Risk Management for Medical Devices

1
Risk Management for Medical Devices

• Safe and Effective Products
• Paul McDaniel
• ASQ CQM/OE
• Executive VP Operations and QA
• Sicel Technologies

2
Overview

• Product Life Cycle Model Role
• Process Hints
• In-depth discussion of a Risk Management
  Analytical Tool FMEA

3
Risk Management Defined(a practitioner's
definition)

• Risk probability of harm occurring AND the
  severity of harm
• Risk Management Use of relevant information to
  identify possible harmful events, to assess the
  events acceptability in the eyes of the at risk
  population (probabilityseverity), and exert
  effective controls of the risk

4
Risk Analysis -Intended use and Id of Char
related to safety of the device -Id hazards -Est
risk for each hazardous situation
Risk Assessment
Risk Management
Risk evaluation
Risk Control -Option analysis -Implement
controls -Residual risk evaluation -Risk/benefit
analysis -Risks arising from control measures -Com
pleteness of risk control
Evaluation of overall residual risk acceptability
Risk Management Report
Production and post-production information
Adapted from ISO 149712007 Figure 1
5
Product Life Cycle Model Role

• Understand the Regulatory Model
• A product life cycle has many phases
• Information/Products/Design at the start of a
  phase is input possibly input requirements
• Information/Products/Design at the end of each
  phase is output
• Outputs must be verified against inputs
• The model assumes verification at each phase end

6
Product Life Cycle Model Role

• The Current State of the Risk Management Standard
  Assumes the Regulatory model
• You may follow the described process and be
  confused unless you recognize the phase
  boundaries
• How can I determine the answer to is risk
  acceptable if Im just defining design inputs
• The planned mitigation is acceptable, detail
  design may introduce new information, stay alert
  in the next phase!

7
Risk Management by Phase

• Design Input (Hazard Analysis/Fault Tree)
• Focus on generating product shall not do or
  shall comply with standard... type of
  specification requirements
• Detailed Design (Fault Tree/FMEA)
• Look to your product architecture and add
  architecture interface risks to your analyses
• Further on, examine higher risk areas and product
  failure risks in detail

8
Risk Management by Phase

• Design Verification/Validation
• Watch for occurrence of anticipated but intended
  to be mitigated risks
• Risk Control failure
• Assess impact of VV findings for new risks
  needing analyses
• We didnt imagine that would happen Risk?
• Listen to any customer feedback for risk
  acceptability
• Those safety lock outs are too confusing to work
  with, can we disable them?

9
Risk Management by Phase

• Commercial Distribution/Disposal
• Vigilance Reporting is a Risk Analysis Update
  Opportunity
• NEW for 2007!
• Production feedback into the Risk Analysis
• Am I seeing higher rates of occurrence?
• Are new failure modes presenting themselves that
  we havent analyzed?
• Are we having control failures or excessive cause
  failures

10
Risk Analysis in Production

• Non-conforming material and Material Review Board
  Processes?
• Can they effectively consider risks on each
  occurrence?
• Control charts, acceptance data
• Are risk controls part of acceptance testing?
• Frequency of occurrence suggesting anything
• Risk of failure was ranked as remote yet weve
  had three catastrophic hot-pot test failures this
  month!

11
Risk Analysis in Production

• Comment period

12
Process Considerations

• Define the scope of your analysis
• What systems, what interfaces, who as user...
• The records produced will be subject to second
  guessing if harm occurs dont allow hindsight
  to change the rules
• Document your information sources!!!!!!!
• When you made your risk acceptability decision,
  what information was available and used?
• We can only be diligent, not psychic

13
Analysis Scope

• Intended Use Use for which the product, process
  or service is intended according to the
  specifications, instructions, and information
  supplied by the manufacturer
• Essential Performance Performance necessary to
  achieve freedom from unacceptable risk
• Note is most easily understood by considering
  whether its absence or degradation would result
  in an unacceptable risk
• You must have these two clearly in front of the
  analysis team.

14
Process Considerations

• Use a Risk Source List as a Reminder
• ISO 14971 has such lists
• Add your Industrys Experience
• If a harmful event has been reported, it has
  higher mitigation priority than hypothetical
  risks
• flag real occurrences in your analyses
• Rely on accepted standards
• If there is a test standard, understand the
  underlying reason for the tests

15
Process Considerations

• Sources of harm should suggest action
• electricity is not harmful, electrocution is
• A hazard exists
• A sequence of events leads to a hazardous
  situation (normal or fault conditions)
• The hazardous situation has a probability (P1)
• Harm occurs from the situation
• A probability of harm exists (P2)
• A severity of outcome can be assigned (S)
• Risk S, P1 x P2

16
Process Considerations

• While defining the system inputs, what harmful
  things can occur
• Very early on, a Preliminary Hazard Analysis
  can screen out higher risk approaches
• What are the harmful things that the system can
  do considering
• user, patient, environment or property (a subject)

17
Process Considerations

• Typically, the Device Design Requirements Are
  Broken Down Into Smaller Pieces During Detailed
  Design
• focus on interfaces, signal and data path
  integrity
• trace system requirements to sub-system
• Use Fault Tree Analysis (top down)
• Consider Using Failure Modes and Effects Analysis
  (bottoms up)

18
Process Considerations

• Observe Verification/Validation findings for
  unanticipated device behavior
• the best design analysts miss things
• Initiate a process for VV findings
  classification
• did harm occur?, or if the behavior re-occurs,
  could harm occur?
• if I cant recreate the behavior, I still may
  have to mitigate it

19
Risk Management Process Tools
20
System Hazard Analysis(design input)

• Draw boundaries between the system and the at
  risk subject and define harmful events
• Energy sent across a boundary
• Look for potential to kinetic energy transition
• did you control the transition
• Changes in state may be potentially harmful
• Your seed list may leave you with many deferred
  answers

21
Probability and Severity Estimates

• Risk management relies on expert judgment so
  dont let novices work alone!
• Focus on one device, one device lifetime
• Set Quantitative or Qualitative criteria
• high probability is...several times in a device
  lifetime???, 1lt per million uses
• moderate injury is....medical attention to return
  to pre-risk exposure state

22
Probability and Severity(use graphical
techniques)
Split up the quadrants to refine the estimates in
stages of analysis
unacceptable
Increasing probability
okay
Increasing probability
Increasing Severity
no risk or too great a risk is easy, what about
moderate risks?
Increasing Severity
23
Detailed Risk Analyses

• One of the more popular design evaluation tools
  is the Failure Modes and Effects Analysis (FMEA)
• IEC 60812, Analysis techniques for system
  reliability - Procedure for failure modes and
  effects analysis
• FMEA is used more for design evaluation than for
  design development
• Works for manufacturing processes too!

24
Detailed Risk Analyses

• Definitions
• FMEA a structured analytical technique which
  determines relationships between basic element
  failure characteristics and the system failures
• Failure mode is how a failure manifests itself
  (system shuts down)
• Failure mechanism is why a failure occurs (defect
  in the transistor silicon)

25
Process Needs for a FMEA

• Prior risk analysis work to build on if available
• System level harmful events will be analyzed to
  see how component/assemblies may contribute to
  the harm cause
• System failure and degraded modes definitions
• functional block diagrams may be needed for each
  operating/failure mode

26
FMEA Process Needs

• a design solution, down to the component level,
  has been identified
• failure modes of components are defined
• resistors fail open circuit, shorted, does the
  analysis include increasing or decreasing
  resistance?
• Component vendors may provide failure modes
• open 30, shorted 70
• a complete understanding of the design solution

27
FMEA Form
28
FMEA Process

• At the appropriate level of system detail
  consider the first item
• How can the item fail (failure modes) and why
• may be more than one cause for each failure mode
• for each mode of failure, what happens at the
  system level
• Estimate Probability, Severity, Detectability
• If necessary, implement corrective measures

29
Q A?
30
Conclusions

• Regulatory Agencies are requiring Risk Management
  processes
• International standards are being utilized to
  meet the requirements and standardize processes
• The analytical tools necessary to support a
  device risk management process exist today