Medical Device Risk Management and Design Controls: Issues Device Manufacturers Need to Know
Medical device design and expansion processes in the context of risk management need careful inspection and planning by manufacturers. We inspect five key issues companies face when connecting design and development with risk management and, essentially, patient safety.
Risk/Benefit analysis is required in clause 6.5 of ISO 14971, but there is very little guidance on what is expected. How do risk/benefit analyses impact design controls?
Risk/benefit survey are very much device-specific and situation-dependent. Mostly, it is expected that the clinical data on benefits and risks display position for all medical states and target populations enclose by the intended purpose as differentiated to the current state of the art. Therefore, the present knowledge/state of the art needs to be recognized; that is, manufacturers should identify applicable (similar) standard devices and medical options available to the target population. As ISO 13485 consultant we provide guidance about QMS for medical device industries and we make sure that our clients know the benefits of ISO 13485 Certification for their organization.
Data should then be gathered on the risks and the advantage of the devices and treatment choices. With this data, a comparison can be made linking the “new” device and relevant standard devices and/or medical options, evaluating both risks and advantages. Because such comparisons can be personalized in nature, and require specialists understanding to precisely assess, clinical input is unfavourable. During the comparison, it may be found that control to the intended use of the device or to the medical guide for some populations, and/or medical state may be required to gain an acceptable risk/benefit balance. Additionally, individual risks related to some particular device feature or showing element may warrant limitations or constraint (design controls) to achieve an acceptable risk/benefit balance.
Product Risk Management is Owned by the Manufacturers, but How can Service Providers (e.g. Software Developers) Contribute to Safe Design?
Initially, it must be understood that any element outsourced by an end-equipment manufacturer nevertheless remains their authority. That is, likewise with the FDA QSR 820.50, and ISO 13485 Clause 7.4, end-equipment manufacturers are eventually responsible for their product, including where product elements, such as software, are outsourced. That said, suppliers may display their dedication to providing a high level of honor through compliance with ISO 13485. Note that one of the changes established in ISO 13485:2016 was the allocation that suppliers or other external parties providing the product to organizations can also select to observe with the standard.
ISO 13485 Consultation
We have technical expertise for Medical Devices. We assist manufacturer to setup QMS and train employees Whatapp Us Contact Us
Beyond compliance with ISO 13485 (and IEC 62304), software developers can and should associate closely with their end-equipment manufacturers to guarantee design requirements that are understood and executed correctly, and that suitable feedback loops are in place as design options are examined. This is due to the fact that there are conditions where software risk controls may accidentally dissolve safety risk controls or features, and vice-versa.
For example, review a reasonable cybersecurity risk management design selection to comprise a password for system access; such a design control may have serious end result in devices such as a defibrillator. Consider that ready user access to and application of a defibrillator is necessary to achieving the considered performance of the device (delivery of life-saving therapy); any delay in a user’s access to use of the device, such as attempting to enter a password (which they may not know) would be unacceptable. Accordingly, software developers can grant in very meaningful ways to the safe design of products. Careful consideration should be made as to appropriate system for a combination between end-equipment manufacturers and their service providers.
Do Questions (and the answers) from Annex C have to be Included in Risk Analyses?
Please note that Annex C is recognized in the text of ISO 14971 as “informative.” In ISO standards, Annexes are used to provide additional information. They can be regularizing (e.g. a test method that the user is required to follow) or informative. As such, it is not mandatory to include the questions and answers from Annex C in your risk analysis. Although as a practice, review and documentation of this evaluation are inspired, even if not subject to regulatory and audit review. Examine treating the Annex C question and answer data as the start of a discovery session to identify, as detailed as possible, all risks associated with your device. It is also worth noting that we have seen organizations that have discussed and documented their responses to the Annex C questions, yet they have treated the activity as a “checkbox exercise.” Meaning, they completed the activity but then did nothing with the data captured.
The Annex C questions include a rich set of data points to assist in establishing an understanding of the risk and hazardous situations to be examined in the risk analysis, and prepare a strong foundation upon which to build design input necessity.
How does one Identify Risks for a New Device not on the Market, and not Similar to Other Devices?
It is rare for a device to be completely new to the market where there is no comparability, to other devices, whether or not those devices have been formerly used for a medical purpose. Examine that an existing device may include a feature or technology identical to a new device for medical evidence that is entirely different from the present medical indication being observed. As a starting point, review other devices having a similar intended use, the identical concept of action or similar technology used in non-medical fields, or, for medical guide other than that currently observed.
Consider workflows, and information flows; recognizing that collapse to perform tasks correctly, or corruption or breakdown of data flows, can take to significant risk and hazardous situations. Again, these other devices may or may not be medical devices, or maybe for use in other medical indications. Also, generate a list of hazards and hazardous situations by responding to the questions of ISO 14971, Annex C. From there, look to other products facing the same hazards and hazardous situations. Such a review will commonly help to identify risks that are apparent from the use of the feature or technology in other applications.
The Ascending Risk Seems Somewhat Subjective, So how can this be Reliable?
Initiating risk acceptability standard, and the necessary function of creating scales for the inflexibility of harm and expectation of occurrence, are frequently mistaken and do indeed affect the overall risk management process. To improve the reliability of the risk scales, and therefore the overall risk management process, it must first be understood that the criteria and their scales can and should be tailored to the device in question. Of course, the criteria and scales may be appropriate for a class of products or a family of devices; nevertheless, research should be performed to understand the type and danger of harm and the frequency of development that has been experienced with the device in question. Ascending risk is then accomplished by considering the danger and possibility elements separately. From an intense point of view, seek the input of clinicians experienced in treating the medical condition that your device is considered to address, and who is known with the harms connected with such devices. A search of the US FDA MAUDE database, internal proprietary information and other sources will also reveal the types of events that have happened. Such efforts will frequently suggest appropriate severity categorization for the device in question.
Following to be considered is the probability of a specific occasion. From the same sources used for identifying severity scales, data is also typically available to obtain probability scales. Note that a one-size-fits-all approach is not practical or suggested. We have seen, for example, instances where probability scales are defined as “0.01≥ Occurrence > 0.001”, “0.001≥ Occurrence > 0.0001” and so on, without any reference to whether the scale is based on probability of harm per use, per device, per hour of use, or within a population. Evidently this must be defined and will depend entirely on whether the device is a sterile dressing, a therapeutic x-ray machine, a patient monitor, etc. Representing the information described will help in establishing risk scales situate with actual device use, considering both the observed degree of harm and the frequency.