Complaint Handling For Medical Devices – What You Should Know

Complaint Handling For Medical Devices – What You Should Know


A complaint can come from any source – a patient, a doctor, or someone else involved with a medical device – anyone unhappy with the product or service. Complaints also arise from internal review and/or testing, where an issue is discovered and reported through designated channels. With Software as a Medical Device (SaMD) complaints can even originate from error logs.

Wherever a complaint comes from, it’s important to collect as much feedback and information as possible to resolve it in the right way. It’s also important to have procedures and documentation concerning complaint handling in place for a Quality Management System (QMS) audit.

Complaint handling under the MDR

The EU’s Medical Device Regulation (MDR) requires companies to define their processes for handling complaints. This includes:

  • A complaints handling procedure and notification system 
  • A system for logging complaints
  • Predetermined risk classes and associated timeframes for responding to complaints
  • Communication channels for updating complainants
  • Templates and deadlines for handling serious issues that result in a product recall (Field Safety Corrective Actions)
  • Proactive trending analysis on complaint data to prevent similar recurring problems and improve device quality.

If a complaint involves a serious incident or death related to a medical device, the manufacturer is obligated to report it to the competent authorities within specific timeframes, as outlined in the MDR.

Pre-define a complaint workflow

When a complaint comes in, what do you do? Having a clearly defined workflow for complaint handling is essential. Manufacturers are required to establish and maintain procedures for the receipt, documentation, and evaluation of complaints. These records should be kept in a well-organized manner and must be made available to competent authorities upon request. For example, it might involve a ticket-based system which allows for straightforward logging of all incoming complaints.

Everything known is collected, before risk assessment and root-cause analysis take place. Once the relationship with your device and the severity of the issue is established, the fix is determined, and the relevant authorities are notified if the complaint involves serious incidents or death.

With a fix in mind, it’s important to determine the impact of the fix on the product. If it’s a positive one, the change process can begin and the fix – or fixes – can be implemented into the product. Once fixed, the complainants can be notified. 

How to risk assess complaints

Medical device companies define their own complaints procedures, but when a complaint first comes in, the impact and associated risk of the complaint need to be assessed. That’s where ISO 14971 – the gold standard for risk assessment – can help. It’s important to ask questions such as:

  • How serious is the complaint? 
  • Have you received similar complaints? 
  • Can you group it with other complaints? 
  • How often does this complaint occur?   

Applying a simple scoring system – for example, multiplying severity by frequency of occurrence – gives you a number that reflects the level of risk. High-risk cases need to be dealt with as soon as possible. Low-risk complaints – such as bugs that pose no risk of harm – can be dealt with at a later date.

It’s common to receive questions from end users about a medical device. Normally, this isn’t defined as a complaint. However, if you receive the same question multiple times, it might be worth treating repeated questions as a complaint as it might indicate that the usability or instructions for use surrounding your device might not support safe and effective use because so many people experience it. 

That’s why it’s important to file and keep track of every complaint and question received to determine whether something is a complaint, and if it needs a thorough root cause investigation.

How to take corrective and preventive action

EUDAMED – the European Database on Medical Devices – is scheduled to host periodic safety update reports generated by your Post Market Surveillance (PMS) activities. Its aim is to provide transparency about product safety and the conclusions of Corrective And Preventive Action (CAPA) analysis.  

In regulated industries – such as medical devices – CAPA analysis helps to identify and resolve nonconformities in your processes or products. Some companies choose to do this in response to every complaint they receive – an approach viewed by some as being ‘CAPA happy’ – because it’s definitely not a necessity to perform an in-depth root cause analysis for each complaint that you receive.

For higher-risk issues, CAPA analysis can help you go deeper to determine the root cause. For example, a problem with a SaMD product might actually be related to testing procedures or a coding style that isn’t state-of-the-art. It could also be due to someone following the change process incorrectly and not notifying their quality team of upcoming software changes.

CAPA analysis also ensures you specify a timeframe for monitoring if an issue reoccurs after implementing the required fixes. If it does, then further analysis may be required to determine the actual root cause. All of this information is combined every one or two years – depending on the risk class of your product and your defined Post Market Surveillance (PMS) activities – into a report. In high-risk situations, there’s also a need to issue public safety notices.

Best practice for handling Notified Body audits

It’s a good idea to have a central file of complaints ready for QMS auditing by a Notified Body. This also provides your company with a clear overview of complaints and status towards resolving them. Ideally, it should include links to the relevant complaint tickets to retain traceability, risk assessments, occurrence and severity scores, the need for notification and communication with clients, and associated deadlines for complaint handling related activities.

Every product is different. Regulatory consultants have experience with multiple product types. Bringing in a consultant helps and is a time-saving way to identify a complaint handling procedure that fits your product or needs. Such a procedure covers things like what kinds of issues to expect, and how to resolve them effectively. It’s also a way to support decision-making around risk assessment scores and thresholds. Regulatory consultants can also help you streamline your processes and cut out unnecessary work – such as doing a CAPA analysis for every single complaint - so that you can focus on the issues that truly matter.

The MDR encourages medical device manufacturers – and their supply chain – to handle complaints transparently and effectively. The impact is not only regulatory compliance but an improved product or service, and stronger trust in your brand.  

Need expert support with complaint handling for your medical devices? Peercode Regulatory Consultancy can help. Speak to a specialist today