Professional Documents
Culture Documents
net/publication/273778314
CITATIONS READS
0 1,895
3 authors, including:
Fubin Wu
GessNet Medical Device Risk Management
7 PUBLICATIONS 22 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
Medical device assurance cases, risk management, and cybersecurity View project
All content following this page was uploaded by Fubin Wu on 29 March 2019.
About the Authors This article began as a discussion among the the development of the EN 1441, Risk Analysis,
authors regarding the misuse of the failure standard in 1994. Manufacturers began using
Edwin Bills
is principal
mode and effects analysis (FMEA) methodol- FMEA to perform and document risk analysis.
consultant and ogy in medical device risk management. While Later, as ISO developed a more comprehensive
vice president at analyzing the issue, it was noted that misuse of risk analysis standard (ISO 14971-1) in 1998 and
Bilanx Consulting FMEA had been previously addressed by several a comprehensive risk management standard
in Sumter, SC. authors.1,2 This report will discuss why only (ISO 14971) in 2000, manufacturers simply
E-mail: ed.bills@
using FMEA for the entire risk management extended their use of FMEA to document more
bilanxconsulting.com
process is not appropriate. The current work information as an attempt to meet all of the
Stan Mastrangelo also will propose the use of the Risk Traceability additional risk management requirements,
is a consultant Summary (RTS) in lieu of the FMEA method as including traceability requirements. Over time,
based in Roanoke,
the master reference document for risk man- manufacturers tried to extend FMEA beyond
VA. E-mail: stan.
mastrangelo@
agement throughout the product life cycle. The the original “failure modes” analytical tool to
gmail.com goal of this article is to provide an improved encompass most, if not all, of the required
approach for medical device manufacturers activities of the risk management process.
to fulfill their responsibilities for conducting
Fubin Wu is
product health and safety risk management. FMEA: Too Little, Too Late
cofounder of
GessNet risk Kim Trautman, one of FDA’s leading experts on
management Necessity for Comprehensive medical device quality management systems
software in Risk Management and a member of the technical committee that
Sacramento, CA. All medical device manufacturers should developed ISO 13485, publicly stated at the
E-mail: fubin.wu@
conduct and document product health and FDAnews 2011 Inspection Summit meeting,
gessnet.com
safety risk management. This should occur “I can’t tell you how many manufacturers
throughout the product life cycle in accordance I have seen that have tried to present their risk
with the requirements of the U.S. Food and management system by simply presenting a
Drug Administration (FDA) under 21 CFR 820, FMEA. That is not a risk management system.
Quality System Regulation, and requirements Do not make the mistake of presenting FMEAs
contained in the following international quality as your whole risk management system.”
system standards: ISO 13485:2003, subclause Trautman’s statement was based on comment
7.1, and ISO 14971:2007, Medical devices– 83 in FDA’s Preamble to the Quality System
Application of risk management to medical devices. Regulation, 21 CFR 820: “When conducting a
Addressing product health and safety risk risk analysis, manufacturers are expected to
was first required by the European Union in the identify possible hazards associated with the
Medical Device Directive and was addressed in design in both normal and fault conditions.”
Also of note is the requirement for traceability Risk analysis is a required design input in
in subclause 3.5 of ISO 14971. Subclause 4.3 of ISO 13485, and safety requirements (identified
the standard states, “The manufacturer shall in risk analysis) are a required design input in
compile documentation on known and foresee- 21 CFR 820. Hazards are required to be inputs
able hazards associated with the medical device to risk analysis as defined in the risk manage-
in both normal and fault conditions.” ment standard. Identifying these hazards then
The standard FMEA process addresses only becomes a first step in risk analysis. Risk
fault condition hazards and not normal management tools (e.g., preliminary hazard
condition hazards. Also, the standard FMEA analysis, fault tree analysis) are identified in
process addresses only single-fault condition Annex G of ISO 14971 to perform the risk
hazards. It is not the optimal tool for consider- analysis (or risk analyses) that can provide
ing hazards caused by two or more failures. much of the necessary design input risk
The standard FMEA process is not the best information. Figure 1 identifies a number of
means for documenting risks that are not tools and techniques that can be used through-
failure modes. It does not address qualitative or out the design process to perform the risk
pass/fail data as well as other processes. analyses. In addition, ISO 14971 requires
Therefore, the singular use of FMEA does not maintaining (and updating) the Risk Manage-
meet the technical requirements for a complete ment File throughout the product life cycle.
risk analysis, evaluation, or assessment.
However, based on public sources such as FDA Risk Traceability Summary Requirement
Warning Letters, some manufacturers appeared In Figure 2, we have depicted a documentation
to be unclear on how to manage and document and management process that may serve to
the overall risk management process without meet the risk traceability requirements of both
using FMEAs. CFR 820 and ISO 14971. The process uses a
Figure 1. Inputs to the risk analysis process. Abbreviations used: FDA, U.S. Food and Drug Administration;
FMEA, failure mode and effects analysis; FTA, fault tree analysis; HACCP, hazard analysis and critical control points;
HAZOP, hazard and operability analysis; MAUDE, Manufacturer and User Facility Device Experience;
PHA, preliminary hazard analysis.
Figure 2. Use of risk management throughout the product life cycle. Abbreviations used: CAPA, corrective and
preventive action; HACCP, hazard analysis and critical control points.
proven method for maintaining the required RTS and Managing Risk
documentation (i.e., the Risk Traceability Documentation During Design
Summary [RTS]). The RTS captures the use of In using this document over time, some
specific and appropriate risk analysis tools at modifications to the GHTF version have been
various stages of the product life cycle, as developed and are recommended by the
required by the standard, in a form that can be authors. These modifications have been used by
efficiently and effectively used to maintain the several companies and have been accepted by
Risk Management File. This document, and not European Notified Bodies. In Figure 3, columns
the FMEA, becomes the master document of were added to the original GHTF summary
the overall risk management process. document to include the source document (and
Subclause 3.5 of ISO 14971 requires docu- line item) for the hazard and causes of associ-
menting traceability for each identified hazard ated hazardous situation(s), which may include
in the Risk Management File. The RTS is a the FMEA or another tool, and to describe the
table used as the vehicle for maintaining the hazardous situation that identifies the exposure
documentation connections to all of the various to the hazard leading to harm. ISO 14971
risk analysis tools actually utilized. The RTS indicates that just because a hazard exists, a
was first documented in GHTF/SG3/N15:2005, harm possibly may not occur until there is
Implementation of risk management principles exposure. The hazardous situation, through
and activities within a Quality Management sequences of events, modifies the probability of
System (in Appendix C). Although the GHTF occurrence that came from causes that may
document was not updated to reflect the 2007 have been identified using tools such as FMEA.
revision of ISO 14971, it remains relevant and The resulting probability of occurrence of harm
available today for reference through the may in fact be a different value than the
International Medical Device Regulators Forum probability of an individual cause (i.e., failure
at www.imdrf.org. mode) occurring (as documented in the FMEA).
Figure 3. Risk Traceability Summary: risk assessment phase. Abbreviations used: FMEA, failure mode and effects analysis; FTA, fault tree analysis; PFMEA,
process failure mode and effects analysis. Note: A few example categories appear; this figure is not intended to represent an exhaustive list of categories.
Figure 4. Risk Traceability Summary: risk control phase. Note: Page 2 of the risk summary table is shown. A few example categories appear; this figure is
not intended to represent an exhaustive list of categories.
effectiveness. It also shows the final residual manufacturer to accumulate and archive risk
risk estimate for the identified hazard. A data in a convenient manner as information
column is provided for reference to a risk-bene- becomes available.
fit analysis report for the hazard, if the risk Using the RTS approach is preferable to
control measures do not reduce the risk to performing massive retrospective or prospec-
acceptable levels. It also is important to tive risk management projects that are outside
understand that several harms may be possible of the routine product information flow.
Another benefit of
for an individual hazard and that the result may Because this single document contains connec-
be more than one row of the spreadsheet. tions to all risk information, it can be used to the RTS is that it will
meet the requirements of the standard (sub- mature as the product
RTS Throughout the Product Life Cycle clause 3.5) and to provide a tool for future matures. Due to its
While the RTS is an excellent tool for assess- research of risk information in cases such as
modular nature, it
ing products during the design phase, its use complaints, corrective and preventive action,
also is beneficial at any stage in the product and potential recalls. Accumulating this obviates the need for
life cycle, including retrospective summaries. information in one document provides some one single massive risk
The RTS is an optimal tool for referencing assurance that no documented hazards will be assessment.
miscellaneous risk-related information, such overlooked during these research activities.
as individual studies and other required The RTS also provides a complete index of all
reports. Another benefit of the RTS is that it risk analyses and other studies and reports
will mature as the product matures. Due to its during the Overall Residual Risk Evaluation
modular nature, it obviates the need for one stage. It becomes a resource for exploring all
single massive risk assessment. Therefore, it information supporting the risk estimates
can foster the use of an appropriate risk tool identified during the various risk activities that
for the specific risk analytical situation by the occur during all stages of the life cycle of a
appropriate department(s). The RTS allows a medical device or combination product. The
Figure 5. Safety assurance case for medical devices: tabular report template
discussed in this article provides an improved 2. Hartford J. Use, Misuse, and Abuse of the Device
conceptual approach for manufacturers to Failure Modes Effects Analysis. Medical Software.
achieve these objectives efficiently throughout Available at: www.mddionline.com/article/use-
the life cycle of the device and thereby foster an misuse-and-abuse-device-failure-modes-effects-
optimal product health and safety risk manage- analysis. Accessed January 22, 2015.
ment process. n 3. U.S. Food and Drug Administration.
Infusion Pumps Total Product Life Cycle:
Acknowledgment: To Dr. Alfred Dolan
Guidance for Industry and FDA Staff.
(University of Toronto and convener of ISO TC
Available at: www.fda.gov/downloads/
210 JWG 1) for valuable assistance in reviewing
MedicalDevices/DeviceRegulationandGuidance/
and commenting on the article.
GuidanceDocuments/UCM209337.pdf.
Accessed December 5, 2014.
References
1. Schmidt MW. The Use and Misuse of FMEA in 4. Eagles S, Wu F. Reducing Risks and Recalls:
Risk Analysis. Available at: www.mddionline. Safety Assurance Cases for Medical Devices.
com/article/use-and-misuse-fmea-risk-analysis. Biomed Instrum Technol. 2014;48(1):24–32.
Accessed January 22, 2015.