Medical Device Recalls, Corrections and Removals: Risk Management and Regulatory Compliance

Introduction: When Surveillance Becomes Action

Post-market surveillance is designed to detect signals. Medical device recalls, corrections and removals represent the point at which those signals translate into action.

A medical device recall is a regulatory action taken to correct or remove a device that poses a risk to patient safety.

While often viewed as regulatory events, these actions are more accurately understood as outcomes of an organisation's interpretation of risk. In many cases, the underlying data, complaints, service records, or clinical feedback already exist. The critical factor is recognising when that data reaches a threshold that requires intervention.

In this sense, a medical device recall is not an isolated event, but a continuation of post-market surveillance medical devices in practice.

Understanding Medical Device Recalls, Corrections and Removals

Regulatory frameworks define different types of field actions depending on the severity and nature of the issue. Under EU MDR and FDA guidance, actions may include recalls, field safety corrective actions (FSCAs), corrections, or removals.

A medical device recall typically involves removing or correcting a device that poses a health risk. Corrections may involve modifications such as software updates or labeling changes, while removals involve withdrawing devices from the market.

The FDA medical device recall framework, including FDA recall classification (Class I, II, III) and 21 CFR Part 806, outlines expectations for timely, risk-based responses.

When is a Medical Device Recall Required?

Not all issues require a recall. The decision depends on a structured risk-based approach that considers severity, probability of occurrence, and potential impact on patients.

While some actions are immediate responses to acute failures, many field safety corrective actions (FSCAs) result from accumulated evidence reaching a threshold for intervention. This evidence may emerge gradually through trends in complaint handling, adverse event reporting, or clinical findings.

The challenge lies in determining when a medical device recall is required. Delayed decisions can increase patient risk, while premature actions can create unnecessary disruption. Effective systems balance these considerations through structured risk evaluation.

Risk Evaluation and Benefit-Risk Considerations

At the core of recall decisions is the device's benefit-risk profile. Organisations must conduct a benefit-risk assessment of a medical device recall to determine whether continued use outweighs the risks.

This aligns with ISO 14971 and broader medical device risk management principles, as well as quality system requirements under ISO 13485, 21 CFR Part 820, and FDA 21 CFR 820.100 for CAPA. This evaluation may also include a Health Hazard Evaluation (HHE) to assess the severity and likelihood of potential harm.

A recall is therefore not just a corrective action, but a reflection of how effectively an organisation applies corrective and preventive action (CAPA) within its quality system.

These decisions are grounded in post market surveillance medical devices, where signals from the FDA MAUDE database, complaints, adverse events, clinical data, and device vigilance systems are continuously evaluated to determine when corrective action is necessary

Regulatory Expectations and Reporting Obligations

Regulators expect manufacturers to act promptly once a risk is identified. Under the EU MDR Regulation (EU) 2017/745, manufacturers must implement field safety corrective actions and communicate them through Field Safety Notices (FSNs) and EU MDR field safety notice requirements.

Similarly, FDA requirements for medical device recalls emphasise timely reporting and clear communication with stakeholders. Public databases such as the FDA MAUDE database provide transparency into reported events and corrective actions.

These frameworks highlight that medical device recall management is not only about removing risk, but also about maintaining transparency and accountability.

From Reactive to Proactive Medical Device Recall Management

Traditional approaches to medical device recall management are often reactive, triggered only after risks become clearly visible. However, evolving regulatory expectations emphasise earlier detection and intervention.

By integrating adverse event reporting, complaints data, and clinical sources, organisations can identify weak signals before they escalate. This enables more controlled and proportionate actions, reducing the likelihood of large-scale recalls.

This shift supports a more proactive medical device recall process, including a structured root cause analysis to identify underlying issues and prevent recurrence.

Integration with Post-Market Surveillance Systems

Recalls and corrective actions are not standalone processes. They are outputs of a broader post-market surveillance system for medical devices.

Data from complaint handling, vigilance, and clinical evaluation feed into medical device risk management, which informs recall decisions. In turn, recall outcomes influence future surveillance, update risk files, and shape ongoing monitoring strategies.

Additionally, effective recalls depend on supply chain traceability and systems such as UDI (unique device identifier) to accurately identify and track affected devices in the field.

This closed-loop system ensures that every medical device recall procedure contributes to continuous improvement and future risk mitigation.

Common Challenges in Medical Device Recall Management

Organisations often struggle to manage medical device recalls effectively. These challenges are rarely due to a lack of procedures, but rather limitations in interpretation and coordination.

Delays in recognising patterns, fragmented data systems, and inconsistent decision-making frameworks can all hinder timely action. In some cases, organisations struggle to align internal stakeholders, leading to delays in communication and execution.

Addressing these requires stronger integration of CAPA, surveillance, and regulatory compliance frameworks.

Conclusion: Recalls as Indicators of System Maturity

A medical device recall is often perceived as a failure, but it can also indicate how well a surveillance system functions.

An organisation that identifies risks early and executes an effective medical device recall process demonstrates strong medical device regulatory compliance and surveillance capability. Conversely, delayed or inconsistent actions often reflect gaps in data interpretation and decision-making.

Ultimately, medical device recalls, corrections and removals are not just regulatory obligations; they are outcomes of how effectively organisations translate surveillance data into action. The focus, therefore, should not only be on managing recalls, but on strengthening the systems that inform them.

How Freyr Can Help

Managing recalls and corrective actions requires alignment between medical device recall management, risk evaluation, regulatory reporting, and communication processes.

Freyr supports medical device manufacturers by enabling structured risk assessment, consistent interpretation of safety signals, and seamless integration with post-market surveillance medical device systems, ensuring compliance with FDA medical device recall requirements, 21 CFR 806, and global regulations.

For organisations looking to enhance their recall management approach or address specific regulatory challenges, speak to a Freyr expert to explore your post-market surveillance strategy.