totally medieval,” he said.
Last Thursday a group of influential French healthcare nongovernmental organizations and charities issued a joint statement calling for “utmost transparency” in relation to incident reports and medical device safety data.
Meanwhile, in the U.S. that same day, the Japanese firm Olympus Medical Systems provided a timely reminder that companies can, and do, fail to report suspected problems with their product to the regulator. The company pleaded guilty to distributing misbranded devices and was ordered to pay $85 million in fines and penalties, after admitting it failed to file incident reports notifying the FDA about patients who had been contaminated with drug-resistant infections, sometimes known as superbugs. The patients fell ill after procedures involving an Olympus gastrointestinal scope inserted down the throat to examine and treat problems in the digestive tract.