Failure is a friend: An engineer’s perspective of medical device failure

History shows many great examples of learning from – often catastrophic – failure. In 1912, the sinking of the Titanic after hitting an iceberg led to major improvements in maritime safety, including the establishment of the International Convention for the Safety of Life at Sea (SOLAS) and several new wireless communication regulations. In 1940, the collapse of the Tacoma Narrows Bridge due to aeroelastic flutter boosted research in the field of bridge aerodynamics and aeroelastics, which significantly improved the subsequent design of all long-span bridges.

In the 1970s, the Dalkon Shield contraceptive intrauterine device (IUD) caused sepsis and other complications that led to the Medical Device Amendments, which mandated the US Food and Drug Administration (FDA) to require the testing and approval of medical devices.

Medical error has been estimated to be one of the leading causes of death in the US, accounting for over 250,000 deaths annually¹. This is only exceeded by the two big killers, heart disease and cancer². Medical devices are intended to sustain and improve quality of life. Unfortunately, there is inevitably a risk that failure of these products or the associated procedure can result in injury, disability, threats to life or even death.

The medical device industry is highly regulated to help ensure that devices are safe and effective. Each year, the FDA receives several hundred thousand reports of suspected medical device associated deaths, serious injuries and malfunctions. It is important to note that failure is rarely the result of a single cause and lessons from history show that, especially in complex systems, major failures often result from a sequence of seemingly unrelated small deviations or events. Nevertheless, analysis of root cause data reveals that failures of product design and manufacturing process control caused more than half of all medical device recalls³.

Having worked in post-market surveillance for a multinational, orthopaedic company, I have seen numerous product failures. I have developed a keen interest in understanding why things fail and how we, as engineers and designers, can learn from this to minimise future risk. The following sections describe seven key learnings based on case studies of medical device failure.

1. Conduct extensive background research

Without striving to benefit from learning, history will repeat itself. Accordingly, when undertaking a new device development project it is important to understand relevant previous events.

In the early 1980s, Vitek, Inc. released their Proplast-Teflon Interpositional Implant (IPI) for the jaw, designed for the surgical replacement of dysfunctional discs in the temporomandibular joint (TMJ). Within a few years patients began to experience serious health-related problems. Teflon had been abandoned as a bearing surface for total hip replacements as a result of research conducted in the 1960s. This indicated that failure would be unlikely in the jaw, an allegedly non-load-bearing joint. It was subsequently shown that the jaw is load bearing (up to 89 N) and if it had been tested to this load, Vitek would have noticed the rapid failure of the implant⁴.

Background research should include a review of the following sources of information:

• Applicable standards, guidelines and regulations,

• Competitor comparisons,

• Manufacturer and User Facility Device Experience (MAUDE) database of Medical Device Reports (MDRs),

• Product recalls of equivalent products/ materials, and

• Internal complaints.

From this research, quantitative techniques such as hazard analysis can be used to identify, rank and eliminate or control foreseeable hazards according to the risk profile. Not only is it advisable to carry out research to inform development, it is also a requirement of the standards that we work to.

2. Establish and understand user requirements

The inclusion of input from potential users is invaluable for defining and understanding the technical/functional requirements that the device must fulfil in conjunction with issues from previous attempts or techniques.

From 2005 to 2009, the FDA received approximately 56,000 reports of adverse events associated with the use of infusion pumps, including numerous injuries and deaths. During this period, 87 infusion pump recalls were conducted by firms to address safety concerns. These adverse event reports and device recalls were not isolated to a specific manufacturer, type of infusion pump, or use environment, but rather occurred generally across the board.

The reported problems included confusing or unclear on-screen user instructions, which may have led to improper programming of medication doses or infusion rates. For example, the design of the infusion pump screen may not make clear which units of measurement should be used to enter patient data, leading to inappropriate dosing, and having the power button adjacent to the start infusion button could lead to accidental shut down of the infusion pump.

Input from potential users can be obtained through market surveys, focus groups and design research activities as well as previous case studies. This can give engineers and designers insight into who uses the device, how the device is handled and stored, when and where the device is used, other products the device might need to interact with, and the benefits and shortfalls of existing products. Many user-related risks can be avoided at the design stage by minimising complexity for users.

3. Don’t rush the device development process

By definition, development of a new device involves a number of uncertainties, including political, social, technological, legal and market changes. Accordingly, a degree of flexibility is essential in the development timeline. Manufacturers can take a faster route to market through the FDA 510(k) process, which doesn’t require clinical data for medical devices where substantial equivalence can be claimed. In 2015, the FDA approved 3,006 510(k) devices compared with 47 Premarket Approval (PMA) devices⁵.

The DePuy ASR hip system became commercially available in 2003 to resurface the hips of younger patients diagnosed with non-inflammatory degenerative joint disease. In 2010, DePuy issued a voluntary recall after receiving data from the National Joint Registry regarding higher than normal revision surgery rates. The metal-on-metal bearing was vulnerable to shedding metal particulates, resulting in component loosening, malalignment, infection, bone fracture, dislocation, metal sensitivity and/or pain⁶. The FDA approved the ASR hip system through the 510(k) process, thus not requiring clinical trials.

Engineers and designers should be encouraged to not only identify failures but celebrate learnings from failure during product development as an important product investment. Failure and negative feedback in the early stages of product development are much
easier and cheaper to accommodate and control than complaints and lawsuits after product launch. We need to ensure that our development plan and timelines include, where possible, scope for design review and iteration.

4. Design for ease of manufacturing and assembly

By knowing your target market and sales volumes, scalable production methods should be considered from the outset. Inhalers and auto-injectors are often manufactured in high volumes, using multi-cavity moulds and high-speed automated assembly where 100% inspection is not always practical or cost-effective.

Pressurised metered dose inhalers (pMDIs) are small, unobtrusive devices that remain the most commonly used inhalation device worldwide, with annual production of over 800 million units⁷. The GlaxoSmithKline (GSK) Ventolin HFA is a pMDI with a built-in dose counter that is used to treat or prevent bronchospasm. GSK voluntarily recalled more than 590,000 inhalers in 2017 due to the canister leaking, resulting in fewer doses than shown on the dose counter⁸. The defect was isolated to three lots, manufactured at their site in Zebulon, North Carolina⁹. pMDI valves are technically complex and critical to delivering a consistent and precise dose of medication.

To facilitate efficient transfer of the design concept to the manufacturing environment, processing methods must be considered throughout the development process. Design for Manufacture and Assembly (DFMA) and process risk assessments (pFMEA) can not only improve cost effectiveness and timeliness but also improve quality and reduce defects. Consideration of materials selection, manufacturing and assembly processes, finishing processes, inspection and testing methods during development helps ensure that devices can be produced using capable, stable processes.

5. Take a risk based approach

Murphy’s law says that anything that can go wrong, will go wrong. As engineers, we know that medical devices have a design life. Accordingly, a risk-based approach is needed to ensure that if failure occurs, it happens safely and predictably, in a way that is obvious to the user and beyond the intended life and operating conditions of the device.

Evita and Babylog ventilators, manufactured by Dräger, are used to provide constant breathing support for adults and children. Both ventilators can be used in conjunction with the PS500 power supply. In 2015, Dräger recalled 2,422 PS500 power supplies due to a software issue causing shorter than expected battery run times. The issue prevents the appropriate alarm from sounding five minutes before the battery runs out of power and the device shuts down¹⁰. Fortunately this issue has not resulted in patient injury or death; however, a thorough risk analysis might have discovered the fault earlier.

Risk management for medical devices is described in ISO 14971:2012 and there are many ways in which we can comply with this standard. It is not only used throughout the device development process, but is also a valuable tool during post-market surveillance. The risk management system adopted needs to be fit for purpose for the intended product and the associated risks. Periodic, independent review of the risk management process is also encouraged.

6. Test beyond design requirements

Design verification testing is a formal process based on pre-defined and agreed testing specifications to ensure that design input requirements have been fulfilled by the design outputs. If possible, however, additional engineering testing should be performed that goes beyond basic design requirements. We can learn a lot more about the robustness, limitations and failure modes of our design if we test under extreme or unusual conditions, to failure.

The Acroflex artificial disc was developed by Acromed in the 1980s for the treatment of degenerative disc disease of the lumbar spine. The device had a polymeric core made from polyolefin rubber, which was fused between two metal end plates. Acroflex was subjected to biocompatibility and biomechanical tests, including cytotoxicity, compressive creep, peel strength and compression, torsion and shear endurance testing. Despite some incidences of local material failure, the tests were deemed successful.

Acromed did not obtain permission to conduct animal testing so proceeded to human trials. Thirty-six percent of patients experienced tears in the polyolefin material, which led to revision surgery after 2–4 years^11,12. Given that animal testing was not possible, overstress testing may have identified the shortcomings of the polyolefin material prior to human trials.

To identify any vulnerabilities associated with a device during development, an exhaustive stress testing regime should consider:

• Being representative of real life use: fatigue testing and aging are often accelerated to reduce time; however, they may not be representative of – or worse than – real-life use.

• Testing to failure: is the failure mode safe? Is the safety factor adequate? For example, we could drop test from 2x and 3x the maximum specified height to see what breaks when, and/ or establish a safety factor for the specification.

• Worst case conditions: have we considered reasonable worst-case conditions (e.g. heavy patient, small implant, poor bone quality) or Multiple Environment Over Stress Testing (MEOST), which uses a combined environment of extreme stresses?

• Principles testing: use an experienced but objective engineer (or group) who tries to ‘break’ or fail the device.

7. Be vigilant with postmarket changes

Inevitably, companies will want to make efficiency and continuous improvement changes to suppliers, materials, processes and/or the design after market approval. These changes will not necessarily be reviewed by the original design team so vigilance is required when assessing their impact.

Silicone gel breast implants, manufactured by the French company Poly Implant Prothèse (PIP), were introduced worldwide from 1991 for breast augmentation or reconstruction. In 2000, the FDA banned silicone breast implants in the US, which led to a decline in PIP sales. In order to reduce costs, the company decided to use unapproved, industrial-grade silicone in their implants¹³.

Surgeons in France began reporting abnormally high rupture rates; the PIP implants were 2–6 times more likely to rupture or leak than other implants. The PIP implants were recalled by the French regulator in 2010. There are two key issues here: firstly, the use of an unapproved material, and secondly, the lack of testing to demonstrate that the new material meets performance requirements. Testing prior to implementing the material change would have potentially uncovered failures and prevented the issue.

As engineers and designers, we need to be aware of our responsibilities in the face of commercial pressures and drivers that will arise during product (re-)development. Therefore, we need to be extremely vigilant when assessing the impact of material, design or processing changes, especially post-market approval. It is imperative that preclinical and clinical testing is conducted on production devices, and that extensive testing and analysis are carried out when making post-market modifications. Even seemingly insignificant changes can lead to unintended consequences.

Conclusion

We have seen many great examples of lessons learned from engineering failure throughout history. ‘Failures’ happen around us all of the time – in our industry, in our company and in our projects – and are often, though not always, intentional. However great or small the failure, there is always something we can learn. Failures can be a friend if we take the time to understand and respond to them.

---

References

1. Makary, M. and Daniel, M. (2016). Medical error – the third leading cause of death in the US. BMJ, p.i2139.
2. cdc.gov. (2017). FastStats. [online] Available at: https://www.cdc.gov/nchs/fastats/deaths.htm [Accessed 31 Jul. 2017].
3. fda.gov. (2011). Understanding Barriers to Medical Device Quality. [online] Available at: https://www.fda.gov/downloads/AboutFDA/CentersOffices/CDRH/CDRHReports/UCM277323.pdf [Accessed 31 Jul. 2017].
4. Grushka, K. (2006). Propast-Teflon Jaw Implants and FDA Review Standards for Medical Device: A Case Study. [online] Available at: https://www.canr.msu.edu/iflr/uploads/files/Student%20Papers/Grushka.Finalpaper.pdf [Accessed 1 Aug. 2017].
5. fda.gov. (2016). Device Approvals, Denials and Clearances. [online] Available at: https://www.fda.gov/MedicalDevices/ProductsandMedicalProcedures/DeviceApprovalsandClearances/default.htm [Accessed 2 Aug. 2017].
6. Depuysynthes.com. (2015). ASR Recall Guide UK. [online] Available at: http://www.depuysynthes.com/asrrecall/ukasrrecall.html [Accessed 2 Aug. 2017].
7. Chrystyn, H. (2007). The Diskus: a review of its position among dry powder inhaler devices. International Journal of Clinical Practice, [online] 61(6), pp.1022–1036. Available at: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC1974824/#b4 [Accessed 1 Sep. 2017].
8. Asthma and Allergy Foundation of America. (2017). UPDATED: GlaxoSmithKline Recalling Ventolin Inhalers for Possible Package Leakage. [online] Available at: https://community.aafa.org/blog/glaxosmithklinerecalling-ventolin-inhalers-for-possible-package-leakage [Accessed 1 Sep. 2017].
9. Syracuse.com. (2017). Asthma inhaler recall: GSK says nearly 600,000 may have defect. [online] Available at: http://www.syracuse.com/product-recalls/2017/04/asthma_inhaler_recall_gsk_glaxosmithkline.html [Accessed 19 Sep. 2017].
10. fda.gov. (2016). Dräger Evita V500 and Babylog VN500 Ventilators – Issue with Optional PS500 Battery Power Supply May Cause Ventilators to Shut Down Unexpectedly. [online] Available at: https://www.fda.gov/MedicalDevices/Safety/ListofRecalls/ucm480135.htm [Accessed 1 Sep. 2017].
11. Ducheyne, P. (2017). Comprehensive Biomaterials II. 2nd ed. Amsterdam, Oxford and Cambridge MA: Elsevier, p.187.
12. Pimenta, L., Springmuller, R., Lee, C., Oliveira, L., Roth, S. and Ogilvie, W. (2010). Clinical performance of an elastomeric lumbar disc replacement: Minimum 12 months follow-up. SAS Journal, 4(1), pp.16–25.
13. https://www.nhs.uk/conditions/pip-implants/