FEATURED PRODUCT: Interpretation of FDA's (QSR) With QSIT references
A
complete compendium to FDA's Quality System Regulation (QSR) with relative
references to FDA's Quality System Inspection Technique (QSIT). Now ONLY $99 (limited time)
Search This Site
Risk Management Process and ISO 14971
As device manufacturers we have the responsibility of
ensuring that our products are safe before shipping them out the door. As such
we are required to have a risk management process in place and to have evidence
on hand that we have conducted a Hazard Analysis. It is probably the single most
important design input process you can conduct and yet there are medical device
manufacturers and service providers who do not conduct an appropriate evaluation
or even worst – do not have a process implemented yet.
The process of dealing with hazards and risks are well defined in recent
standards. Years ago the method of choice was Failure Mode and Effect Analysis –
this has given way in the medical device field to the industry specific ISO
14971.
Before proceeding we should clarify some keywords and proper definitions. Often
the words Hazard and Risk are used interchangeably. This is incorrect. At least
for the purposes of this article:
Hazard will be defined as “a source of danger or harm”
And
Risk will be defined as “the probability of harm and occurrence”
THE PROCESS: IDENTIFY, ANALYZE AND MITIGATE
There is common sense lifecycle approach to dealing with hazards. In essence
once you identify a hazard it is your responsibility to analyze and mitigate it
prior to releasing your product. This is of course given that your product has
not already been distributed on the market. In the event that the hazard has
been identified post-release (usually initiated as a customer complaint) it is
still the manufacturer’s responsibility to analyze and mitigate as well as
follow applicable MDR requirements.
MANAGEMENT RESPONSIBILITY
Management has defined responsibilities per ISO 14971. Namely they are
responsible for: Define a risk management policy; ensure that adequate resources
are in place to handle risk activities; assign trained personnel and review
results of all risk management activities.
HAZARD ANALYSIS OBJECTIVES
The purpose for conducting a Hazard Analysis on medical devices can be summed up
by several distinct processes.
The recognition and evaluation of known potential hazards and there effects on
the patient, user and others
The identification of actions that could eliminate the potential failures or
reduce their chances of occurring
And, the documentation of the recognition, evaluation and corrective activities
so that the product quality continuously improves over time.
Over time, products do end up changing. These changes are the results of
improvements or to correct a deficiency – in all instances the manufacturer is
responsible to evaluate the change as part of the product’s hazard evaluation.
Why? Consider this scenario the product undergoes a manufacturing or development
change and you do not analyze the risk of the change. Now, let’s say something
goes wrong in the field that results in injury or death. The ramifications of
not having done an appropriate Hazard Analysis will now put your company at
greater risk for law suits and possible Agency action. Not to mention some
person may have been injured or even worst killed as a result of your companies
neglect to conduct an appropriate evaluation.
WHO SHOULD PARTICIPATE IN A HAZARD EVALUATION?
The ultimate make-up of the hazard evaluation team will be different depending
on your particular device. The recommendation is to have at least the following
experts participate:
Product Management
The person ultimately responsible for the device should always be involved. The
reason is that they have the legal if not moral obligation of ensuring that the
product they place on the market is safe. This person usually has the ultimate
say in what resources to make available. This includes any additional resources
that will have to be made available as a result of a newly recognized risk.
The product manager is also usually the best person to know the product’s use
with regards to the questions: Who, Where, When, What and How. These questions
will surely come up in a proper hazard evaluation. The product manager will
ensure that the proper answers are given in such cases.
Regulatory Affairs and Quality Management
Having a Regulatory Affairs manager or Quality manager is a way of ensuring that
products that have unmitigated risks do not make it to the market. Hopefully,
your organization has placed their authority way up in the organization chart to
giving them the capacity to enact on their decisions. A true member of the RA/QA
organization should not have any reporting structure to management responsible
for getting out the product (or providing service).
Other members of the RA/QA team that should participate include the ones
responsible for the CAPA system. This includes nonconformances, deviations and
customer complaint handling. Their previous experience dealing with
non-compliances makes them an ideal participant to ensure that previous
corrected problems are not inadvertently “undone” by new mitigations.
CLINICAL EXPERTS
Knowing how a change will impact a product is best suited to a clinical expert;
someone who preferably uses the device or has extensive knowledge of the
product’s actual use in the field.
Clinical experts can often make a determination if the change will have an
impact on the product’s workflow. Let’s consider a simple change to the device’s
packaging color. The hospital procedure says – “Get the red colored catheter
package”. Hopefully, there is additional identification requirements, but for
the sake of argument the manufacturer doesn’t have an idea on how the hospital
procedure is impacted by the change. The clinical expert can identify the risk
and can also suggest mitigation by ensuring that adequate notice is provided to
the hospital to allow them to change their procedure.
A more important contribution of the clinical expert is that they can give
essential input into whether the change will have an impact on the product’s
safety and efficacy and whether addition clinical testing/validation is required
before releasing the product.
RISK ASSESSMENT PROCESS
The process of conducting an actual Risk Assessment begins by bringing together
the team members. The best way to do this is in person (all together). It’s been
widely known that ‘brainstorming’ sessions are effective in addressing a wide
comprehensive lists. The reason for this is that while one person thinks
linearly – the rest of the team as a whole is working in three dimensions.
THE STEPS
The first step in conducting a Risk Assessment is to identify the product’s
Intended Use. You should list all the functions associated with the product.
The next step is to identify all the known (actual as well as potential) hazards
associated with the product. This can be done in several ways and should include
input from:
- Nonconformances
- Customer complaints
- MDRs
If this is a new product without a lot of history you may want to consult with
the FDA’s MAUDE database or any other online source for potential hazards that
have occurred with products similar to yours.
The third step in the process is traceability, to keep tabs on this specific
hazard, by assigning it a unique identifier. This is similar to assigning a
unique number to a nonconformance or customer complaint. The hazard is hence
treated as “Open” until it is effectively mitigated.
After identifying the hazard the next thing you will need to do is to create a
list of causes. Some things that can go wrong:
Lack of training
User error
Inadequate documentation
Just to name a few. This is a good step to bring in the clinical experts we
mentioned earlier. They usually have in dept knowledge of how the product will
be used and can also draw from their extensive experience in the field. Remember
that hazards can occur from a variety of similar devices. Clinical experts
usually have experience with more that just the one or limited devices you are
working on.
When you are complete compiling a list of causes, the next step is to list the
effects of the hazard on the patient. This step is usually straight forward but
again may require the help of a clinical specialist or MD.
Some of the effects on the patient are:
Injury
Death
Misdiagnosis
Again, this is only a small list which you will no doubt want to grow. You may
actually want to delve deeper into more specific examples.
Another step in the Risk Assessment process is to list the already in-place
mitigation controls. The one big source of mitigation is labeling. From the
product packaging right down to the operating manual you may have cautionary and
warning statements to ensure that the product is used as intended.
SEVERITY AND OCCURRENCE
This next step deals with prioritizing the risk by estimating the severity (how
serious is the hazard if it were to occur) and occurrence (how likely is the
hazard likely to occur).
ISO 14971 uses a rating scale to categorize the risk. A standard rating uses a
scale of 1 to 5. Each number of the scale represents the RISK (a factor of
Severity and of Occurrence). The resulting risk numbers are referred to as the
Risk Priority Number or RPN for short. The low values represent little risk
whereas the higher numbers represent serious risk.
After identifying your RPNs for each risk the next step is to start thinking up
ways to mitigate the risk. This is probably one of the more difficult steps in
the process and may result in mitigation effort as low as “0” no mitigation
required to the highest number in your rating (mitigation is required). This is
where team members who have leverage in diverting funds come into play.
Mitigation is not always free. Although that does not have to be the case since
some of the highest risks may have some of the easiest and cheapest methods for
mitigation. At any rate, it’s your job here to identify how you can mitigate the
risk.
Surprisingly it is not the hazard you usually end up mitigating but rather the
probability of the hazard occurring. This is not always the case but certainly
is the norm when it comes to mitigating the risk.
IS RISK (THAT IS HIGHER THAN WOULD BE GENERALLY ACCEPTABLE) EVER ACCEPTABLE?
According to ISO 14971 there are some occasions whereby the benefit bestowed by
the device outweighs the risk. The difficult part of this subclause is that you
will have to show exactly how the benefits of your device outweighs the
associated risk. This is not always the easiest thing to do. One way may be to
show that the risk of your device is comparable to the risks associated with
devices already on the market. Of course the obvious one would be to show where
the benefit of your device to the patient outweighs the risk.
The last step to your Risk Assessment is to bring it all together in the form of
a summary. This executive summary allows for one last overall evaluation of the
risk to ensure that the product is safe and effective.
CONCLUSION
In conclusion the Risk Assessment plan is an important design tool in the
development of the device. It is used to ensure that the products leaving your
doors is designed safe and effective. Unlike other processes however, the hazard
evaluation is one that never dies. In fact the risk plan should evolve
especially as other risks are identified – such as when a problem occurs out in
the field or when a customer complaint is issued.
>
Site Map »
Media package available for advertisers looking to advertise on this site.