Safety Risk Management for Medical Devices

By Bijan Elahi

Safety Risk Management for Medical Devices demystifies risk management, providing clarity of thought and confidence to the practitioners of risk management as they do their work. Written with practicing engineers, safety management professionals, and students in mind, this book will help readers tackle the difficult questions, such as how to define risk acceptance criteria and how to determine when to stop risk reduction.

This book delivers not only theory, but also practical guidance for applying the theory in daily risk management work. The reader is familiarized with the vocabulary of risk management and guided through a process to ensure compliance with the international standard ISO 14971—a requirement for all medical devices. This book outlines sensible, easily comprehensible, and state-of the-art methodologies that are rooted in current industry best practices.

Opening chapters introduce the concept of risk, the legal basis for risk management, and the requirements for a compliant risk-management process. The next group of chapters discusses the connection between risk management and quality systems, usability engineering and biocompatibility. This book delves into the techniques of risk management, such as fault tree analysis and failure modes and effects analysis, and continues with risk estimation, risk control, and risk evaluation. Special topics such as software risk management, clinical investigations, and security are also discussed. The latter chapters address benefit-risk analysis, and production and postproduction monitoring. This book concludes with advice and wisdom for sensible, efficient, and successful safety risk management of medical devices.

• Teaches industry best practices on medical-device risk management in compliance with ISO 14971
• Provides practical, easy-to-understand, and step-by-step instructions on how to perform hazard analysis and manage the risks of medical devices
• Offers a worked-out example applying the risk management process on a hypothetical device

• Language: English
• Publisher: Academic Press
• Release date: Jun 29, 2018
• ISBN: 9780128130995

Bijan Elahi

Bijan Elahi is an expert on a world scale in safety risk management for medical technology. Mr. Elahi’s mission is to elevate knowledge and proficiency in medical device risk management to the highest levels worldwide via teaching, coaching, and mentoring, for the benefit of companies and society. He has 30+ years of experience in risk management, working with the largest medical device companies in the world, as well as with small start-ups. He is a lecturer at Eindhoven University of Technology (the Netherlands), where he teaches a graduate-level course in medical device risk management. The audience for this education is doctoral students in engineering as well as physicians and professionals in the medical device sector. Additionally, Mr. Elahi is a lecturer at Drexel University in Philadelphia (USA), and at Delft University of Technology (Netherlands). He is the recipient of the Educator of the Year Award by the International System Safety Society. In 2019 he received an award in recognition of Outstanding Development of Analytical Methods to Support Medical Device System Safety. Mr. Elahi has a long history of medical device development spanning class III implantable pulse generators, electro-mechanical, and disposable devices. His most recent product was a Deep Brain Stimulator (DBS) implant for Parkinson’s disease. The knowledge that he imparts in his book is rooted in state-of-the-art practical knowledge in medical device development. Mr. Elahi is a Technical Fellow and a corporate advisor at Medtronic. In this role, he teaches and consults on medical device risk management to all Medtronic business units worldwide, including China, India, Middle East, Europe and North America. Mr. Elahi is a contributor to ISO 14971, and a member of the Editorial Board of the Journal of System Safety, a publication of the International System Safety Society. Mr. Elahi is a frequently invited speaker and lecturer at international conferences. Earlier in his distinguished career, he was a systems engineer on the Space Shuttle at NASA (USA). Mr. Elahi holds an MS Electrical Engineering degree from the University of Washington and a BS Aerospace Engineering degree from Iowa State University, United States.

Book preview

Safety Risk Management for Medical Devices

Bijan Elahi

Technical Fellow, Medtronic, The Netherlands

Table of Contents

Cover image

Title page

Copyright

Dedication

List of Figures

List of Tables

Biography

Preface

Chapter 1. Introduction

Abstract

Chapter 2. Why Do Risk Management?

Abstract

2.1 Legal and Regulatory Requirements

2.2 Business Reasons

2.3 Moral and Ethical Reasons

Chapter 3. The Basics

Abstract

3.1 Vocabulary of Risk Management

3.2 Hazard Theory

3.3 System Types

Chapter 4. Understanding Risk

Abstract

4.1 Risk Definitions

4.2 Types of Risk

4.3 Contributors to Risk

4.4 Risk Perception

4.5 Risk Computation

Chapter 5. Risk Management Standards

Abstract

5.1 ISO 14971 History and Origins

5.2 Harmonized Standards

Chapter 6. Requirements of the Risk Management Process

Abstract

6.1 Risk Management Process

Chapter 7. Quality Management System

Abstract

Chapter 8. Usability Engineering and Risk Analysis

Abstract

8.1 Key Terms

8.2 Distinctions

8.3 User-Device Interaction Model

8.4 Use Failures

8.5 Environmental Factors

8.6 Design Means to Control Usability Risks

8.7 Task Analysis

8.8 Usability and Risk

Chapter 9. Biocompatibility and Risk Management

Abstract

Chapter 10. The BXM Method

Abstract

10.1 System Decomposition

10.2 Integration

10.3 Quantitative Risk Estimation

Chapter 11. Risk Management Process

Abstract

11.1 Management Responsibilities

11.2 Risk Management File

11.3 Risk Management Plan

11.4 Hazard Identification

11.5 Clinical Hazards List

11.6 Harms Assessment List

Chapter 12. Risk Analysis Techniques

Abstract

12.1 Fault Tree Analysis

12.2 Mind Map Analysis

12.3 Preliminary Hazard Analysis

12.4 Failure Modes and Effects Analysis

12.5 FMEA in the Context of Risk Management

12.6 Design Failure Modes and Effects Analysis

12.7 Process Failure Modes and Effects Analysis

12.8 Use/Misuse Failure Modes and Effects Analysis

12.9 P-Diagram

12.10 Comparison of FTA, FMEA

Chapter 13. Safety Versus Reliability

Abstract

Chapter 14. Influence of Security on Safety

Abstract

Chapter 15. Software Risk Management

Abstract

15.1 Software Risk Analysis

15.2 Software Failure Modes and Effects Analysis (SFMEA)

15.3 Software Safety Classification

15.4 The BXM Method for Software Risk Analysis

15.5 Risk Management File Additions

15.6 Risk Controls

15.7 Legacy Software

15.8 Software of Unknown Provenance

15.9 Software Maintenance and Risk Management

15.10 Software Reliability Versus Software Safety

Chapter 16. Integration of Risk Analysis

Abstract

16.1 Hierarchical Multilevel Failure Modes and Effects Analysis

16.2 Integration of Supplier Input Into Risk Management

Chapter 17. Risk Estimation

Abstract

17.1 Qualitative Method

17.2 Semiquantitative Method

17.3 Quantitative Method

17.4 Pre-/Post-risk

Chapter 18. Risk Controls

Abstract

18.1 Single-Fault-Safe Design

18.2 Risk Control Option Analysis

18.3 Distinctions of Risk Control Options

18.4 Information for Safety as a Risk Control Measure

18.5 Sample Risk Controls

18.6 Risk Controls and Safety Requirements

18.7 Completeness of Risk Controls

Chapter 19. Risk Evaluation

Abstract

19.1 Application of Risk Acceptance Criteria

19.2 Risk Evaluation for Qualitative Method

19.3 Risk Evaluation for Semiquantitative Method

19.4 Risk Evaluation for Quantitative Method

Chapter 20. Risk Assessment and Control Table

Abstract

20.1 Risk Assessment and Control Table Workflow

20.2 Individual and Overall Residual Risks

Chapter 21. On Testing

Abstract

21.1 Types of Testing

21.2 Risk-Based Sample Size Selection

21.3 Attribute Testing

21.4 Variable Testing

Chapter 22. Verification of Risk Controls

Abstract

22.1 Verification of Implementation

22.2 Verification of Effectiveness

Chapter 23. Benefit–Risk Analysis

Abstract

23.1 Benefit–Risk Analysis in Clinical Evaluations

Chapter 24. Production and Postproduction Monitoring

Abstract

24.1 Postmarket Risk Management

24.2 Frequency of Risk Management File Review

24.3 Feedback to Preproduction Risk Management

24.4 Benefits of Postmarket Surveillance

Chapter 25. Traceability

Abstract

Chapter 26. Risk Management for Clinical Investigations

Abstract

26.1 Terminology

26.2 Clinical Studies

26.3 Mapping of Risk Management Terminologies

26.4 Risk Management Requirements

26.5 Risk Documentation Requirements

Chapter 27. Risk Management for Legacy Devices

Abstract

Chapter 28. Basic Safety and Essential Performance

Abstract

28.1 How to Identify Basic Safety

28.2 How to Identify Essential Performance

Chapter 29. Relationship Between ISO 14971 and Other Standards

Abstract

29.1 Interaction With IEC 60601-1

29.2 Interaction With ISO 10993-1

29.3 Interaction With IEC 62366

29.4 Interaction With ISO 14155

Chapter 30. Risk Management Process Metrics

Abstract

30.1 Comparison With Historical Projects

30.2 Issue Detection History

30.3 Subjective Evaluation

Chapter 31. Risk Management and Product Development Process

Abstract

31.1 Identification of Essential Design Outputs

31.2 Lifecycle Relevance of Risk Management

Chapter 32. Axioms

Abstract

Chapter 33. Special Topics

Abstract

33.1 The Conundrum

33.2 Cassandras

33.3 Personal Liability

33.4 Risk Management for Combination Medical Devices

Chapter 34. Critical Thinking and Risk Management

Abstract

Chapter 35. Advice and Wisdom

Abstract

Appendix A. Glossary

Appendix B. Templates

B.1 Design Failure Modes and Effects Analysis Template

B.2 Software Failure Modes and Effects Analysis Template

B.3 Process Failure Modes and Effects Analysis Template

B.4 Use-Misuse Failure Modes and Effects Analysis Template

B.5 Risk Assessment and Control Table Template

Appendix C. Example Device—Vivio

C.1 Vivio Product Description

C.2 Vivio Product Requirements

C.3 Vivio Architecture

C.4 Risk Management Plan

C.5 Clinical Hazards List

C.6 Harms Assessment List

C.7 Preliminary Hazard Analysis

C.8 Design Failure Modes and Effects Analysis

C.9 Process Failure Modes and Effect Analysis

C.10 Use/Misuse Failure Modes and Effects Analysis

C.11 Risk Assessment and Controls Table

C.12 Hazard Analysis Report

C.13 Risk Management Report

Appendix D. NBRG Consensus Paper

References

Index

Copyright

Academic Press is an imprint of Elsevier

125 London Wall, London EC2Y 5AS, United Kingdom

525 B Street, Suite 1650, San Diego, CA 92101, United States

50 Hampshire Street, 5th Floor, Cambridge, MA 02139, United States

The Boulevard, Langford Lane, Kidlington, Oxford OX5 1GB, United Kingdom

Copyright © 2018 Elsevier Ltd. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.

Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

Library of Congress Cataloging-in-Publication Data

A catalog record for this book is available from the Library of Congress

ISBN 978-0-12-813098-8

For Information on all Academic Press publications visit our website at https://www.elsevier.com/books-and-journals

Publisher: Mara Conner

Acquisition Editor: Fiona Geraghty

Editorial Project Manager: Katie Chan

Production Project Manager: Vijay R. Bharath

Cover Designer: Matthew Limbert

Typeset by MPS Limited, Chennai, India

Dedication

This book is dedicated to all the people of this planet who suffer from illness and who look to medical technology with hope and trust.

List of Figures

List of Tables

Biography

Award winning, international educator and consultant

Bijan Elahi has worked in risk management for medical devices for over 25 years at the largest medical device companies in the world, as well as small startups. He is currently employed by Medtronic as a Technical Fellow where he serves as the corporate expert on product safety risk management. In this capacity, he offers consulting and education on risk management to all Medtronic business units, worldwide. He is also a lecturer at Eindhoven University of Technology in the Netherlands, where he teaches risk management to doctoral students in engineering. He is a frequently invited speaker at professional conferences, and is also a contributor to ISO 14971, the international standard on the application of risk management to medical devices.

Preface

Bijan Elahi

A writer is, after all, only half his book. The other half is the reader and from the reader the writer learns.

P.L. Travers, author (1899–1996)

This book is written to serve both the professionals in the MedTech industry as well as the students in universities. The book delivers not only the theory but also offers practical guidance on how to apply the theory in your day-to-day work. The objective of this book is to demystify risk management and provide clarity of thought and confidence to the practitioners of risk management as they do their work.

I offer here the result of 30+ years of experience in risk management beginning with my work on the Space Shuttle at NASA and continuing in the medical device industry. What is presented in this book is the best available knowledge today. But as in any scientific or technical endeavor, the methods and techniques in risk management will continue to evolve, mature, and improve.

Although I serve the Medtronic corporation, the opinions and materials presented in this book are mine and do not represent the Medtronic corporation.

Chapter 1

Introduction

Abstract

This book is about management of safety risks for medical devices. You will learn how to answer difficult questions such as: Is my medical device safe enough? What are the safety-critical aspects of my device, and which are the most important ones? Have I reduced the risks as far as possible? A sound and properly executed risk management process does not render a risk-free medical device. It does imply that the best efforts were made to produce a device that is adequately safe—a device that provides benefits which outweigh its risks.

Keywords

Risk management; medical device

This book is about management of safety risks for medical devices. You will learn how to answer difficult questions such as: Is my medical device safe enough? What are the safety-critical aspects of my device, and which are the most important ones? Have I reduced the risks as far as possible?

One of the main challenges of medical device companies is to be able to tell a clear and understandable story in their medical device submissions as to why their medical device is safe enough for commercial use. The methodology offered in this book, which we call the BXM method offers a simple, understandable, and integrated process that is scalable and efficient. The BXM method is suitable for automation, which is a huge benefit to the practitioners of risk management in an environment of dynamic and complex medical technology.

The methodology offered in this book is in conformance with ISO 14971, and has been used and tested numerous times in real products that have been submitted and approved by the FDA and European notified bodies.

Risk management is a truly interdisciplinary endeavor. A successful risk manager employs skills from engineering, physics, chemistry, mathematics, logic, behavioral science, psychology, and communication, to name a few. In this book, we touch upon ways in which the various disciplines are employed at the service of risk management.

This book is designed to serve both university students who are neophytes to risk management, as well as industry professionals who need a reference handbook. An example of execution of the BXM method on a hypothetical medical device is provided in Appendix C as a model to further elucidate the BXM method.

Although the techniques, information, and tips that are offered in this book are intended for medical technology and devices, other safety-critical fields can also benefit from the knowledge gained herein.

One of the factors that should be kept in mind in the analysis of risks is that the risk is not a deterministic outcome, but rather a probabilistic phenomenon. The same therapy from a device could have different consequences for different patients. Variations in patient physiology and environmental conditions can contribute to vastly different severities of harm, from patient to patient.

Risk management before a product is launched is about predictive engineering—to forecast risks, and attempt to reduce and control the risks to acceptable levels. This is in contrast to postmarket risk management which takes the reactionary approach of root cause analysis, and Corrective and Preventive Actions after an adverse event has happened in the field.

Manufacturers are not expected to be error-free, flawless, or perfect. They are expected to use sound processes and good judgment to reduce the probability of harm to people.

A sound and properly executed risk management process does not render a risk-free medical device. It does imply that the best efforts were made to produce a device that is adequately safe—a device that provides benefits which outweigh its risks. Human beings are prone to errors and poor judgment. This is called misfeasance in legal terms. It is different from malfeasance, which is deliberate or deceptive actions intended to release a device that is not adequately safe.

Safety risk management is applicable to the entire lifecycle of medical devices including design, production, distribution, installation, use, service, maintenance, obsolescence, and decommissioning, and even destruction or disposal.

Although Harm is defined as injury or damage to the health of people, or damage to property or the environment [1], in this book, we focus on injury or damage to the health of people. Damage to property or the environment that has a direct impact to the health of people is also within the scope of this book.

The words: System, Product, and medical device are used interchangeably in this book to refer to the target of the risk management process.

Styling—In this book, words that have specific meaning in the world of risk management are capitalized to distinguish them from the ordinary dictionary meanings. Examples: Cause, End Effect, and Risk Control.

Chapter 2

Why Do Risk Management?

Abstract

There are many good reasons to do risk management. In addition to making safer products, risk management can help reduce the cost of design and development by identifying the safety-critical aspects of the design early in the product lifecycle. Risk management is a legal requirement in most countries, without which it would not be possible to obtain approval for commercialization of medical devices. In the unfortunate situations when people are injured by medical devices, the first place that lawyers would look is the risk management file of the device.

Keywords

Legal; Regulatory; risk-based; recall; field corrective action; moral; ethical

Whether you are aware of it or not, you are constantly managing risk in your daily life. For almost every action that we take, we internally evaluate the benefit of that action versus the risks (or cost) of that action. If we believe the benefits outweigh the risks, we take that action. Else, we don’t. Consider the simple action of driving to work in your car. You consider the benefit of comfort and speed of getting from home to work, versus the risks of getting injured or killed in a car crash. In general, the chances of getting into a serious accident are fairly small, compared to the benefit of commuting in your car. But now imagine you are in a war-torn country where there are explosive devices buried in the roadway. Now the calculus changes. The risks are higher than the benefits, and you would likely choose to walk off-road instead.

The medical technology (MedTech) industry is required to evaluate the potential risks due to the use of a medical device against the potential benefits of that device. Regulatory approval of a medical device requires demonstrating that the risks of the device are outweighed by its benefits. Rather than making a subjective judgment, formal and systematic methods are used to make this determination.

Another very important reason to do risk management is the progressive shift in the industry where more and more decisions are risk based. Risk-based decisions are rational and defensible. In many aspects of product development, e.g., design choices, or sample size determination, risk is a good discriminator and basis for decision making. Moreover, the European Medical Device Regulation (EU MDR) [2] takes a preference for a risk-based approach to evaluation of manufacturer’s technical documentation, and oversight and monitoring of the manufacturers. How can one make risk-based decisions, if one doesn’t know the risks? Risk management offers the answer.

2.1 Legal and Regulatory Requirements

2.1.1 United States

In the United States, the governing law is U.S. CFR Title 21, part 820. Title 21 is about foods and drugs, and part 820 is about Quality System Regulations. This law requires that all finished medical devices be safe and effective. The burden of proof is on the manufacturer. Prior to ISO 14971, there were many methods used by manufacturers to provide evidence of safety. There was no consistency and the quality of the evidence varied widely.

On June 27, 2016 the FDA recognized ISO 14971:2007 [3] as a suitable standard for risk management. Therefore compliance to ISO 14971:2007 [3] is sufficient proof of safety for the FDA.

2.1.2 European Union

The European Union Directive 93/42/EEC, also known as the Medical Device Directive (MDD) [4] compels the member States to pass laws that are consistent with the MDD. Article 3 of the MDD requires the medical devices must meet the essential requirements set out in Annex I. Stated briefly and simply, the Essential Requirements of Annex I stipulate that medical devices:

1. Be safe when used as intended by the manufacturer

2. Their risks be outweighed by their benefits

3. The risks be reduced as far as possible

Article 5 of the MDD states that compliance with the Essential Requirements of Annex I can be presumed, if a medical device is conformant with harmonized standards that are published in the Official Journal of the European Communities [5].

There is also a counterpart to MDD [4] for active implantable medical devices. It is called Active Implantable Medical Device Directive (AIMDD) [6].

One of the standards which is published in the Official Journal of the European [5] Communities is EN ISO 14971:2012 [7]. Therefore one can conclude that conformance to EN ISO 14971:2012 [7] is grounds for claiming compliance with the Essential Requirements of the MDD.

Each country in the European Union has a competent authority who approves medical devices for commercialization. Upon approval by a competent authority, a medical device can be CE (Conformité Européenne) marked:

Notified bodies review submissions by the manufacturers, for compliance. Notified Bodies are accredited entities who assess conformity to harmonized standards. For a list of the Notified Bodies refer to the website: ec.europa.eu.

The new European Medical Device Regulation (EUMDR) [2] will eventually replace the MDD and AIMDD. The transition period started in May 2017.

2.1.3 MDD/AIMDD and transition to EU MDR

EU MDR [2] was promulgated on May 26, 2017. There is a 3-year transition period after which AIMDD [6] and MDD [4] will no longer be effective and only MDR certification will be possible (May 26, 2020). From May 26, 2017 to Nov/Dec 2018 only MDD/AIMDD certification is possible. Thereafter until May 26, 2020, it’s possible to choose MDD/AIMDD or MDR [2] certification.

There is a 4-year grace period after May 26, 2020 during which products that were certified to MDD/AIMDD can be still manufactured and sold—until May 26, 2024. Thereafter, there is only a 1-year period until May 26, 2025 to sell off any inventory of MDD/AIMDD certified products.

2.2 Business Reasons

2.2.1 Cost efficiency

One of the main benefits of risk management is gaining knowledge of what the risks of a medical device are; where they are; and how big they are. With this knowledge, the product development group can focus their engineering resources on the areas of highest risk. Furthermore, good risk management practices can help detect design flaws which have a safety impact, early in the product development process. The sooner a design flaw is corrected, the less expensive it is to fix it.

Another factor that medical device manufacturers