Periodic Safety Update Report
Creating a Compliant PSUR
Under EU MDR and EU IVDR, there is now a requirement for a Periodic Safety Update Report (PSUR) or Post-Market Surveillance Report (PMSR).
Previously, the MDD and IVDD had post-market requirements. The MDR and IVDR requirements are now regulated. For most classes, manufacturers must update and submit these reports notified bodies (NBs) every 1 or 2 years.
What is a PSUR?
Periodic Safety Update Reports (PSURs) have been required for pharmaceutical products for some time, but they are now also a requirement for medical devices. Periodic safety reporting improves medical devices and the advantages they provide to patients. All devices require either a PMSR or PSUR, and the risk associated with the device class determines which report is required, whether it must be reviewed by a notified body (NB), and the frequency of review.
Manufacturers of low-risk devices aren’t required to submit a PSUR, but must maintain a PMSR and make it available to competent authorities. A PMSR must summarise the results and conclusions of post-market surveillance (PMS) data, and include a description and rationale of any corrective actions taken. Moderate and high-risk devices and IVDs must have a PSUR, which is much more detailed and extensive than a PMSR.
Requirements for PSURs
Manufacturers must update PSURs depending on the device class, as outlined in the table below.
Table 1: PSUR frequency updates by classification
Device Type | Classification | Report Type | Update Frequency |
Medical Device | Class l | PMSR | Recommended every 2-5 years |
Class lla | PSUR | Every 2 years | |
Class llb, lll | PSUR | Every Year | |
IVD | Class A, B | PMSR | Recommended every 2-5 years |
Class C, D | PSUR | Every Year |
High-risk devices and IVDs must have PSURs updated every year, even if certification is for a two-year period.
You must submit PSURs for Class III devices, and Class C and D IVDs to NBs via an electronic system. The NB will then review the report and add its evaluation to that electronic system, with details of any action taken. Such PSURs and the evaluation by the notified body shall be made available to competent authorities through that electronic system.
For all other classes, the PSUR must be made available to the notified body involved in the conformity assessment and, upon request, to competent authorities.
Article 86 of the EU MDR 2017/745 defines the requirements for the Periodic Safety Update Report. Specifically, the PSUR shall include:
- the conclusions of the benefit-risk determination;
- the main findings of the PMCF; and
- the volume of sales of the device and an estimate evaluation of the
size and other characteristics of the population using the device, and, where practicable, the usage frequency of the device.
Although the above appears to be a comprehensive list of information that must be included in the PSUR, it isn’t reflective of the level of analysis required. Just including these three sections in the PSUR is not enough.
For example, sales volume is connected to product usage for complaint rate calculations to understand the frequency. Without connections such as this, the sales or complaint data on its own isn’t as significant.
Creating a Compliant PSUR
NBs want to see that data is both collected and improvements are being made. Competent authorities can also request and review PSURs as part of their vigilance investigation, clinical trial reviews and market surveillance activities.
Defining the Objective
The intent of PSURs is to improve devices and to have an accurate and complete picture and understanding of a device’s post-market performance. Taking this perspective will allow manufacturers to benefit from the effort.
Manufacturers should obtain and then maintain the safety big picture, ensuring consistency across the technical documentation. We can track data throughout the Quality Management System (QMS) process.
Complaints, usage, and other data go into the PSUR and also get added to the CER. All this information together allows more informed PMCF/PMPF planning decisions.
Collating and Analysing All the Data
This can be one of the most challenging aspects for manufacturers, and is where planning plays an essential role. Some data sources that should be referenced in PSURs include the following:
Table 2: PSUR Data Sources
Type of Data | Source(s) | Type of Data Collected |
Usage | Finance Marketing | No. of Units Sold Usage Frequency |
Complaints | Internal Complaints Marketing Surveys PMS Surveys | Complaint Dates No. of Complaints Failure Mode/Reason No. of Units Involved Country Severity |
Serious Incidents Adverse Events Recalls | Internal Database Public Databases | Event Date(s) No. of Events Failure Mode/Reason No. of Units Involved Country |
Trend Reports | Complaints Review Boards PMS Review Boards Vigilance Database | Meeting Minutes Submitted Trend Reports Vigilance Records |
Technical Literature | CER Search Report PubMed Embase Public Registries Manufacturer Registries | Information on SOTA Clinical Literature Clinical Data on Device |
Corrective and Preventative Actions | Quality Database | Date of Occurrence Description of Issue(s) Date Closed Root Cause Actions Taken Summary of CAPA |
It is advantageous to compile and analyse PMS data from multiple sources, as this allows to identify trends. The level of detail in data analysis is important. NBs want to know what the data means for the device or IVD, and will look for detailed analysis. Therefore, by taking the time to do this efficiently, it will reduce the number of queries.
Writing the Report
The items in the regulation should be followed, and other guidance on SSCP and PMCF should be referenced to understand more about how the MDR is being interpreted. Guidance on SSP and PMPF can also be referred to for understanding how the IVDR is being interpreted, which is very close to MDR, including the application of MDCG 2020-7 and 2020-8 guidance.
We should integrate PSUR data into risk management and any other affected documents to create a continuous circuit of information that flows between PSURs, CER, SSCP, and PMCF plans. However, if there are product issues, the risk file may need to be updated after the PSUR.
Ultimately, developing a compliant PSUR requires organisational alignment.
The report should include the most common or severe device problems, as well as a record of all complaint reasons. It’s best to provide as much data as possible, but it’s also critical to connect the dots for notified bodies.
Finally, you should use consistent administrative data throughout the documentation. NBs won’t spend time deciphering inconsistencies and will therefore reject reports if the administrative data doesn’t align with the other technical documents.
Create alignment around how data will be gathered
- Identify data sources: risk management, CERs/PERs, PMCF/PMPF, PMS/complaints, various business units, external databases, etc.
- Use common terminology among all systems that capture data.
- Know how to access all the data sources.
- Identify the experts needed for any queries.
- Ensure part numbers align between systems.
- Understand the data exporting limits of each system.
Create a schedule
Set up systems
- Instructions for accessing databases
- Search terms to use
- Similar devices to include in searches
- Identifying the people responsible
- A reference system for naming files
- A document management system
Create report templates
Create a checklist
CLIN-r+ recommendations
CLIN-r+ understands how challenging it can be to maintain regulatory and quality compliance, especially with new regulations in place. The PSUR is a new requirement for most manufacturers, but CLIN-R+ is here to help and know what notified bodies want to see.
We have extensive experience creating post-market surveillance, PMCF/PMPF, and PSUR documentation.
CLIN-r+ comprehends what standards the notified bodies will use, and provides integrated services to enable data from PMCF/PMPF inputs (IFUs, PMS data, CER/PER, and RMF) to be fed into PSUR, CER/PER, and PMCF/PMPF reports. Interested? Get in touch!
Risk Management
CER, SSCP and PSUR
