Featured Product
This Week in Quality Digest Live
Health Care Features
Dario Lirio
Modernization is critical to enhance patient experience and boost clinical trial productivity
Alexander Khomich
Healthcare software opens up opportunities for clinics in both management and patient care
Gary Shorter
Pharma needs to adapt and evolve with the changing environment of life science data
Can using RNA like a circuit breaker make it a computer?
Knowledge at Wharton
Deploying technology in operational decision-making can improve conditions for workers and outcomes for patients

More Features

Health Care News
Winter 2022 release of Reliance QMS focuses on usability, mobility, and actionable insights
The tabletop diagnostic yields results in an hour and can be programmed to detect variants of the SARS-CoV-2 virus
First Responder UAS Triple Challenge focuses on using optical sensors and data analysis to improve image detection and location
Free education source for global medical device community
Extended validation of Thermo Scientific Salmonella Precis Method simplifies workflows and encompasses challenging food matrices
‘Completely new diagnostic platform’ could prove to be a valuable clinical tool for detecting exposure to multiple viruses
Provides improved thermal stability for stored materials, risk mitigation advantages, and processes that are documented and repeatable
Patient safety is a key focus in update of ISO 14155, the industry reference for good practice in clinical trials.
Despite being far from campus because of the pandemic, some students are engineering a creative way to stay connected

More News

Jon Speer

Health Care

What You Need to Know for an Effective Risk Assessment

Two concepts to ensure patient safety and device quality

Published: Thursday, May 14, 2020 - 12:02

Historically, risk management has been a complex and polarizing subject, with various stakeholders assigning different values on the probability and severity of harm. In the medical device industry, risk management’s high importance has led to the publication of standards such as ISO 14971, offering guiding principles using a universal risk management framework applicable to all types of medical devices and processes throughout the entire product life cycle, from design and development through manufacturing and into post-market activities.

In December 2019, an updated version of the standard ISO 14971:2019 was released, bringing impactful changes to the medical device industry. Although many of the changes were minor, there are key updates to processes and best practices that medical device companies should understand and keep top of mind.

One example is the updated guidelines for risk assessment. ISO 14971:2019 looks at risk analysis and risk evaluation as individual and separate sets of tasks that together make up a risk assessment. In my experience, I will generally conduct these two sets simultaneously, but to effectively do so, you must understand the tasks involved with each.

Risk analysis tasks

There are many ways to conduct a risk analysis, and many of these techniques are used across the industry, including failure mode and effects analysis (FMEA), fault-tree analysis, and preliminary hazards analysis. However, it’s critical that as you go through your own risk analysis, you define an approach that allows you to document the entire process easily and effectively.

To achieve this, you must clearly outline three aspects of the medical device:
1. Intended use
2. Potential hazards
3. Risk

Whenever you start a risk analysis, you should work from a documented intended-use statement. This statement helps to define the scope of the device and helps to outline potential hazards that may occur later in the process. The intended-use statement is also useful in identifying foreseeable misuse of the product.

An effective strategy to identify hazards is to go through each step required for device use and determine if there are any sources of harm along the way. Identifying these scenarios early on helps to ensure that safety measures are established in order to reduce risk.

Once each potential hazard and hazardous situation is outlined, the risk analysis can be completed by estimating risk for each hazard. According to ISO 14971, risk is defined as the probability of occurrence of harm and the severity of said harm. Risk estimation requires manufacturers to outline two things: seriousness and likelihood of occurrence.

A common technique used to illustrate these factors is a severity and occurrence table, often referred to as a risk acceptability matrix, which evaluates harm based on levels of severity and also the probability of that occurrence.

For example, a life-threatening injury would be considered critical in severity, and if it only occurs once in 1 million times, then the event is also considered improbable.

Risk evaluation tasks

Once risks for each harm have been estimated, it’s time to evaluate each risk to determine if risk reduction is required. Many companies will evaluate risk levels in three “zones”: low, medium, or high. The most common practice for practical risk evaluation is to establish criteria around which risk zones are deemed acceptable and which are not.

Manufacturers that sell in the United States often correlate the low zone with acceptable risk and the high zone as unacceptable. The medium zone often fits into what is referred to “as low as reasonably practicable.” That said, many companies place a similar emphasis on the level of risk in the medium zone as they do the high zone when conducting risk reduction.

A comprehensive risk assessment is a vital component of the medical device manufacturing process and also a significant requirement found in the updated ISO 14971:2019 risk management standard. Evaluating potential harm and risks, and diligently working to reduce them, helps to ensure patient safety and medical device true quality.


About The Author

Jon Speer’s picture

Jon Speer

Jon Speer is the founder and vice president of quality assurance and regulatory affairs at Greenlight Guru, a software company that produces the only medical device quality management software solution. Device makers in more than 50 countries use Greenlight Guru to get safer products to market faster. Speer has served more than 20 years in the medical device industry having helped dozens of devices get to market. He is a thought leader and speaker, and regularly contributes to numerous industry publications. He is also the host of Global Medical Device Podcast.



Improbable Medium Risk


Thank you for the article.

Often, especially during audits and inspections, potentially life-threatening risks are seen as always of the highest risk level, no matter how improbable they are. And there is a case to make, that just because something is highly unlikely, the consequences remain life-threatening and therefore, the risk should be treated as if it occured more regular and thus be categorized as "high risk".

Assuming all risk managers somewhat use the principle of worst-case, it's hard to grasp how a critical (per articles definition life-threatening) risk can be a low risk, just because you may only harm 1 in a million. I think it would make sense to have any foreseeable permanent damage to be at least "medium" risk and all life-threatining risks as "high" risk category.

That ISO14971 fails to define this, once and for all in its current revision, is a mistake, in my honest opinion. This is, where true standardization in this industry could have happened, but instead some formalities were changed. The request for more Benefit/Risk analyses will never be heard, when even potentially fatal consequences can be a low-risk topic.