Featured Product
This Week in Quality Digest Live
FDA Compliance Features
Michael King
Augmenting and empowering life-science professionals
Meg Sinclair
100% real, 100% anonymized, 100% scary
Alonso Diaz
Consulting the FDA’s Case for Quality program
Four data layers that matter
Kari Miller
Regulations and increased complexity are pushing the industry to adopt innovation more quickly

More Features

FDA Compliance News
Recognized among early adopters as a leading innovation for the life sciences industry
Streamlines annual regulatory review for life sciences
Facilitates quick sanitary compliance and production changeover
Creates one of the most comprehensive regulatory SaaS platforms for the industry
Company’s first funding round will be used to accelerate product development for its QMS and MES SaaS offerings
Showcasing tech, solutions, and services at Gulfood Manufacturing 2022
Easy, reliable leak testing with methylene blue
Now is not the time to skip critical factory audits and supply chain assessments
Google Docs collaboration, more efficient management of quality deviations

More News

Jon Speer

FDA Compliance

Four Essential Processes in Medical Device Risk Management

When failure is not an option

Published: Tuesday, September 29, 2020 - 11:03

Risk can mean many different things depending on the situation. Flying on an airplane, biking on a busy road, driving in a car—all of these involve some level of risk.

Although risk is a variable we encounter in everyday life, it means something uniquely different to the medical device industry. Risk is a critical factor to consider throughout the life cycle of a medical device because it can mean the difference between life and death for patients.

Industry resources like ISO 14971 exist to help medical device professionals define and clarify risk management best practices. According to the internationally recognized standard for medical device risk management, risk is defined as “the combination of the probability of occurrence of harm and the severity of harm.”

There are varying levels of risk factors medical device companies must consider in practicing effective risk management. By following the established processes outlined in ISO 14971 and leveraging the best quality management tools, medical device companies can improve their overall risk management system.

Before a medical device can enter the market and interface with patients, manufacturers must first evaluate and reduce all risks associated with the device. These steps are carried out in four essential medical-device risk management processes.

1. Identify hazards and risks related to medical device

Companies must start by identifying specific risks related to their medical device through a risk analysis. This process is only possible once a risk management file (RMF) has been established to capture the information generated from the risk analysis.

The most efficient way to produce and maintain a living RMF that stores all of your risk management documents, activities, and records in real time is by leveraging a medical device quality management system (MDQMS) to make meaningful connections between all premarket and post-market risk data and other key quality processes.

Once you have established your RMF, you can conduct your risk analysis. There are a number of techniques manufacturers use, including preliminary hazards analysis, failure mode and effects analysis (FMEA), and fault-tree analysis, all of which come with their own set of advantages as well as limitations. At the very least, the method you choose should capture the steps you take during risk analysis, risk evaluation, and risk control processes.

When you begin your risk analysis, you’ll need to draft an intended use statement. This statement will define the scope and be a critical resource in helping you identify hazards and harms. Records must be kept for every step of this process, which can be an automated task when using a MDQMS to streamline the process.

2. Estimate severity and probability of each potential risk

After identifying potential hazards, the next step is estimating the probability of occurrence of harm for each hazardous situation identified as well as the potential severity of harm associated with that risk.

You will need to clearly define which risk zones will be deemed acceptable and which will require risk reduction in your risk management procedure and risk management plan. A risk acceptability matrix should be used to break down every potential hazard to understand how you will prioritize risk reduction.

Rank the risk severity levels from left to right on the “X axis” of the risk matrix table in this order:
• Negligible: No risk is posed to the patient
• Minor: The hazard causes slight inconvenience
• Serious: Short-term injury requiring additional medical treatment is likely required
• Major: The hazard could lead to potential disability or long-term injury
• Critical: Hazard causes life-threatening injury

After identifying levels of severity, evaluate the probability of occurrence based on a similar ranking model, but starting at the base of the “Y axis” going up in this order:
• Improbable: 1 in 1,000,000 chance
• Remote: 1 in 100,000 chance
• Occasional: 1 in 10,000 chance
• Probable: 1 in 1,000 chance
• Frequent: 1 in 100 chance

Based on these two axes, each hazard can then be plotted into varying levels of risk, such as low, medium, and high. For example, if the severity of an identified hazard is determined to cause critical harm with an occasional probability occurrence, then its level of risk would fall into the medium zone, and reduction strategies should be deployed.

3. Reduce risks to acceptable levels

If a device is determined to carry a medium to high risk, then risk-reduction measures must be established to lower potential harm. These are commonly described as risk controls and are considered the most effective way to reduce the occurrence of harm.

Risk controls ensure patient safety and should be considered in this order:
1. Inherent safety by design
2. Protective measures taken during actual product and/or manufacturing process
3. Safety information, like labeling and instructions for use

Risk controls must also be tied into the entire risk management process. For instance, you should evaluate risk controls against design verification and validation, and design outputs to define risk at every stage of the product life cycle. Depending on the quality system used, this could seem like a tedious task, so it’s wise to consider a purpose-built risk management solution that can streamline this work and efficiently establish these connections for you.

4. Resolving potential residual risks

The final essential process in medical-device risk management is resolving any residual risks associated with a device. Residual risk has to do with potential harms that may occur even after risk controls have been implemented. A helpful question you can ask yourself at this stage is whether the level of residual risk is acceptable or unacceptable for patient use.

You’ll be able to find the answer to that question by reevaluating risks using the same acceptance criteria from your risk matrix. If the risk is found to be acceptable, provide objective reasoning to substantiate that decision and document all evidence in the RMF within your MDQMS.

If the risk is deemed unacceptable, conduct a benefit-risk analysis. The purpose of this step is to determine if the medical need of a patient outweighs the potential risk of the medical device. An example of this would be a high-risk device that has the potential to save a patient’s life who would otherwise not survive without it; a case could be made that the benefit in this instance outweighs the risk.

As the manufacturer, you must remember the important responsibility you have to the patients who use your medical device. They may not always be aware of every risk they accept before using your product. So, there’s something you should keep in mind at all times: Someday that patient could be your loved one or even yourself. Ensuring the highest level of care when it comes to your risk and quality management practices is vital to producing and maintaining a true quality medical device that saves and improves lives.


About The Author

Jon Speer’s picture

Jon Speer

Jon Speer is the founder and vice president of quality assurance and regulatory affairs at Greenlight Guru, a software company that produces the only medical device quality management software solution. Device makers in more than 50 countries use Greenlight Guru to get safer products to market faster. Speer has served more than 20 years in the medical device industry and helped dozens of devices get to market. As a thought leader and speaker, he regularly contributes to numerous industry publications. He is also the host of Global Medical Device Podcast.