Slides from the meeting

Introduction to Risk Management
EN ISO 14971:2012 Medical Devices:
Application of Risk Management to
Medical Devices
16 March 2015
Terri Kurtz
TLK Consulting
[email protected]
Agenda
•
•
•
•
•
•
•
•
•
•
•
Introduction
Scope
Key terms and definitions
General requirements for risk management
Risk analysis
Risk evaluation
Risk control
Evaluation of overall residual risk acceptability
Risk management report
Production and post-production information
Additional thoughts
Related International Standards
EN 62366, Medical devices — Application of usability
engineering to medical devices
EN 10993 (all parts), Biological evaluation of medical devices
IEC 60601-1, Medical electrical equipment — Part 1: General
requirements for basic safety and essential performance
IEC 62304, Medical device software — Software life cycle
processes
TIP: Recommend review of ISO/TR 24971, Medical devices Guidance on the application of ISO 14971
Goals of this presentation
• What is required by EN ISO 14971:2012?
• Why should you care about risk management?
• How can risk management help produce
better medical devices?
EN ISO 14971 Introduction
• What is risk management?
– Determine how a medical device may fail
• Design, user, process, environment
– Estimate the probabilities and risks associate with
a failure
– Implement mitigations to eliminate or reduce the
risk
– Evaluate overall residual risk
– Continually evaluate risk assumptions against
product performance
Scope of EN ISO 14971
• Provides a process to identify hazards of
medical devices (including IVD medical
devices)
• Applicable to all stages in the life-cycle
• Does not specify acceptable risk levels
2012 Annex ZA
• Informative annex detailing the relationship
between ISO 14971:2007 and the EU Directive
93/42/EEC (MDD)
• Notified Bodies Recommendation Group
(NBRG) published a draft consensus paper in
June 2014 with further interpretation of the
2012 Annex
NOTE: This is listed as Informative, but because it points out
differences to the Essential Requirements is enforceable by
Notified Bodies to ensure Essential Requirements are met.
Key terms and definitions
• 2.2 harm
– physical injury or damage to the health of people, or
damage to property or the environment
• 2.3 hazard
– potential source of harm
• 2.4 hazardous situation
– circumstance in which people, property, or the
environment are exposed to one or more hazard(s)
• 2.16 risk
– combination of the probability of occurrence of harm
and the severity of that harm
Pictorial representation of the relationship of hazard,
sequence of events, hazardous situation and harm
From EN ISO 14971, Annex E
General
Requirements –
Process
From EN ISO 14971
General Requirements
• Management responsibilities
– Resources, qualified personnel, criteria for risk
acceptability, review of the process
• Qualification of personnel
– Knowledge and experience
General Requirements - Risk
Management Plan
•
•
•
•
•
•
Scope of activities for life-cycle phases
Responsibilities
Review requirements
Risk acceptability criteria
Verification activities
Collection and review of production & postproduction information
NOTE: The Risk Management Plan may be a separate document
or integrated within other documentation (QMS)
General Requirements - Risk
Management File
• RM File to provide traceability for each identified
hazard to;
–
–
–
–
Risk analysis
Risk evaluation
Implementation & verification of risk control
Assessment of residual risk
• Standard identifies what is required to be in the
RM file
NOTE: The Risk Management File may be any type of medium
and may reference the location of documentation.
Risk Management Process
Risk analysis – systematic use of available
information to identify hazards and to estimate
the risk
Risk evaluation – process of comparing the estimated
risk against given risk criteria to determine the acceptability of
the risk
Risk assessment - Overall process comprising a risk
analysis and a risk evaluation
Risk control – process in which decisions are made and
measures implemented by which risks are reduced to, or
maintained within, specified levels
Residual risk – risk remaining after risk control
measures have been taken
Risk management report – documented review of
the risk management process
Post-production – part of the life-cycle of the product
after the design has been completed and the medical device
has been manufactured
Intended use and identification of characteristics
related to the safety of the medical device
– Document intended use and reasonably
foreseeable misuse
– Annex C questions that serve as a guide
– Questions help you define and evaluate
characteristics of the device that may affect safety
TIP– overlap of Annex C and EN 62366 Application Specification
may allow integrating the two process
Identification of hazards
– Compile a list of known and foreseeable hazards
associated with the device
– Consider hazards in both normal and fault
conditions
• Normal – device is performing as intended (normally)
and the user or environment causes the hazard
• Fault – the device faults resulting in the hazard
– Determine how hazards could progress to
hazardous situations
2012 Annex ZA – all risks must be taken into account (negligible
risks may not be discarded)
Identification of Hazards
From EN ISO 14971, Annex E
Risk Estimation
– Identify reasonably foreseeable sequences or
combinations of events that can result in a
hazardous situation
– Estimate the risk of each hazardous situation
• Probability of occurrence & the consequences
• Risk estimation can be quantitative or qualitative
Foreseeable sequence of events
From EN ISO 14971, Annex E
Hazard – Harm Relationship
From EN ISO 14971, Annex E
Techniques - PHA
• Preliminary Hazard Analysis (PHA) – may be used
early in the development process
– Top-down analysis
– Start with hazards, determine hazardous situations / event
which could cause harm
– Assign probability that the hazardous situation occurs and
the severity of the resulting harm
Hazard
Sequence of events
Hazardous Situation
P
Harm
S
List potential
sources of
harm
What would have to
happen to create the
hazard?
What situation results
from the events?
Probability
this occurs
What is
Severity
the injury of harm
or
damage
Techniques - FTA
• Fault Tree Analysis (FTA) is
used early in the
development process to
identify and prioritize
hazards and hazardous
situations
– Identify a failure or hazard
– Identify all possible ways to
create the hazard
Techniques - FMEA
• Failure Mode and Effects Analysis (FMEA) is used as the design matures to
evaluate effects of the design and/or individual components (DFMEA),
processes (PFMEA) or procedural steps (AFMEA) systematically
–
–
–
–
–
–
–
Brainstorm failure modes for each function
List effects of the failure (device, patient, user, environment)
List causes of the failure
Assign severity, occurrence (and detection) ratings
Calculate the risk index (RPN, other scale of S vs. probability)
Determine risk controls
Calculate residual risk
Function
Failure
Mode
Effect(s)
S Cause(s)
O
Controls
Initial
Risk
Index
Additional
controls
Verification
of
effectiveness
Residual
Risk Index
Ability to
remove
catheter
from
patient
Tip
detaches
Tip
migration
in vessel
4 Material
selection,
bond design,
component
tolerances
2
Use of
materials
with history
Med
End of
catheter is
formed, no
detachable
part
Tensile
testing,
simulated
use, animal
study
Low
Risk Management Process
Risk analysis – systematic use of available information
to identify hazards and to estimate the risk
Risk evaluation – process of comparing
the estimated risk against given risk criteria to
determine the acceptability of the risk
Risk assessment - Overall process
comprising a risk analysis and a risk
evaluation
Risk control – process in which decisions are made and
measures implemented by which risks are reduced to, or
maintained within, specified levels
Residual risk – risk remaining after risk control
measures have been taken
Risk management report – documented review of
the risk management process
Post-production – part of the life-cycle of the product
after the design has been completed and the medical device
has been manufactured
Risk Evaluation
• 2007 standard - Based on the criteria defined in the
Risk Management Plan, determine if risk reduction is
required, reduce risk As Low As Reasonably Possible
• 2012 Addendum (Annex ZA) – all risks must be reduced
as far as possible without economic consideration
• 2014 DRAFT NBRG Guidance – If death or serious
deterioration of health is unlikely to occur, risk shall be
considered acceptable. If likely, use risk control
measures from harmonized standards, other standards,
or implement other risk reduction means
2014 guidance - Safety must not be traded against business
perspectives
Risk Management Process
Risk analysis – systematic use of available information
to identify hazards and to estimate the risk
Risk evaluation – process of comparing the estimated
risk against given risk criteria to determine the acceptability of
the risk
Risk assessment - Overall process comprising a risk
analysis and a risk evaluation
Risk control – process in which decisions
are made and measures implemented by
which risks are reduced to, or maintained
within, specified levels
Residual risk – risk remaining after risk control
measures have been taken
Risk management report – documented review of
the risk management process
Post-production – part of the life-cycle of the product
after the design has been completed and the medical device
has been manufactured
Risk Control
• Risk control option analysis (in order of priority)
– Inherent safety by design
• Eliminating a hazard
• Reducing the probability or severity of harm
– Protective measures (design / process)
• Use of alarms / alerts
• Using automatic cut-off or safety valves
– Information for safety
• Warnings
• Restrict the use
• Provide training
Risk Control – Annex
• Use of ‘one or more’ risk control options vs.
use of ‘cumulative’ risk control options
– 2012 Annex ZA – manufacturer must apply all
control options unless adding another does not
improve safety
– 2014 NBRG Draft Guidance – all risk control
options shall be considered and implemented, in
priority order, and risk reduced to an acceptable
level. If risk is acceptable, further risk reduction
may be justified.
Risk Control – Information for Safety
• 2012 Annex ZA – manufacturers shall not attribute
additional risk reduction to the information given to
the users
• 2014 NBRG Draft Guidance – Information for safety
may be considered a risk control measure. Effects of
risk reduction are to be documented. The
probability of harm may not be reduced as a result of
disclosing residual risk.
NOTE: Consider demonstrating information for safety is an effective
control to strengthen it as a control (e.g., usability validation.)
Risk Control - Implementation
• Verify implementation of each risk control
measure
– Is the control in the final design?
• Verify the effectiveness of each risk control
measure
– Does the control actually reduce the risk?
– Validation study
NOTE: Auditors expect to see two different verifications (e.g.,
implementation = design output, effectiveness = validation).
Risk Control - Residual risk evaluation
• Residual risk is evaluated against the criteria in
the Risk Management Plan
– Not acceptable – add risk control measures or
perform a risk/benefit analysis
– Acceptable – determine which residual risks to
disclose in the accompanying documents (e.g.,
labeling)
• This is done so the user can make informed decisions,
but is at the discretion of the manufacturer
Risk Control - Risk/Benefit analysis
• Risk/Benefit of individual risks
– Document analysis of weighing the benefit of the
device against the individual residual risk(s)
• Benefits come from
–
–
–
–
Literature
Comparison to other devices
Unmet patient needs
Etc.
Risk Control – Risks from risk control
& Completeness of risk control
• Risks from Risk Control Measures
– When risk control measures are implemented,
evaluate each to determine if new hazards or
hazardous situations introduced
NOTE:
– . Auditors may expect to see documented evidence this was
considered.
• Completeness of Risk Control
– Ensure all identified hazards have been evaluated
Risk Management Process
Risk analysis – systematic use of available information
to identify hazards and to estimate the risk
Risk evaluation – process of comparing the estimated
risk against given risk criteria to determine the acceptability of
the risk
Risk assessment - Overall process comprising a risk
analysis and a risk evaluation
Risk control – process in which decisions are made and
measures implemented by which risks are reduced to, or
maintained within, specified levels
Residual risk – risk remaining after risk
control measures have been taken
Risk management report – documented review of
the risk management process
Post-production – part of the life-cycle of the product
after the design has been completed and the medical device
has been manufactured
Evaluation of overall residual risk
acceptability
• After all risk control measures are
implemented and verified, the manufacturer
shall decide if the overall residual risk is
acceptable per Risk Management Plan criteria
– Determine information to include in
accompanying documents to disclose residual risk
NOTE: Auditors may expect to see documented evidence this was
considered, criteria .
Overall Risk/Benefit Analysis
• Requirement of 2012 Annex ZA
– 2007 implied that if individual and overall risks were
‘acceptable’ a risk/benefit analysis was not needed
– Annex ZA and draft NBRG guidance state
Risk Management Process
Risk analysis – systematic use of available information
to identify hazards and to estimate the risk
Risk evaluation – process of comparing the estimated
risk against given risk criteria to determine the acceptability of
the risk
Risk assessment - Overall process comprising a risk
analysis and a risk evaluation
Risk control – process in which decisions are made and
measures implemented by which risks are reduced to, or
maintained within, specified levels
Residual risk – risk remaining after risk control
measures have been taken
Risk management report – documented
review of the risk management process
Post-production – part of the life-cycle of the product
after the design has been completed and the medical device
has been manufactured
Risk Management Report
• Prior to commercial release, the RM Report is
created to ensure
– The Risk Management plan has been
appropriately implemented
– The overall residual risk is acceptable
– Methods are in place for production / postproduction information
Risk Management Process
Risk analysis – systematic use of available information
to identify hazards and to estimate the risk
Risk evaluation – process of comparing the estimated
risk against given risk criteria to determine the acceptability of
the risk
Risk assessment - Overall process comprising a risk
analysis and a risk evaluation
Risk control – process in which decisions are made and
measures implemented by which risks are reduced to, or
maintained within, specified levels
Residual risk – risk remaining after risk control
measures have been taken
Risk management report – documented review of
the risk management process
Post-production – part of the life-cycle of
the product after the design has been
completed and the medical device has been
manufactured
Production and post-production information
• Goal is to collect information after launch and
update risk management file
– To confirm or correct initial assumptions
• Device use
• Occurrences (over- and under-estimates)
– Identify omissions
• Additional risks
• Information from manufacturing, R&D, customer,
sales, competitor, new / revised standards
• Affects risk analysis, risk evaluation, risk control,
residual risk, risk / benefit analysis
Additional thoughts
• The standard outlines a process
• Determine how to do this based on
complexity of your medical devices
• Consider maintenance of risk management
files during system development
• Risk management should be started early and
used to make decisions throughout the
product life-cycle