Insights on risk management topics and tips and techniques for implementation.

Why You Should Use Standard Codes for Adverse Events in Your Risk Files

benefit-risk fda interactive q&a iso 14971 postmarket surveillance Feb 06, 2022

Global regulatory authorities require the use of standardized codes for reporting adverse events. Here are two reasons why you should also use standardized codes and terms in your risk files.

According to the International Medical Device Regulators Forum (IMDRF), widespread use of a single, appropriate adverse event terminology and coding system is expected to improve signal detection by adverse event management systems enabling a faster response by both industry and regulatory authorities.

In the guidance document IMDRF/AE WG/N43FINAL:2020(Edition 4), they also list these specific benefits for both manufacturers and regulatory authorities:

  • Improved accuracy of capturing and reporting of medical device related adverse events
  • More effective evaluation of adverse events
  • Signal detection and trend analysis through advanced querying
  • Consistency in reporting across different jurisdictions
  • Increased accuracy and reliability of information shared between regulatory authorities

Regulators in the US and the EU have adopted the use of standardized codes for adverse events reporting. FDA Form 3500A and the MIR form in the EU, both required the use of codes. Increasingly, these codes are being harmonized to facilitate real-world data analysis through standard queries.

In a recent Interactive Q&A session, we focused on this topic as an emerging area relevant for the entire risk management process, not just for reporting of adverse events. Here is a video recording of our discussion:


In this article, we will focus on why it makes sense to adopt a standardized terminology for patient harms and device malfunctions.

Reason #1: Risk files need a direct link to post-market data

In clause 10, ISO 14971:2019 requires medical device manufacturers to establish a system to actively collect and review information gathered from post-market surveillance (PMS). The main intent is to monitor changes in the risk level of the medical device based on actual use in the market and take timely action to maintain a positive benefit-risk balance.

 Recall that risk is measured in by a combination of the probability of occurrence of harm (POH) and the severity (S) of that harm.

Changes in the occurrence rate of adverse events need to be correctly reflected in the risk files. Therefore, use of the same standardized codes, both in your data gathering process (i.e., Complaint Intake) and risk analysis process is essential. 

Let us illustrate this concept with the following example.

Occurrence of a certain adverse event is calculated by dividing the number of events by the total number of opportunities. As an example, occurrence rate of Intraocular Infections for an intraocular lens (IOL) is calculated by dividing the number of such events reported by the total number of IOLs implanted during the reporting period. 

Here, the term Intraocular Infection is a standardized term (FDA code = 1933, IMDRF Code = E081801, MedDRA Code=10054762)

Let us say you are trending and monitoring the rate of intraocular infections in your post-market reviews. However, you only use a generic term such as Infection in your risk files to indicate a potential patient harm. The generic term may include other types of ocular infections, not just intraocular infection. As a result, you will not be able to accurately compare the occurrence rate in your risk files with occurrence rates calculated from the post-market data. 

Therefore, it is very important to align the codes/terms used in your complaint intake process with codes/terms used for reporting to regulatory authorities, and codes/terms used in your risk files.

Reason #2: Regulatory oversight is moving from passive to active

FDA, for example, is increasingly looking at real-world data and real-world evidence to make regulatory decisions. As shown in the figure below, there is a huge initiative going on through NEST coordinating center (NESTcc), to collaboratively generate real-world evidence through monitoring of massive amounts of real-world data. FDA is also a part of this initiative through a grant to the Medical Device Innovation Consortium (MDIC), a public-private partnership. 

There are two huge implications of this effort:

  1. Real world data analysis will offer more reliable estimates of background rates of occurrence to facilitate market authorization decisions for new devices.
  2. Real world data analysis will also enable stronger signal detection capability to allow the regulatory authorities to take quick actions for currently marketed devices.

 Here, we are not talking about FDAs's MAUDE database or the TPLC database. Although there is a large amount of data available in these databases, they have many limitations that seriously reduce their ability to facilitate active post-market surveillance.

Instead, the goal is to access massive amounts of data through electronic medical records, claims, clinical studies and other research organizations. Once the UDI (unique device identification) and its application is broadly implemented, a clear link to medical devices can be established through these data sources. The EUDAMED database in the EU is also being established as a starting point to achieve this longer term goal. 

In summary

Change is in the air! We are living in the age of Big Data, and regulatory authorities are catching up fast!  In the (very) near future, we can expect a move from passive to active safety surveillance that will impact both pre-market and post-market regulatory decision making. A key first step to prepare for this new world is to adopt the use of standardized, and harmonized, codes/terms for adverse events in your risk files. When your risk files are aligned directly with your post-market data, you will have the ability to accurately analyze and evaluate risks related to the use of your medical device. Remember, benefit-risk of your medical device is not static. It is always evaluated in the context of the state of the art, which is continually evolving. 

In a future article, we will dig deeper into standardized codes and terms, how they are organized and how you can use them in your risk management process. 


Say yes to receiving a practical risk managementĀ tip each week!


You're safe with me. I'll never spam you or sell your contact info.