This second article in our series addresses a common risk analysis problem: prioritization.
In large medical device companies, the email invitation to an FMEA session can strike fear (or at least dread) into the hearts of engineers and other members of the risk management team. One reason that they may not be eager to click “Accept” is that these sessions can quickly devolve into detailed investigations of issues of negligible severity or probability of occurrence. The time devoted to these issues soaks up the team’s time and energy – to the point that important issues may not receive the attention they deserve.
Without a mature product line or medical device risk management system, small or start-up device companies may have the opposite problem. There, the list of hazards being considered may be limited to those issues that are most obvious to the design team and may not provide a comprehensive assessment of device risks. Instead of an overly detailed analysis, these companies run the risk of not going deep enough.
This article presents an approach that device companies have successfully implemented to focus their risk management activities and help to ensure the safety and efficacy of their products.
Where to start? – System Boundaries
The key to identifying priorities is to first establish a clear scope for the analysis by defining the system boundaries. How you go about defining system boundaries depends on the type of analysis being conducted. Perform a gap assessment on the device information: what do you know and what is not known? A process flow diagram is typically best at assessing a process or the usage, like the human factors impacting the device; however, a list of materials (e.g., a bill-of-material or list of sub-systems) is typically best when assessing risks associated with the product design.
Typically, it is best to start big and work down into the details. For example, if you have a device that is designed to be used with other devices, you should begin your assessment by looking at the whole system so that you will be able to consider how your device interacts with the other parts of the integrated system and what new risks may arise when your device is integrated into the system.
By saying “start big,” we mean that the focus of your analysis will change as you progress through the Design and Development process. As you move from concept to detailed design to design transfer, you will learn more about the function and features of your device and the process that you will use to manufacture the device. The boundaries of your analysis will transition from system-wide assessments of broad hazards to potentially detailed analyses of high-risk subsystems and user interactions.
The boundaries of the analysis should be clearly described in the risk management plan (RMP) for the device. Your RMP should be updated prior to beginning a new Design and Development phase to identify the types of analysis and system boundaries that will be assessed in the next stage(s) of the process.
The boundaries are set, now what? – Look for Hot Spots
Once the boundaries of the system are defined, the next step is to identify the elements of the system that require focused attention. The guidance that supports ISO 14971:2019 (TR 24971) provides some helpful direction for focusing risk assessments that is appropriate for all devices. Annex A, Identification of hazards and characteristics related to safety, contains a list of questions intended to help the risk analysis team characterize potential safety impacts of their device.
But your consideration of potential risks shouldn’t be limited to this list. The authors of the standard are careful to state that “these lists are neither exhaustive nor representative of all medical devices, and the manufacturer is advised to add questions that can have applicability to the particular medical device and to skip questions that are not relevant. There will be different risks for wearable medical devices, internet connected medical devices (cybersecurity), software as a medical device, a general medical instrument and an in vitro diagnostic. The manufacturer is also advised to consider each question not only on its own but also in relation to others.” Answering these questions in addition to researching the types of problems that occur with similar devices is good “homework” for the risk team because it can help to identify the types of analyses that need to be performed.
The standard also contains examples of hazards that “could ultimately result in harm” (Table C.1). This list can help remind the team to consider categories of hazards that may not be top-of-mind. Other resources (e.g., previous risk analyses and product complaints for similar devices, the FDA’s MAUDE database, other relevant risk standards/ guidance documents, etc.) can also be used to identify potential hazards.
Once you’ve established a list of potential hazards, the key step (that not all manufacturers take) is to identify how they relate to the system elements of your device (the elements in the system boundary that you previously defined). By making this explicit link between the system elements and the potential hazards, you will have a much better sense of where your efforts should be focused. To illustrate this process, below is a simplified table showing the relationship between a list of hazards and the major components of an infusion pump.
From this very simplified view, we are illustrating how (even at the earliest stages of the process) priorities can be established to guide subsequent analyses. From this prioritization, the Electronic Controls were found to be the highest priority (three “Highs”). The team can now establish a plan to address each System Element in priority order. In addition, you also have an indication of the types of analysis to conduct. For Electronic Controls, the initial focus can be placed on design analyses to ensure safety from electrical shorts and shocks, and usage analyses to understand how best to minimize the potential for user errors (a usability study may be in your future).
At this stage of the analysis, most risk teams will jump directly to their FMEAs. The problem with this approach is that while you’ve done a good job of prioritizing where to focus your attention, you can still get lost in the details of the high priority elements (there are a lot of components and coding in
“electrical controls”). In the next article, we will address how conducting a Fault Tree Analysis (FTA) at this stage of the process (before you begin your FMEA) can significantly improve your understanding of your device’s risks and greatly simplify and focus your FMEAs.
MEDIcept … Trusted Solutions, Rapid Response …
MEDIcept Inc. is an international consulting firm specializing in medical device, IVD, and biotechnology Regulatory, Quality, and Clinical Services. Since 1996, we have worked with thousands of companies to solve their most critical FDA and ISO issues. Our integrated solutions are rooted in our direct experience and span all stages of the product life.
MEDIcept is committed to providing our clients with what they need. We are committed to quality deliverables because we value our clients’ time and resources. This is why 90% of our clients come back to us again and again to solve new issues.
For additional information, please contact Susan Reilly at SReilly@MEDIcept.com.