MedCity Influencers

Debunking 8 commonly held CAPA myths

Here’s a compilation of myths and realities about Corrective Action and Preventive Action (CAPA), the system for addressing systemic quality issues for medical device companies.

Corrective Action and Preventive Action (CAPA), the system for addressing systemic quality issues for medical device companies, is a source of ongoing issues within medical device companies and consistently one of the top reasons device makers receive FDA 483 observations and warning letters.

From developing a clear understanding of what should trigger a CAPA, determining your corrective or preventive action, to sorting out the root cause, there are a number of potential pitfalls that companies often tend to stumble across.

We often find that companies may hold to any of a few common myths around CAPA, which may impede their progress in some way. Sometimes, we’ll even find that companies are making a huge deal of something that is really not necessary.

Let’s look at eight commonly held CAPA myths we frequently encounter:

1. Everything is a CAPA

This is a common mistake with companies. They have an issue or discover something in an audit and go straight to creating a CAPA. Soon, they find themselves with so many CAPAs on the books that it’s difficult to get anything done.

This loses the entire point of why CAPA exists and how it can be of value to companies. CAPA should be a tool that you can use to make real improvements, not a burdensome checkbox activity that you try to race through.

For medical device companies in this camp, being a bit more discriminating about what determines a CAPA is a necessary exercise, which leads nicely to our next myth.

2. The issue identified doesn’t need to be a CAPA

Maybe it doesn’t, but we’re referring to the opposite extreme. Some companies sail merrily through treating almost nothing as a CAPA, meaning they miss the valuable learning from the exercise and are in danger of being pulled up on it during an inspection.

While your complaints, nonconformance, or audit processes may be able to handle issues that are rare, CAPA is there to deal with anything that has become systemic. If something is happening repeatedly, this should be a warning sign that CAPA is necessary. For anyone in the “everything is a CAPA” group, this standard of repeated incidents should be a trigger for you.

3. Reacting is better than being proactive

Most people who have good CAPA processes still have room for improvement. The overwhelming majority of CAPAs that are open in companies is a reaction to events. This means you waited for something to happen before taking action. What if a patient had been harmed or device had failed? You need better leading indicators and a proactive approach to stay on top.

Identify potential issues before they become a problem. This includes anything where you’ve had some kind of issue pop up more than once — is it a sign that something needs to be managed or changed more systemically?

4. We should measure the time it takes to close a CAPA

Now, this might be a slightly controversial point to hold as a myth. There’s often a management review process and key performance indicators (KPIs) leading into those reviews. Usually, there will be CAPA metrics and one of those is often time to close the CAPA. It’s understandable how companies reach the conclusion that speed might be a good metric, but what seems to happen quite often is that an arbitrary time of “within 90 days” is set as the target for the management review.

This becomes a problem for a couple of reasons. If you’ve set everything as a CAPA, you’ll be overburdened and likely unable to meet the metric. Also, people are often prone to cut corners in situations where a KPI with timing is involved. Sometimes, this means a band-aid is slapped onto the problem just to close it within the 90 days.

Tracking and trending in a CAPA is also challenging, particularly where timing is concerned. This is where detailed reporting is important — you should know where they are in the process, what is left to do and who is involved. How big is the CAPA? One may be completely different to another in terms of complexity, so an arbitrary time goal doesn’t make sense.

Sometimes companies assign risk levels to identify the complexity of the CAPA. Having good traceability through the phases will also give some idea — CAPA should have a plan just like any project.

The advantage to having a plan is that it should identify the steps you need to go through as well as some kind of estimate for completing those steps. Measuring CAPA performance becomes much more meaningful against a plan, so it’s on your CAPA team to define that plan well.

5. Root cause is easy

If only it were! Whereas timing to close a CAPA doesn’t necessarily make sense, what does make sense is measuring the time to discover the root cause. This should usually take around two weeks or less, but this doesn’t mean that it’s easy.

You should be able to identify root cause fairly quickly. A CAPA danger is where it takes too long to identify that root cause.

The big mistake companies make is defining the problem statement. What they come up with is often simply a restatement of the issue, which is not a definition of the root cause. Follow a good methodology to correctly identify the root cause and double-check you’re not simply restating the original problem. You want to be fixing the right problem!

6. Effectiveness verification is not always required

You’ve identified the issue, determined sources and root cause, conducted an investigation and taken action, but what’s next? How do you know that your actions taken were effective for dealing with the CAPA?

The tricky thing here is that a lot of CAPAs are not effective. Companies are often missing the piece where they assess and determine that any changes made were effective. This involves waiting for a period of time and that time varies depending on the issue. You might even need to wait for an entire production schedule to get through.

One school of thought says to close the CAPA before checking how effectively it was dealt with, but still keep effectiveness verification as pending. The other school of thought says “no, I cannot close my CAPA until I have verified the effectiveness.”

I recommend “completing” the CAPA pending the effectiveness verification. Once the CAPA is completed, you should have some idea as to how long it will take before effectiveness is able to be assessed. For example, something in manufacturing may be able to be started the following day, whereas something identified in audit might not be assessed until the next audit cycle. There aren’t necessarily a lot of tasks to complete, it’s just that there may be a waiting period before you can determine that actions were successful.

7. CAPAs do not have to link to other quality management systems or processes

If you go through an FDA inspection or an ISO audit, it’s a guarantee that CAPA processes will be looked at and probably close to the beginning of the inspection. An inspector will want to trace any complaints through your entire system. Did you initiate a CAPA for this? If not, why not?

CAPA becomes a foundational piece for the health of your QMS. Historically, we haven’t had good tools to manage this, but this is one of the things we’re solving at You need that visibility through one whole system rather than papers spread from filing cabinets to desks.

CAPA should tie into complaints, non-conformances, audits and any other process you can think of where there is an output and procedure in place which you regularly monitor. CAPA is a vehicle to stay ahead of any issues, much like heading in for your regular check-up at the doctor. It’s a measure of the overall health of your organization.

8. CAPA does not tie back to design controls or risk management

So much of what we’re doing in our systems revolve around our medical devices and ability to develop safe and effective products. This means you should always be looping back into your Design History File and design control or risk management practices.

Design controls are the mechanism to ensure you’re creating a safe, effective product. Some changes identified in CAPA may warrant a design change or an update in verification and validation.

Risk management is related because you should always have up-to-date files that demonstrate you’re on top of any risk issues. Almost every time you go through a CAPA, there’ll be updates needed for design controls and risk; in fact, you should make checking on this part of your process.

Final thoughts

CAPA is often seen as a bit of a hairy beast by medical device companies, but this is often laden with myths that don’t help them to use CAPA well.

Have a clearly defined process for CAPA including how you will identify what warrants it. At the same time, ensure you’re not falling toward the opposite extreme where virtually nothing is a CAPA.

Avoid these common myths and remember, CAPA should be something of value to your company that actually serves you.

Photo: eestingnef, Getty Images 

This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.