Medical Device Risk Management.

The design, development, manufacture and release to market of all medical devices needs to take into account the potential risk to end users and all others who may be impacted by the device. All medical devices pose a potential risk. For example, bandages are a relatively simple medical device, however, if inappropriate manufacturing processes are implemented or inadequate packaging is utilized then the bandages could themselves pose an infection risk to users if used on open wounds, equally, a scalpel must be sterile for all potential contaminants otherwise very serious health risks may again be posed to a patient.

The identification, assessment, evaluation, reduction, control and monitoring of risks are all essential aspects to medical device risk management. The effort and detail involved in a risk management process will directly relate to the potential risk imposed by a device on the user, the patient and all others potentially impacted by the device.

 

Requirements for effective medical device risk management.

#1 The first requirement in any form of risk process will be a requirement for a detailed knowledge of the medical device itself and the scope and application of the indications for use. This will require technical product and manufacturing knowledge, an understanding of the clinical environment and depending on the product application with respect to the patient may require considerable medical input.

Note: A knowledge of potential “off label” uses is also necessary. While a provider of medical devices cannot be held responsible for “off label” use by a medical practitioner, there are potential adverse implications where a medical device applied “off label” results in negative outcomes for a patient, with potential for negative publicity, legal action etc.. against a medical practitioner, which can indirectly affect a manufacturer.

#2 A detailed knowledge of the design, the manufacturing processes, the materials utilized in the medical device, the environmental requirements for device use, the potential for variation in process operation or environmental conditions. The “ease of use” or potential complexities associated with use all need to be clearly understood.

#3 A solid understanding of regulatory requirements in those markets where the medical device will be placed.

#4 Knowledge of any previous adverse incidents or accidents involving the device or other equivalent products on the market. A knowledge of the types of adverse events which have previously been identified is an invaluable source of information. Understanding the shortcomings in design, process controls or clinical assessments which led to these adverse events can lead to a significantly improved risk management effort.

#5 A thorough understanding of how to implement a risk management process, from the identification of risk through to performing risk analysis, measuring risk, implementing of risk reduction efforts and establishment of continuous risk monitoring. The risk management process needs to utilize fact based methodologies.

Medical Device Risk Management, requirements, tools and techniques.

Medical Device Risk Management, requirements, tools and techniques.


Confidence in the risk monitoring should improve over time.

Risk management is an on-going re-iterative process. As the medical device continues in production, as the design evolves, as clinical practitioner and end patient use feedback continues to flow back into the design and manufacturing process, then the risk management process needs to continually be updated with these new information inputs. The improved knowledge obtained, may result in risk reductions or risk elevations. The risk management process will be a continual learning process, which should result in increased confidence levels over time.

 

Requirement for a Risk Team versus individual efforts.

No one person can provide all the necessary information for effective risk management, therefore there will normally be a risk management team involved in the risk process.

 

Risk records.

All information received, analysis performed, risk decisions taken, need to feed into the risk management records. There needs to be a fully documented trail of how the risks are identified and addressed, normally, this is performed in accordance with the organization’s risk management plan. The plan will also point to all the relevant risk records, for example all reviews where risks are discussed, minutes of all relevant meetings, customer feedback and incident reports, etc.. The net result will be a comprehensive body of knowledge, demonstrating how risks were assessed and mitigated. The risk records will be available as reference sources of information for the on-going risk monitoring process.

 

The risk management plan.

A top level plan detailing how the organization approaches risk should be developed. The plan will reference the standard operating procedures relating to risk, responsibilities for risk assessment, reduction and monitoring. The risk plan will define the process when risks above an ALARP level are identified. Also detailed will be elements such as the requirement for risk to be discussed in product design reviews, requirements for risk signoff before product release to market, the approach to revisiting risk assessments on an annual/bi-annual basis, etc..

 

Risk Management Tools and Techniques.

There are a range of analytical tools and techniques which can be applied to risk management processes. Examples being Process Failure Mode Effects Analysis, Fault Tree Analysis, HAZOP Analysis, …. Etc.. Often a mix of qualitative and quantitative measures will be applied when performing risk evaluations in order to determine a risk level. The level of risk associated with each potential risk identified, will then be reviewed versus the potential benefits, to determine the acceptability of the risk. The greater the potential benefit, then the greater may be the appetite to take risks, however, the greater the potential risk, then greater consideration and review needs to be applied into accepting any such high level risk.  The risk appetite of the business should be indicated in the risk plan and should always be reviewed on the basis of a risk/benefit analysis.

Medical Device Validation, information and training presentation >>>
Risk Management, information and training presentation >>>
 

QMS requirements for ISO 13485 >>>
Risk Management Process Steps >>>
Risk Management in Manufacturing >>>
Applying Risk Management to Quality Management >>>
Electronic Signature requirements in Medical Device Manufacturing >>>
Medical Device Software Validation >>>
Medical Device Design Control >>>
Classification of Medical Devices in Europe >>>
Operational Risk Management >>>
Validation Gap Analysis >>>
IQ OQ PQ Installation Operation Performance Qualification >>>
FDA Medical Device Labelling requirements >>>
FDA Validation requirements for Medical Devices >>>
Australian Classification of Medical Devices >>>
Quality Management Plan >>>
Quality Cost Analysis >>>
FDA Quality System Regulations >>>
Document Control >>>
What is Auditing >>>