Medical devices and health products are heavily regulated and need special shipping and handling to move them along the supply chain from manufacturer to consumer. Medical device companies need to partner with a fulfillment provider and shipping service that will support their specific needs.
When vetting a provider for medical device fulfillment, sellers need to be aware of the following: facility certification requirements, specific inventory management systems, specialized storage and packaging, plus information security.
Certification Requirements For Medical Devices
A fulfillment provider can give sellers the facility requirements they need, but the medical classification certification is always held by the product company. If a seller holds a medical device certification, they can take the fulfillment provider and fulfillment facility under their certification.
Is My Product a Medical Device?
It’s important to determine if your product qualifies as a medical device. There are some very obvious products that qualify like thermometers or a pacemaker, and some products that may not seem like they fall under the medical device category like wheelchairs, breast pumps, or pregnancy tests. The Food and Drug Administration (FDA) has a lengthy definition that can be found on their page: How to Determine if Your Product is a Medical Device.
There are three classifications within the medical device category that further define the types of regulations a product needs to follow.
- Class 1 poses minimal potential harm. These are lower risk devices that do not pose immediate harm to the user. According to the FDA 47% of medical devices fall under this category and 95% of these are exempt from the regulatory process. Examples include bandages, examination gloves, electric toothbrushes, hospital beds and hand-held surgical instruments.
- Class 2 poses intermediate potential harm. These are medium risk to the user. They require more documentation that has to align with the FDA requirements on behalf of the seller. According to the FDA 43% of medical devices fall under this category. Examples include catheters, blood pressure cuffs, pregnancy test kits, syringes, blood transfusion kits, contact lenses.
- Class 3 poses a high risk of potential harm to the user. These devices usually sustain or support life. If used or implanted they present potential unreasonable risk of illness or injury. According to the FDA 10% of medical devices fall under this category. Examples include implantable pacemakers, coronary stents, orthopedic implants.
Specialized Receiving and Inventory Management
There are very clear guidelines on how to receive medical devices. For example, at DCL Logistics our customer Willow has a breast pump product which is a class 2 medical device. When we receive Willow’s items at our facility they have more quality checks than non-medical devices.
Processing the receiving documentation correctly is very important because if items are deemed unsellable, it’s more efficient to pull them from inventory at the receiving stage. Some of the following checks are made when medical device products arrive at the DCL facility.
- Verify that all products were assembled in a class 2 manufacturing site that has been certified to assemble and kit that classification of medical device.
- Check if the products need to be kept on hold. Sometimes there is a waiting period for FDA clearance; the FDA needs to verify that items are cleared to be stored as inventory.
Storage, Fulfillment, and Packaging
There are guidelines on how medical devices need to be managed, moved around a warehouse, and shipped. This is known as good manufacturing practices (GMP). While GMP is the baseline any warehouse should follow, it’s particularly important for a fulfillment provider to maintain consistent quality and safety protocols for medical devices products.
The GMP compliance requirements for medical devices are outlined in the Code of Federal Regulations (CFR), most prominently in the FDA Quality System Regulations of Medical Devices.
Every medical device company will determine how their product needs to be stored and packaged in order to comply with FDA regulations. There’s often an extensive amount of quality work instructions that the client will provide to their 3PL. Usually an onsite quality audit is conducted for those products at minimum once per year.
“It’s really about the 3PL aligning with the customer—a fulfillment provider needs to understand and comply with their guidelines in order to manage it in order to be compliant with the FDA.”
HIPPA, Security, and the Treatment of Personal Information
Security is something that all companies should ask about, but it comes up even more with medical devices for two reasons:
- They ask about physical security because devices are more likely to be expensive.
- They ask about digital security because devices are often patient protected.
Many sellers want to know what physical security measures they can rely on: are products housed in a cage? Is there locked pallet storage? Are there cameras or surveillance? Sellers want to feel confident that their products are safe within the warehouse.
Some medical device companies require that patient data is not shared outside of a team of people that have been HIPPA compliant and HIPPA tested. There may be a team of a few or a few dozen people who are the only people who can pick, pack, and ship that product. To become HIPPA compliant they must review HIPPA details, take a test, and register.
The protection of patient information is required by HIPPA laws.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information. To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishes national standards for the protection of certain health information. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form.