Featured Product
This Week in Quality Digest Live
Health Care Features
Dirk Dusharme @ Quality Digest
Government agencies and consumers fall prey to knockoffs and unapproved vendors
Stanley Chao
Suddenly, everybody and their brother thinks they know how to do business in China
Quality Digest
PPE counterfeits endanger lives. Testing ensures real PPE does its job.
Grant Ramaley
The IAF certification database could help confirm the quality of medical purchases by governments
Carrie Van Daele
Keep these ideas in mind as you reintroduce your employees to their workplace

More Features

Health Care News
Despite being far from campus because of the pandemic, some students are engineering a creative way to stay connected
Good quality is adding an average of 11 percent to organizations’ revenue growth
Further enhances change management capabilities
Stereotactic robot helps identify target and deliver electrodes to target with submillimetric accuracy
How the nation’s leading multistate cannabis company ensures quality and safety standards
ISO and WHO are working for universal access to quality health products that are all at once safe, effective, and affordable
Certification bodies can conduct food safety audits and issue certifications of foreign food facilities
Creates adaptive system for managing product development and post-market quality for devices with software elements
Transforming a dysfunctional industry

More News

Jon Speer

Health Care

What You Need to Know for an Effective Risk Assessment

Two concepts to ensure patient safety and device quality

Published: Thursday, May 14, 2020 - 12:02

Historically, risk management has been a complex and polarizing subject, with various stakeholders assigning different values on the probability and severity of harm. In the medical device industry, risk management’s high importance has led to the publication of standards such as ISO 14971, offering guiding principles using a universal risk management framework applicable to all types of medical devices and processes throughout the entire product life cycle, from design and development through manufacturing and into post-market activities.

In December 2019, an updated version of the standard ISO 14971:2019 was released, bringing impactful changes to the medical device industry. Although many of the changes were minor, there are key updates to processes and best practices that medical device companies should understand and keep top of mind.

One example is the updated guidelines for risk assessment. ISO 14971:2019 looks at risk analysis and risk evaluation as individual and separate sets of tasks that together make up a risk assessment. In my experience, I will generally conduct these two sets simultaneously, but to effectively do so, you must understand the tasks involved with each.

Risk analysis tasks

There are many ways to conduct a risk analysis, and many of these techniques are used across the industry, including failure mode and effects analysis (FMEA), fault-tree analysis, and preliminary hazards analysis. However, it’s critical that as you go through your own risk analysis, you define an approach that allows you to document the entire process easily and effectively.

To achieve this, you must clearly outline three aspects of the medical device:
1. Intended use
2. Potential hazards
3. Risk

Whenever you start a risk analysis, you should work from a documented intended-use statement. This statement helps to define the scope of the device and helps to outline potential hazards that may occur later in the process. The intended-use statement is also useful in identifying foreseeable misuse of the product.

An effective strategy to identify hazards is to go through each step required for device use and determine if there are any sources of harm along the way. Identifying these scenarios early on helps to ensure that safety measures are established in order to reduce risk.

Once each potential hazard and hazardous situation is outlined, the risk analysis can be completed by estimating risk for each hazard. According to ISO 14971, risk is defined as the probability of occurrence of harm and the severity of said harm. Risk estimation requires manufacturers to outline two things: seriousness and likelihood of occurrence.

A common technique used to illustrate these factors is a severity and occurrence table, often referred to as a risk acceptability matrix, which evaluates harm based on levels of severity and also the probability of that occurrence.

For example, a life-threatening injury would be considered critical in severity, and if it only occurs once in 1 million times, then the event is also considered improbable.

Risk evaluation tasks

Once risks for each harm have been estimated, it’s time to evaluate each risk to determine if risk reduction is required. Many companies will evaluate risk levels in three “zones”: low, medium, or high. The most common practice for practical risk evaluation is to establish criteria around which risk zones are deemed acceptable and which are not.

Manufacturers that sell in the United States often correlate the low zone with acceptable risk and the high zone as unacceptable. The medium zone often fits into what is referred to “as low as reasonably practicable.” That said, many companies place a similar emphasis on the level of risk in the medium zone as they do the high zone when conducting risk reduction.

A comprehensive risk assessment is a vital component of the medical device manufacturing process and also a significant requirement found in the updated ISO 14971:2019 risk management standard. Evaluating potential harm and risks, and diligently working to reduce them, helps to ensure patient safety and medical device true quality.

Discuss

About The Author

Jon Speer’s picture

Jon Speer

Jon Speer is the founder and vice president of quality assurance and regulatory affairs at Greenlight Guru, a software company that produces the only medical device quality management software solution. Device makers in more than 50 countries use Greenlight Guru to get safer products to market faster. Speer has served more than 20 years in the medical device industry having helped dozens of devices get to market. He is a thought leader and speaker, and regularly contributes to numerous industry publications. He is also the host of Global Medical Device Podcast.

 

Comments

Improbable Medium Risk

Hello,

Thank you for the article.

Often, especially during audits and inspections, potentially life-threatening risks are seen as always of the highest risk level, no matter how improbable they are. And there is a case to make, that just because something is highly unlikely, the consequences remain life-threatening and therefore, the risk should be treated as if it occured more regular and thus be categorized as "high risk".

Assuming all risk managers somewhat use the principle of worst-case, it's hard to grasp how a critical (per articles definition life-threatening) risk can be a low risk, just because you may only harm 1 in a million. I think it would make sense to have any foreseeable permanent damage to be at least "medium" risk and all life-threatining risks as "high" risk category.

That ISO14971 fails to define this, once and for all in its current revision, is a mistake, in my honest opinion. This is, where true standardization in this industry could have happened, but instead some formalities were changed. The request for more Benefit/Risk analyses will never be heard, when even potentially fatal consequences can be a low-risk topic.

br

daniel