EN ISO 14971:2009 is the standard for the application of risk management to medical devices. Officially, it describes a process for managing risks associated with medical devices which provides a means of conforming to Essential Requirements of the Medical Devices Directive 93/42/EEC.
Fortunately, it also includes guidance on how to perform the risk management and clear, specific definitions of the key terms, which are subtly but crucially different from their general meanings. For example, it is important to note that the concept of risk has two components: the probability of occurrence of harm; and the consequences of that harm, that is, how severe it might be.
The risk management process is underpinned by the risk management plan. Annex F of the ISO standard has guidance on how to develop a risk management plan, which should describe the activities undertaken at each stage of the device’s lifecycle, the intended use of the device, and who is responsible for the risk management activities.
The risk acceptability criteria must be included, to define which combinations of probability of harm and severity of harm are acceptable or unacceptable (annex D contains guidance on devising risk acceptability criteria). It’s also worth considering including the main categories of harm and their severities; it can take time to determine the severities of harms such as under/overdose or a dose to third party, but these are crucial for the subsequent estimation of risk.
The next stage, therefore, is to carry out risk analysis: to systematically identify and estimate the risks. This can include techniques such as Preliminary Hazard Analysis, Failure Mode and Effects Analysis, Fault Tree Analysis and State Space Analysis, and it is important to select methods appropriate to the stage of the project and the nature of the product. Annexes C and E of the standard contain questions and prompts which are also useful to help to identify risks.
Risk evaluation is the application of the risk acceptability criteria in order to determine which risks are unacceptable and therefore require risk reduction.
The hierarchy of risk control measures should be applied to reduce risks:
- Eliminate or reduce risks as far as possible (inherently safe design and construction).
- Where appropriate, take adequate protection measures, (including alarms if necessary), in relation to risks that cannot be eliminated.
- Inform users of the residual risks through instructions and warnings.
Inform users of the residual risks through instructions and warnings.
The risk analysis and evaluation stages need to be re-visited throughout the development, to calculate the residual risk after control and also to determine whether the control measures themselves have introduced further risks.
“Risk management is not just ‘some paperwork to take care of before launching the device’”
Residual unacceptable risks are not necessarily a barrier to marketing the device. The residual risks need to be weighed up against the benefits of using the device, and this risk-benefit analysis could require the collection of clinical or other experimental data to provide evidence of the benefits to the user.
At this stage the risk management report is produced which reviews the process so far and summarises status prior to launch, but risk management does not stop when the device is released for production and enters the market. A process of production and post-production monitoring must be employed to ensure that all relevant information is used to update the risk analysis. This process can include customer surveys, servicing records, complaints, QC reports and any other sources of data which can be used to refine the risk analysis estimates and uncover additional risks which were not foreseeable during the development process.
In conclusion, risk management is not just ‘some paperwork to take care of before launching the device’; it needs to be an integral part of the development process and must continue once the device is on the market. The risk management of a medical device can be long and complicated, but when done properly it results in a better device – saving time, money and even lives.
