Misunderstandings in Complaint Management: Ensuring Regulatory Compliance and Standards Adherence

Introduction

In the course of consultations and audits, the author has repeatedly observed cases where organizations fail to comply with regulatory requirements and ISO 13485 standards regarding complaint handling. This oversight often stems from fundamental misunderstandings about what constitutes a complaint and how complaint management systems should be structured. This article addresses the most common misconceptions encountered in the medical device industry and provides guidance for ensuring proper compliance.

Definition of a Complaint Under ISO 13485:2016

The definition of a complaint under ISO 13485:2016 (clause 3.4) is as follows:

Complaint: Any communication (written, electronic, or oral) that points out a lack of identity, lack of quality, lack of durability, reliability, usability, safety, or performance of a medical device that was released under the control of an organization or any lack of performance relating to the servicing of a medical device.

Organizations should first verify that their own complaint definition aligns with this standard requirement. The author has frequently encountered organizations that have created their own idiosyncratic definitions of complaints, which often fail to capture all the situations that should be considered complaints under ISO 13485 and regulatory requirements such as FDA and EU MDR regulations.

Complaint (Complaint) vs. Claim (Claim)

Many organizations use the term “claim” (クレーム) when referring to complaints. However, there is a critical distinction: the English term for complaint is “Complaint,” not “Claim.” This distinction is particularly important during FDA inspections and when communicating with regulatory authorities. A complaint in regulatory terminology is a formal report of a defect or safety concern, whereas a claim may refer to commercial or contractual disputes. Using the incorrect term can lead to confusion during regulatory audits and may indicate to inspectors that the organization has not properly understood complaint handling requirements.

Complaint Management Beyond Warranty Periods

The ISO 13485 definition of a complaint includes the term “durability,” which encompasses the intended useful life of the medical device as specified by the manufacturer. This means that any indication of defect within the device’s declared useful life should be treated as a complaint, regardless of warranty status.

The author has observed organizations that only handle complaints occurring within the manufacturer’s free repair period, treating complaints arising after this period as outside the scope of complaint management. This approach is incorrect. Whether repair is provided at no cost (under warranty) or at a charge (outside warranty) is a business decision that has no bearing on regulatory requirements. From a regulatory perspective, both situations must be treated as complaints and entered into the complaint management system.

This distinction is particularly important under EU MDR/IVDR regulations, where complaint data is directly used for post-market surveillance and trend analysis. Failing to include out-of-warranty complaints could result in an incomplete picture of device safety and performance, potentially exposing patients to undetected hazards.

Usability as a Complaint Category

The complaint definition explicitly includes usability. This means that statements such as “this device is difficult to use” or “the instructions are confusing” must be treated as complaints. In the past, organizations could dismiss usability concerns by claiming they were inherent to the device’s design or intended use. This is no longer acceptable.

The shift in regulatory focus toward usability is driven by recognition that poor usability can directly contribute to use errors and patient safety incidents. IEC 62366-1 (Guidance on the application of usability engineering to medical devices) emphasizes that usability deficiencies must be identified and addressed throughout the product lifecycle. Complaints related to usability must therefore be systematically analyzed to identify potential design or labeling improvements that could enhance safety and reduce user errors.

Furthermore, under EU MDR Article 73(2), organizations are required to establish and maintain a system for collecting, documenting, and analyzing complaints related to the quality, performance, or safety of a device. This explicitly includes usability-related complaints that could impact patient safety.

Integration of Service Records into Complaint Management

ISO 13485:2016 clause 7.5.4 (Provision of product and/or service) requires organizations to analyze records of associated service activities and determine whether this information should be treated as complaints and whether it should be included in the information to be analyzed in improvement processes.

ISO 13485:2016 7.5.4 requirement: “The organization shall analyze information relating to provision of product and/or service for the purpose of: a) determining information related to customer satisfaction and dissatisfaction, and b) evaluating the effectiveness of changes made to the management system.”

This requirement represents a significant shift from ISO 13485:2003, which used the term “customer complaints.” The 2016 revision broadened the scope to “complaints” without the qualifier “customer,” reflecting the recognition that complaints can originate from multiple sources beyond direct customer reports.

Service records—including maintenance reports, repair records, field service notifications, and technician observations—are a critical input to the complaint management system. If a service technician discovers a defect, malfunction, or safety concern during a routine maintenance visit or repair, this must be documented and processed through the complaint management system. Similarly, if a technician identifies recurring issues or patterns of failure during service calls, these observations must be analyzed for their implications on device safety and performance.

Many organizations fail to systematically capture and analyze service-derived information, effectively creating a gap in their post-market surveillance activities. This is particularly problematic for implantable devices, reusable devices, and those requiring regular servicing, where service interactions may be the primary source of safety-relevant information after initial distribution.

Additional Complaint Sources and Integration Points

Beyond direct customer complaints and service records, organizations should consider other potential sources of complaint-relevant information, including:

• Regulatory agency notifications and warning letters regarding the device
• Adverse event reports submitted to regulatory authorities (FDA MDR, EudraVigilance, etc.)
• Results from post-market surveillance activities and trend analyses
• Information from clinical monitoring programs and patient registries
• Feedback from healthcare provider meetings, user conferences, and professional organizations
• Social media, customer forums, and online reviews that indicate device concerns
• Returns and non-conformance investigations when related to device performance issues

While not all of these sources will result in formal complaints, organizations should have processes to evaluate each source and determine whether information should be escalated to the complaint management system.

Regulatory Requirements Across Jurisdictions

Complaint management requirements are not limited to ISO 13485. Depending on the geographic markets served, organizations must also comply with:

Jurisdiction	Key Regulatory Requirements
FDA (US)	21 CFR Part 803 (Medical Device Reporting) and 21 CFR Part 806 (Medical Device Corrections and Removals). FDA expects organizations to maintain complaint files and use this data for risk assessment and trend analysis.
EU MDR	Article 73 (Post-market surveillance) and Article 87 (Complaint handling). Organizations must establish and maintain complaint handling systems and report serious incidents to competent authorities.
PMDA (Japan)	Ordinance on Medical Device Quality Management Standards (Pharmaceutical Affairs Law). Complaint handling is a mandatory element of post-market surveillance.
MHRA (UK)	UK Medical Device Regulation (post-Brexit). Requirements align with EU MDR principles regarding complaint handling and post-market surveillance.
ANVISA (Brazil)	RDC 80/2024 requiring complaint management as part of Medical Device Quality Management Systems.

Each of these regulatory frameworks requires not only the receipt and documentation of complaints but also systematic analysis and the use of complaint data in post-market surveillance, risk management, and continuous improvement activities.

Implementation Best Practices

To ensure comprehensive and compliant complaint management, organizations should:

1. Develop a written complaint management procedure that defines all sources from which complaints may originate, including service records, regulatory notifications, and customer-initiated communications.
2. Establish clear criteria for determining whether reported issues meet the definition of a complaint under ISO 13485 and applicable regulations.
3. Create a centralized complaint management system or database that captures complaints from all sources, not just direct customer reports.
4. Implement regular training for all staff who may receive or identify complaints, including service technicians, customer service representatives, regulatory affairs personnel, and quality assurance staff.
5. Establish a formal review process for service records, adverse event reports, and regulatory notifications to identify complaints that may not be explicitly labeled as such.
6. Use complaint data for systematic trend analysis to identify emerging safety issues, usability concerns, and opportunities for product improvement.
7. Ensure that complaint-derived information flows to relevant functions including risk management, post-market surveillance, and design control activities.
8. Maintain detailed documentation of all complaint-related decisions, including the rationale for accepting or rejecting reports as complaints.
9. Conduct periodic management reviews of complaint data to ensure that the complaint management system remains effective and identifies areas for improvement.

Conclusion

The author’s observations from consultations and audits reveal that complaint management remains an area where many organizations struggle to achieve full compliance with ISO 13485 and regulatory requirements. This often results from fundamental misunderstandings about what constitutes a complaint, the scope of complaint sources, and the regulatory importance of systematic complaint analysis.

These misunderstandings are not merely technical compliance issues; they directly impact the organization’s ability to identify and address safety concerns, support post-market surveillance obligations, and ultimately ensure patient safety. Organizations are strongly encouraged to conduct a comprehensive review of their complaint definitions, procedures, and system implementation to ensure alignment with current standards and regulatory expectations.

In an increasingly regulated environment, where regulatory agencies place significant emphasis on post-market surveillance and evidence of proactive safety management, a robust complaint management system is not simply a compliance requirement—it is a fundamental element of responsible medical device governance.