Ernst & Young on Monday released a new report on how the global medical technology (medtech) industry grew by 5% in 2016, with US and EU medtech companies seeing net income increase 17%, though several regulatory and legislative question marks are on the horizon.
In addition to the improvements seen in income and revenue growth in 2016 when compared to 2015, the report also shows that overall, US and European medtech financing increased 101% in 2016, to $43.9 billion, the second-highest total in the past decade. Venture capital financing climbed to $7.7 billion, a 23% year-on-year increase.
Among the business risks highlighted for medtech management teams: the new EU medical device and in vitro diagnostic (IVD) regulations, increasing cybersecurity threats and the potential reinstatement of the 2.3% medical device tax in the US as of 1 January 2018 unless Congress can act before the end of the year.
Serge Bernasconi, CEO of MedTech Europe, discussed the impact of the new EU regulations and noted that an assessment report on their impact is expected early next year.
"Companies can’t afford to delay their compliance activities any longer. If they haven’t done so already, it is critical that medtechs perform gap assessments to understand what steps are required to remediate their devices and diagnostics," Brenasconi wrote.
In addition, more information and clarity is expected on how both MDR and IVDR will be implemented, with additional legislation that will spell out practical considerations tied to the regulations.
Lucien De Busscher, advisory partner at E&Y, and Jon Lange, advisory principal at E&Y, noted that because the changes are so extensive, device companies need an enterprise-wide roadmap to implementation designed and led by regulatory experts but executed by business teams.
"This road map must balance the up-front costs of remediation with current business capabilities, operational processes and commercial and strategic priorities," they wrote. "Since companies have no choice but to comply with MDR, one necessary component of this calculus is a gap assessment that defines MDR remediation costs relative to a specific product’s future growth prospects. Key questions companies must ask include:
- What percentage of revenue is at risk?
- What is the total cost of compliance?
- Will new clinical studies be required for market certification?
- How harmonized are the technical files?
- Which products are central to the medtech’s strategic agenda?"
Sri Vasudevan, an E&Y executive director, also discussed the impact of cyber risks, especially with the health care industry "still a relatively easy target for cyber criminals, and considering the recent wave of rejected 510(k) FDA submissions due to incomplete or inadequate security risk management sections, it seems only a matter of time before the FDA enforces stringent regulations for the security of medical devices."
But he cautioned that medtech companies should not wait for either safety notifications or formal legislation.
"They need to take preemptive measures now. Setting up a formal security risk management function, including time to train engineers and establish appropriate security engineering processes and protocols, takes about 12 to 18 months to set up. A scarcity of cybersecurity experts proficient in medtech could further slow the process," Vasudevan wrote.