6/6/2014 risk management for medical devices safe and effective products paul mcdaniel asq cqm/oe...
TRANSCRIPT
04/10/23
Risk Management for Medical Devices
Safe and Effective ProductsPaul McDanielASQ CQM/OE
Executive VP Operations and QASicel Technologies
04/10/23
Overview
• Product Life Cycle Model Role
• Process Hints
• In-depth discussion of a Risk Management Analytical Tool: FMEA
04/10/23
Risk Management Defined(a practitioner's definition)
• Risk: probability of harm occurring AND the severity of harm
• Risk Management: Use of relevant information to identify possible harmful events, to assess the event’s acceptability in the eye’s of the at risk population (probability*severity), and exert effective controls of the risk
04/10/23
Risk Analysis-Intended use andId of Char related to safetyof the device-Id hazards-Est risk for eachhazardous situation
Risk evaluation
Risk Control-Option analysis-Implement controls-Residual risk evaluation-Risk/benefit analysis-Risks arising from controlmeasures-Completeness of risk control
Ris
k A
sses
smen
t
Evaluation of overallresidual riskacceptability
Risk ManagementReport
Production andpost-production
information
Risk M
anagement
Adapted from ISO 14971:2007 Figure 1
04/10/23
Product Life Cycle Model Role
• Understand the Regulatory Model– A product life cycle has many phases– Information/Products/Design at the start of a
phase is input; possibly input requirements– Information/Products/Design at the end of each
phase is output– Outputs must be verified against inputs
• The model assumes verification at each phase end
04/10/23
Product Life Cycle Model Role
• The Current State of the Risk Management Standard Assumes the Regulatory model– You may follow the described process and be
confused unless you recognize the phase boundaries
• How can I determine the answer to “is risk acceptable” if I’m just defining design inputs
– The planned mitigation is acceptable, detail design may introduce new information, stay alert in the next phase!
04/10/23
Risk Management by Phase
• Design Input (Hazard Analysis/Fault Tree)– Focus on generating product “shall not do” or
“shall comply with standard...” type of specification requirements
• Detailed Design (Fault Tree/FMEA)– Look to your product architecture and add
architecture interface risks to your analyses– Further on, examine higher risk areas and product
failure risks in detail
04/10/23
Risk Management by Phase
• Design Verification/Validation– Watch for occurrence of anticipated but “intended to
be” mitigated risks• Risk Control failure
– Assess impact of V&V findings for new risks needing analyses
• We didn’t imagine that would happen: Risk?
– Listen to any customer feedback for risk acceptability• “Those safety lock outs are too confusing to work with, can we
disable them?”
04/10/23
Risk Management by Phase
• Commercial Distribution/Disposal– Vigilance Reporting is a Risk Analysis Update
Opportunity
• NEW for 2007!– Production feedback into the Risk Analysis
• Am I seeing higher rates of occurrence?
• Are new failure modes presenting themselves that we haven’t analyzed?
• Are we having control failures or excessive cause failures
04/10/23
Risk Analysis in Production
• Non-conforming material and Material Review Board Processes?– Can they effectively consider risks on each
occurrence?
• Control charts, acceptance data– Are risk controls part of acceptance testing?– Frequency of occurrence suggesting anything
• “Risk of failure was ranked as remote yet we’ve had three catastrophic hot-pot test failures this month!”
04/10/23
Risk Analysis in Production
• Comment period…………
04/10/23
Process Considerations
• Define the scope of your analysis– What systems, what interfaces, who as user...– The records produced will be subject to second
guessing if harm occurs: don’t allow hindsight to change the rules
– Document your information sources!!!!!!!• When you made your risk acceptability decision,
what information was available and used?
• We can only be diligent, not psychic
04/10/23
Analysis Scope
• Intended Use: Use for which the product, process or service is intended according to the specifications, instructions, and information supplied by the manufacturer
• Essential Performance: Performance necessary to achieve freedom from unacceptable risk
• Note: is most easily understood by considering whether its absence or degradation would result in an unacceptable risk
• You must have these two clearly in front of the analysis team.
04/10/23
Process Considerations
• Use a Risk Source List as a Reminder– ISO 14971 has such lists– Add your Industry’s Experience
• If a harmful event has been reported, it has higher mitigation priority than hypothetical risks
– flag real occurrences in your analyses
– Rely on accepted standards• If there is a “test” standard, understand the
underlying reason for the tests
04/10/23
Process Considerations
• Sources of harm should suggest action– electricity is not harmful, electrocution is
• A hazard exists– A sequence of events leads to a hazardous situation
(normal or fault conditions)• The hazardous situation has a probability (P1)
• Harm occurs from the situation– A probability of harm exists (P2)– A severity of outcome can be assigned (S)– Risk = S, P1 x P2
04/10/23
Process Considerations
• While defining the system inputs, what harmful things can occur:– Very early on, a “Preliminary Hazard Analysis”
can screen out higher risk approaches
• What are the harmful things that the system can do considering:– user, patient, environment or property (a
subject)
04/10/23
Process Considerations
• Typically, the Device Design Requirements Are Broken Down Into Smaller Pieces During Detailed Design– focus on interfaces, signal and data path integrity– trace system requirements to sub-system– Use Fault Tree Analysis (top down)– Consider Using Failure Modes and Effects
Analysis (bottoms up)
04/10/23
Process Considerations
• Observe Verification/Validation findings for unanticipated device behavior– the best design analysts miss things
• Initiate a process for V&V findings classification– did harm occur?, or if the behavior re-occurs, could
harm occur?– if I can’t recreate the behavior, I still may have to
mitigate it
04/10/23
Risk Management Process Tools
04/10/23
System Hazard Analysis(design input)
• Draw boundaries between the system and the at risk subject and define harmful events– Energy sent across a boundary– Look for potential to kinetic energy transition
• did you control the transition
– Changes in state may be potentially harmful– Your seed list may leave you with many
“deferred answers”
04/10/23
Probability and Severity Estimates
• Risk management relies on expert judgment so don’t let novices work alone!
• Focus on one device, one device lifetime
• Set Quantitative or Qualitative criteria– high probability is...several times in a device
lifetime???, 1< per million uses– moderate injury is....medical attention to return
to pre-risk exposure state
04/10/23
Probability and Severity(use graphical techniques)
Increasing Severity
Incr
easi
ng p
roba
bili
ty unacceptable
okay
Increasing Severity
Incr
easi
ng p
roba
bili
ty
no risk or too great a risk is easy, what about moderate risks?
Split up the quadrants to refinethe estimates in stages of analysis
04/10/23
Detailed Risk Analyses
• One of the more popular design evaluation tools is the Failure Modes and Effects Analysis (FMEA)– IEC 60812, Analysis techniques for system
reliability - Procedure for failure modes and effects analysis
– FMEA is used more for design evaluation than for design development
– Works for manufacturing processes too!
04/10/23
Detailed Risk Analyses
• Definitions:– FMEA: a structured analytical technique which
determines relationships between basic element failure characteristics and the system failures
– Failure mode is how a failure manifests itself (system shuts down)
– Failure mechanism is why a failure occurs (defect in the transistor silicon)
04/10/23
Process Needs for a FMEA
• Prior risk analysis work to build on if available– System level harmful events will be analyzed to
see how component/assemblies may contribute to the harm cause
– System failure and degraded modes definitions• functional block diagrams may be needed for each
operating/failure mode
04/10/23
FMEA Process Needs
• a design solution, down to the component level, has been identified– failure modes of components are defined
• resistors fail open circuit, shorted, does the analysis include increasing or decreasing resistance?
• Component vendors may provide failure modes– open 30%, shorted 70%
• a complete understanding of the design solution
04/10/23
FMEA FormR
PART NAME FUNCTION FAILURE POTENTIAL CAUSE(S) P POTENTIAL EFFECT(S) S Detectability D P
(PART NUMBER) MODE OF FAILURE OF FAILURE N
RPN is an indicator of the need to take action: Probability*Severity*Detectability
Detectability helps to define if the user will be aware of the failure before the system effectmanifests itself
This form documents system level failure effects. Potential Effect of Failure can be defined atboth the local level and at the system level (would add a local level column).
For greatest utlility, add columns for action taken so problems indicated in the FMEA alsohave a resolution
04/10/23
FMEA Process
• At the appropriate level of system detail consider the first item– How can the item fail (failure modes) and why
• may be more than one cause for each failure mode
– for each mode of failure, what happens at the system level
– Estimate Probability, Severity, Detectability– If necessary, implement corrective measures
04/10/23
Q & A?
04/10/23
Conclusions
• Regulatory Agencies are requiring Risk Management processes
• International standards are being utilized to meet the requirements and standardize processes
• The analytical tools necessary to support a device risk management process exist today