Blog

Archive for Risk Management

510k Design Control Requirements and 510k Risk Management Requirements

This article reviews 510k design control and risk management requirements when compared with your design history file (DHF) and your risk management file.

Design Controls and Risk Management 510k Design Control Requirements and 510k Risk Management Requirements

Last week I presented a free webinar on how to combine Risk Management with Design Controls, when planning to submit a 510k. There were many questions about what design history file (DHF) and risk management file (RMF) documents are required for a 510k. There is no specific part of the the regulations stating what the 510k design control requirements are. However, certain elements of the DHF are required as 510k design control documentation, but not necessarily in the exact form as maintained in the DHF. For example, Design Inputs and Design Outputs are presented as applicable recognized standards and design specifications, while others will remain exactly the same (i.e., verification and validation test reports).

For Risk Management, the only submissions that require inclusion of risk documentation are devices containing software of at least moderate level risk. There are some exceptions to this as well though, based on a few special control guidance documents—especially when the submission type is an abbreviated 510k. This is article identifies which of the DHF and RMF elements are 510k design control requirements and 510k risk management requirements.

510k Design Control Requirements

Design Controls are identified in 21 CFR 820.30. Every manufacturer of any class II or class III devices, and certain class I devices (class I devices with software, tracheobronchial suction catheters, surgeon gloves, protective restraints, radionuclide applicators, radionuclide teletherapy devices) need to control design per this regulation. The requirement for a Design History File is item j) and states:

“Each manufacturer shall establish and maintain a DHF for each type of device. The DHF shall contain or reference the records necessary to demonstrate that the design was developed in accordance with the approved design plan and the requirements of this part.”

The “requirements of this part” refers to the other bullets in 21 CFR 820.30 which can be summarized as:

a) Establish and maintain procedures to control design of device.

b) Design and Development Planning – Each manufacturer shall establish a plan that describes the design and development activities, and defines responsibilities for implementation.

c) Design Inputs – Manufacturers need to ensure design requirements relating to a device are appropriate and address the intended use of the device.

d) Design Outputs – Design outputs need to be documented in terms that allow an adequate evaluation of conformance to design input requirements. Design outputs that are essential for the proper functioning of the device should be identified.

e) Design Review – Formal documented reviews of design results should be planned and conducted at appropriate stages of device development.

f) Design Verification – Design verification confirms that the design output meets the design inputs requirements.

g) Design Validation – Design validation shall be performed under defined operating conditions on initial production units or their equivalents, and shall ensure that devices conform to defined user needs and meet the intended use of the device.

h) Design Transfer – Design transfer documentation shall ensure that the device design is correctly translated into production specifications.

i) Design Changes – changes should be identified, documented, validated/verified, reviewed and approved before their implementation.

The Design History File is intended to be a repository of the records required to demonstrate compliance with your design plan and design control procedures. While companies are required to create, and maintain this documentation according to the FDA regulation, not all of the documentation will be reviewed as part of the 510k. The following table compares the elements that comprise a DHF with the 510k design control requirements.

DHF Element 510k Design Control Requirements
Design Plan Not Required
User Needs Not Required
Design Inputs

Cover Sheet (Section 1) and

Declaration of Conformity (Section 9)

 

Some design inputs will appear in the form of standards in FDA Form 3514 (Cover Sheet) and in the Declaration of Conformity FDA Form 3654 (Standards Data Report)

Design Outputs

Device Description (Section 11)

 

The Device Description lists the specifications of the device, and your Design Outputs document will help populate the Device Description. This can include drawings, pictures, or written specifications that describe your device.

Labeling

Proposed Labeling (Section 13)

The labeling is usually considered part of the Design Outputs within the DHF, and is included specifically in the labeling section of the 510(k) submission. This includes both the Instructions for Use and any Package Labeling.

Verification and Validation Protocols

Not Required

 

You do not have to include the protocols, but the reviewer may ask to see them if they have any questions when reviewing the reports.

Verification and Validation Reports

Sterilization (Section 14)

Biocompatibility (Section 15)

Software (Section 16)

Electrical Safety and EMC (Section 17)

Bench Performance Testing (Section 18)

Animal Performance Testing (Section 19)

Clinical Performance Testing (Section 20)

 

Of course, not all of these sections will be applicable for every device, but you should include all relevant validation test reports within your submission in the appropriate section of the 510k. Typically, each of these sections will have a cover sheet that outlines the reports that are included within the section, and then you can just include the report from the DHF in its entirety behind the cover sheet in that section.

Process Validation Only required for sterilization validation typically, but there are exceptions for novel materials and coatings
Work Instructions Not Required for 510k
Design Review Meeting Minutes Not Required for 510k
Design Trace Matrix Only required for software
Risk Management File Sometimes – See Risk Management File Table Below
Post-Market Surveillance Plan Not Required, but a few exceptions for high risk devices
Clinical Data Summary Required only if used to demonstrate safety and efficacy
Regulatory Approval Will result from 510k Clearance, so nothing to be included in 510k submission.

510k Risk Management Requirements

Regarding the FDA regulations for risk management, there is a requirement under the Design Validation section of 21 CFR 820.30 that states:

“Design validation shall include software validation and risk analysis, where appropriate.”

For the purposes of FDA compliance and CE Marking, both recognize ISO 14971 as the standard for risk management. FDA recognizes ISO 14971:2007 whereas EN ISO 14971:2012 is the European National version for CE Marking. Rob Packard wrote an article describing the contents of the risk management file as well as the specific differences in the requirements between the FDA and CE Marking with regard to ISO 14971.

For the purposes of your 510k submission, the FDA only requires risk management documentation to be included if the product contains software and the risk is at least a level of “moderate concern”. There are some other cases when risk management is required by special controls guidance documents, but even when it is required you only have to submit your risk analysis. The table below describes the risk management requirements in greater detail.

RMF Element 510k Risk Management Requirement
Risk Management Plan Not Required
Hazard Identification

510ks with Software Only (Section 16)

 

Hazard Identification is only required for devices that have a software component. It is not required for most other devices.

Risk Assessment

510(k)s with Software (Section 16)

Certain Special Controls Guidance

 

The Risk Assessment is only required to be included if your device contains software, or if a special controls guidance document specifically requires risk assessment. It is not required for other 510ks.

Risk Control Option Analysis Software and Certain Special Controls Guidance
Risk Control Verification and Validation

Sterilization (Section 14)

Biocompatibility (Section 15)

Software (Section 16)

Electrical Safety and EMC (Section 17)

Bench Performance Testing (Section 18)

Animal Performance Testing (Section 19)

Clinical Performance Testing (Section 20)

 

This will not be any additional or special documentation specific to Risk Management, and was already included in the DHF breakdown above, but the verification and validation also relate back to risk management in ensuring that the risks have been adequately mitigated.

Risk Benefit Analysis

Not Required for 510(k)

 

Risk Benefit analyses are only required for De Novo applications, Humanitarian Device Exemptions and PMAs.

Informing Users and Patients of Risks

Labeling (Section 13)

 

Part of the risk management will appear in the Labeling section of the 510k as warnings, contraindications, and precautions within the Instructions for Use and Package Labeling.

Risk Management Report Not Required

Your first step in preparing your 510k submission is to search the FDA Guidance Document Database to determine if there is an applicable guidance document for your device. You can read another blog we wrote to explain Special Controls Guidance documents, and how to determine if one is applicable to your device. The following list provides examples of Class II Special Controls Guidance documents that require risk analysis to be included within the 510k:

When there are 510k risk management requirements, the special controls guidance document will typically state, “We recommend that the summary report contain:

An identification of the Risk Analysis method(s) used to assess the risk profile in general as well as the specific device’s design and the results of this analysis. (Refer to Section 6 for the risks to health generally associated with the use of this device that FDA has identified.)

Discussion of the device characteristics that address the risks identified in this class II special controls guidance document, as well as any additional risks identified in your risk analysis.”

The special controls guidance will also identify risks to health that have been identified for products of that type, which you should be sure to include in your risk analysis as appropriate.

More information on 510k design control & risk Management requirements

Hopefully, you are now able to determine which elements of your DHF are 510k design control requirements and which elements of your RMF are 510k risk management requirements. If you would like more information about how to implement design controls and risk management within your product development process, please register for our free webinar. If you need any further information or specific assistance with your 510k submission, please feel free to send me an email at mary@fdaecopy.com or schedule a call with our principal consultant, Rob Packard who can answer any of your medical device regulatory questions.


Click here to schedule a 15 minute call 300x62 510k Design Control Requirements and 510k Risk Management Requirements

Posted in: 510(k), Design Control, Risk Management

Leave a Comment (0) →

Checking adverse event history for your device and competitors

Article explains checking adverse event data for medical devices as part of design and development, risk management and post-market surveillance.

TPLC Database Checking adverse event history for your device and competitors

When should you be checking adverse event history?

There are three times when you should be checking adverse event history:

  1. when you are planning a new or improved medical device and you want to know how current devices on the market malfunction (design and development planning),
  2. when you are identifying hazards associated with a medical device as part of your risk management process, and
  3. when you are gathering post-market surveillance data about your device and competitor devices.

Where should you be checking adverse event history?

Most countries have some kind of database for gathering adverse event data for medical devices, but most of these databases are not open to the public. The most common question I am asked is, “How do you access the Eudamed database?” for reporting of adverse events in Europe. Unfortunately, you can’t access Eudamed. The Eudamed database is only available to competent authorities at this time. The primary publicly accessible database for adverse event reporting is the US FDA MAUDE database. The MAUDE database is also integrated with other FDA databases for 510k submissions and recalls. This combined database is called the Total Product Life Cycle database.

Are there other public databases for checking adverse event history?

Yes. The Therapeutic Good Administration (TGA) in Australia makes adverse event data publicly available. The TGA also has a national registry for implanted orthopedic devices that publishes an annual report. There are other countries that also have public registries.

When will checking adverse event data for Europe be possible?

The Eudamed database for Europe was created in 1999 by the German organization DIMDI. In 2000 the responsibility for the database was taken over by the European Commission. The latest update is that manufacturers will be responsible for updating the Eudamed database in the future as part of the new European Regulations. This requirement will be implemented during the next years. The database will also become accessible to the public.

When you collect post-market surveillance data, which data should you collect?

Searching for post-market surveillance data should be performed on a frequency that is risk-based. If you have a brand new device, a high risk device or a device that is implanted; post-market surveillance data should be reviewed frequently–either monthly or quarterly. In fact, the new European guidance document for clinical evaluation reports (MEDDEV 2.7/1 rev 4) requires that clinical evaluation reports be updated at least annually for these devices. It is also important that you collect post-market surveillance data for both your device and competitor products. Therefore, you should be reviewing all the publicly available adverse event databases. You should also be reviewing your own complaint data, and you should be searching for journal articles that may include adverse event data–possibly associated with a clinical study.

Available Resources

If you want to learn more about post-market surveillance data collection, please visit our webinar page. There is also a procedure for Post-Market Surveillance (SYS-019).

Posted in: Risk Management

Leave a Comment (0) →

Risk Management Traceability for CE Marking Technical Files

This article explains how to use risk management traceability for CE Marking in order to cross-reference hazards, risks and risk controls throughout your technical file. This approach will more efficiently integrate risk management tools into your Design History File (DHF), post-market surveillance documentation and clinical evaluation reports (CERs).

The table below provides a simple template for nomenclature of risk management elements that you need to cross-reference and provides risk management traceability for throughout your technical documentation.

Screenshot 2015 11 05 at 7.29.21 AM Risk Management Traceability for CE Marking Technical Files

The table does not include a cross-reference code for verification and validation reports, because there could and typically are multiple risk controls that are validated and verified for each risk and many times they are applied across multiple product lines. Therefore, it is more efficient to simply reference the controlled document number for the verification report that is applicable to that risk control.

Basic Concept of Risk Management Traceability

The concept of risk traceability is more than being able to identify the verification and validation study that was performed in order to verify effectiveness of risk controls in your FMEA, because it is in the same row of your table. Best practice is to number your hazards, risks and risk controls so that you can cross-reference more easily throughout all your technical documentation [i.e., design requirements matrix, risk management file, clinical evaluation report, post-market surveillance plan / reports and post-market clinical follow-up (PMCF) report].

Design Requirements Traceability Matrix (DRTM)

The design requirements traceability matrix (DRTM) is a combination of two documents that have been used for the past two decades by medical device manufacturers: 1) the design requirements matrix or IOVV (i.e., inputs, outputs, verification and validation), and 2) the risk traceability matrix. The second document is less commonly used, but an example of one is provided in the Figure 3 of the GHTF risk management guidance document SG3 N15R8.

The risk management summary table that is presented in Figure 3 of the guidance also provides cross-references to specific tests, and each test has an identification number for traceability. This approach is also used frequently in risk control plans–an excellent tool for production process controls and planning product realization prior to process validation.

Risk Management Traceability to Post-Market Surveillance

I recommend that companies create a post-market surveillance plan for devices or device families during the design transfer process. This is NOT the post-market surveillance procedure. Your procedure should indicate the process you use for post-market surveillance, but your plan should be process specific and identify specific risks that you intend to gather post-production data for. The post-market surveillance plan should provide traceability back to each risk in your risk management file (e.g., R1, R2, R3). You should include a post-market clinical follow-up (PMCF) protocol and and report that also cross-reference to these risks and associated risk controls–or provide a justification for not conducting a PMCF study. In the 2016, the new European Medical Device Regulations (EMDR) will require that both the protocol and the report be included in your post-market surveillance plan as a required section (see Annex II of the proposed regulations) of the technical file or design dossier. Finally, I recommend that you revise and update your risk management plan for post-production data collection at the time of design transfer. When you make this revision, I recommend moving the risk management plan from the design plan to your post-market surveillance plan as an integral part of the plan (i.e., one of the primary sections of the plan).

Risk Management Traceability for Your Clinical Evaluation Report (CER) 

In your clinical evaluation report (CER), if you simply said that “the clinical data reviewed addresses all of the residual risks identified in the risk management summary report” you are not being specific enough. Your clinical evaluation report (CER) should explain how the clinical study data you reviewed addresses each of the risks that you identified in your risk analysis. Personally I like to have subsections in the discussion section of the clinical evaluation report (CER) for each of the risks identified in the risk management file. I also do this when I write my post-market surveillance plan. When I do this I include a cross-reference to the applicable hazard in my design requirements matrix, risk analysis and hazard identification summary report (e.g., “HZ1”, “HZ1” and “HZ3”).

Risk Management Traceability to Warnings & Precautions

ISO 14971:2007 indicates that disclosing residual risks to users of your device is a risk control. In Annex ZA, deviation 7 of EN ISO 14971:2012 it indicates that you cannot claim to reduce the risks of your product by disclosing this residual risks–even though these are considered risk controls. You should still validate the effectiveness of the instructions for use, technique guide and training through simulated use studies prior to product release. However, you cannot claim a quantitative risk reduction in your risk analysis as per deviation 7. Of course there can be a reduction in overall risks when you train users, but you can’t claim it and the prevalence of “use errors” demonstrates the limited effectiveness of IFUs and training.

Additional Risk Management References

I have published 14 previous blogs specifically on the topic of risk management over the past couple of years. Please click here if you are looking for more information related to risk management. You can expect many more blogs on this topic during the next six months because I will be presenting four presentations in Brussels at an international medical device conference scheduled for June 13-17, 2016.

Procedures & Templates for Risk Management

If you are looking for a procedure (SOP) and associated form for risk management please click here.

Posted in: Risk Management

Leave a Comment (2) →

Risk Management File Compliance for 510k and CE Marking

This article compares risk management file FDA requirements for CE Marking and 510k submission requirements.

Risk Management File Risk Management File Compliance for 510k and CE Marking

The FDA only requires documentation of risk management in a 510k submission if the product contains software and the risk is at least a “moderate concern.” Even then, the 510k submission only requires submission of a design risk analysis. Knee implants do not require submission of a risk analysis, even though manufacturers are required to perform risk analysis in accordance with ISO 14971, because knee implants do not contain software. Therefore, it is not uncommon for a product that is already 510k cleared to receive audit nonconformities related to the risk management documentation during a technical file review by a Notified Body.

The FDA recognizes ISO 14971:2007 as the standard for risk management of medical devices. CE Marking also requires compliance with ISO 14971, but specifically the European national version of the standard (i.e., EN ISO 14971:2012). The most common technical file deficiencies related to risk management during a CE Marking application include the following:

  1. compliance with ISO 14971:2007 instead of EN ISO 14971:2012
  2. reduction of risks as low as reasonably practicable (ALARP) instead of reducing risks as far as possible (AFAP)
  3. reducing risks by notifying users and patients of residual risks in the IFU
  4. only addressing unacceptable risks with risk controls instead of all risks–including negligible risks

Each of these deficiencies is also explained in Annex ZA, ZB and ZC of EN ISO 14971:2012.

7 Deviations

Notified Body auditors are supposed to be reviewing your risk management process and sampling your risk management files to verify that you conform with the requirements for risk management as defined in EN ISO 14971:2012 and in the applicable European directive. Most manufacturers with CE Certificates have updated their procedures for compliance with the European National version, but the updates are not always complete or done correctly. Therefore, auditors need to be systematic in their review for compliance. I recommend creating a three column table in your audit notes for each of the 7 deviations. The first column would state the requirement from the applicable annex of EN ISO 14971:2012. The second column is used to document where in the risk management procedure each of the seven requirements is addressed. If you can’t find it quickly during your review–as the person you are auditing to find it for you. The third column is used to document which risk management file you sampled and where in the risk management file the auditor was able to find compliance with one of the deviations. If the auditor can’t find an example of compliance in the procedure or the risk management file, then there is a minor nonconformity that needs to be corrected and recurrence needs to be prevented.

Note: Remember that auditing is about verifying compliance–not scouring 100% of the records for nonconformity.

Procedure Review

The first step in responding to correcting deficiencies in your risk management process is to update your procedure. The following basic elements need to be included in the procedure:

  • risk management plan
  • hazard identification
  • risk analysis
  • risk control option analysis
  • verification of risk control effectiveness
  • risk / benefit analysis
  • risk management report

Many of the procedures I review focus on the risk analysis process, and the most common tool for risk analysis is a failure modes and effects analysis. This is an excellent tool for process risk analysis, but it is only one of many possible tools and it is not ideally suited for design risk analysis. In addition, your procedure is not adequate as a risk management plan. You need risk management plans that are product-specific or specific to a product family. Your risk management plan must also change and adapt as products progress from the design and development process to post-market surveillance. Finally, many of the procedures only require a risk / benefit analysis to be performed when risks are not acceptable, while the European MDD requires that all CE Marked products include a risk / benefit analysis for each risk identified in the risk analysis and the overall risk of the product or product family.

Risk Management Plans

Risk management is required throughout product realization, but the activities are quite different during the pre-market and post-market phases. Therefore, I recommend including a risk management plan as part of the design and development plan to address pre-market needs for risk management. Once a product development project reaches the design transfer phase, then a post-market risk management plan needs to be written. I incorporate this plan into the post-market surveillance plan for the product or product family. This approach ensures that the the risk analysis will be linked directly with post-market surveillance after the product is released.

Hazard Identification

Many companies do create a specific document that identifies all the hazards associated with a product. This is an important step that should occur early in the design and development process before design inputs are finalized. During the development process these hazards may need to be updated as materials and production processes are developed. Some companies may choose to identify hazards at a different time or in a different way, but the proposed European Medical Device Regulations (EMDR) requires that the hazards are identified as one of the essential requirements. The ISO 14971:2007 standard suggests that design teams should identify as many hazards as possible, estimate the risks and then implement risk controls for any risks that are unacceptable. The EN ISO 14971:2012 standard requires that risk controls be implemented for hazards–regardless of acceptability. For this reason, I recommend companies restrict their identification of hazards to the most likely product malfunctions and hazards of high severity. This list should include any hazards already identified in the FDA’s MAUDE database.

Risk / Benefit Analysis & Risk Traceability Matrix

In order to perform a risk / benefit analysis you have to know the likelihood of potential hazards resulting in harm and the clinical benefits of a product. Unfortunately, reduced cost cannot be used to justify the acceptability of a device. Risk / benefit analysis must be performed for each risk and the overall residual risks. Therefore, it is important to identify clinical benefits that outweigh each of the risks. I recommend using a risk traceability matrix in order to document each risk / benefit analysis. This can be a separate risk management document or it can be incorporated into a design requirements matrix. It is also important to identify any warnings, precautions or contraindications that should be documented in information provided to patients and users when risks cannot be completely eliminated. This may be the last column of your risk traceability matrix.

Risk Management Report

The risk management report should be a summary technical document (i.e., STED). The STED should reference the procedure that was used and indicate all the risk management activities that were performed specific to the product or product family defined in the scope of the risk management report. The dates of activities, changes made and cross-references to any controlled documents should be included in the risk management report. I recommend maintaining the risk management report as a controlled document and revising the document to reference additional risk management activities when they occur. The bulk of details should be contained in the referenced risk management documents within the report.

Procedures & Templates

If you are looking for a procedure (SOP) for risk management please click here.

Posted in: Risk Management

Leave a Comment (3) →

Using Instructions for Use and Labeling as Risk Controls in ISO 14971

Residual Risks Using Instructions for Use and Labeling as Risk Controls in ISO 14971This article reviews the requirements for Instructions for Use and labeling as risk controls in the risk management standard for medical devices: ISO 14971. Specifically, the impact of the seventh deviation identified in the European national version of the ISO 14971 Standard (http://bit.ly/ISO14971-2012changes) is reviewed. 

Labeling, instructions and warnings are required for medical devices. Unfortunately, information provided by manufacturers is not effective at preventing hazardous situations and foreseeable misuse–especially if the user throws the paper leaflet in the garbage 10 seconds after the box is opened. Since information provided to the user and patients is not effective in preventing harm, the European Commission indicated that this information shall not be attributed to risk reduction. 

The European Commission is not suggesting that your company should stop providing directions or warning users of residual risks. The intent of this deviation is to identify incorrect risk estimation procedures. For example, if you are using Failure Mode And Effects Analysis (FMEA), (see Annex G.4 of the risk management standard) to estimate risk for a new product, you should not be listing labeling and IFUs as a primary risk control. Clause 6.2 of the ISO 14971 Standard correctly identifies “information for safety” provided by the manufacturer as risk controls, but the effectiveness of these risk controls is so poor that you should not estimate that risks are reduced by implementation of labeling and IFUs.

In Clause 2.15 of the ISO 14971 Standard, residual risk is defined as “risk remaining after risk control measures have been taken.” However, I prefer the following following definition which incorporates the concept of clinical evidence, design validation and post-market surveillance:

“Residual risks are risks that remain: 1) after implementation of risk controls, 2) when products are used for new indications for use, 3) when products are used for wider user and patient populations, 4) when products are misused, and 5) when products are used for periods of time longer than the duration of pre-market clinical studies.”

The second essential requirement (ER2) states that users shall be informed of residual risks, but the conclusion that “information about residual risks cannot be a risk control” is incorrect. The most important wording in the deviation is ¨the information given to the users does not reduce the (residual) risk any further.¨ Failure to reduce risks any further is due to the lack of effectiveness of risk controls. Validation of risk control effectiveness should be performed during design validation, but validation will be limited to a small group of users and patients.

Risk Management Report & Post-Market Surveillance Plan

In your risk management report, risk control options analysis should be summarized. Instead of evaluating risk acceptability prior to implementing risk controls, risk controls should be implemented and any residual risks should be identified. A risk/benefit analysis must be performed for each residual risk and the overall residual risks. If the conclusion is that the benefits of the device outweigh the residual risks, then the device can be commercially released.

At the time of the final design review and commercial release a Post-Market Surveillance (PMS) plan should be developed that includes an updated risk management plan. The updated risk management plan should specifically address how to estimate residual risks and verify the effectiveness of information provided to users and patients. Verification of risk control effectiveness should be part of the design verification and validation activities, but verification of effectiveness should also be part of on-going PMS.

In order to facilitate future updates of your risk management report, you may want to organize risk controls into the following categories (in this order):

  1. Design elements (highly effective)
  2. Materials of construction (highly effective)
  3. Methods of manufacture (highly/moderately effective)
  4. Protective measures & alarms (moderately effective)
  5. Information provided to users & patients (least effective)

Each of the above risk controls will need to be addressed by your PMS plan.

This is the 7th and final blog in our Risk Management series. A Risk Management whitepaper will be released in January.

Posted in: Risk Management

Leave a Comment (2) →

Risk Control Options for Medical Devices: Deviation #6

%name Risk Control Options for Medical Devices: Deviation #6This blog discusses risk control options for medical devices; the 6th deviation identified in the European National version of the Risk Management Standard.

Design is not the same as design and construction. This is the interpretation of the European Commission. The sixth of the seven deviations identified in the European National (EN) version of the Risk Management Standard (i.e., EN ISO 14971:2012; http://bit.ly/ISO14971-2012changes), states that “inherent safety by design” is not precise enough. Section 2 of the Essential Requirements (i.e., Annex I of the MDD) states that the first risk control option must be selection of design and construction that eliminates or reduces risk as far as possible, while the international (ISO) risk management standard (i.e., ISO 14971:2007) only states that inherent safety by design is required.

The difference between the requirements of the ISO and the EN standard are not just semantics. If you read part II of the Essential Requirements (ERs; i.e., ER 7-13), there are many examples of how the construction of devices should be considered. The following are three examples:

  • ER 7.5 – leaking from the device
  • ER 8.2 – tissues of animal origin
  • ER 9.2 -aging of materials

Therefore, in order to comply the the intent of the Directive, you must consider far more than just the design of the device.  Construction is interpreted as both the risks associated with the materials to fabricate a device and the methods of manufacture. In the proposed EU regulations, the European Commission seeks to clarify the requirements for implementation of risk controls, but the draft legislation still seems vague.

Implementing Risk Control Options for Medical Devices

The following wording for implementation of risk control options in the new proposed second Essential Requirement is below:

“The manufacturer shall apply the following principles in the priority order listed:

a. identify known or foreseeable hazards and estimate the associated risks arising from the intended use and foreseeable misuse;

b. eliminate risks as far as possible through inherently safe design and manufacture

c. reduce as far as possible the remaining risks by taking adequate protection measures, including alarms; and

d. provide training to users and/or inform users of any residual risks.”

In this proposed wording, the word “construction” was replaced by the word “manufacture.” However, in other parts of the new proposed Essential Requirements (http://bit.ly/NewERCGap) the materials of fabrication are specifically addressed, as well. For example:

  • ER 7.1d) was added as a new requirement…”d) the choice of materials used, reflecting, where appropriate, matters such as hardness, wear and fatigue strength.”
  • ER 7.6 was added as a new requirement to address risks associated with the size and properties of particles—especially nanomaterials.

The new proposed Essential Requirements also include numerous examples of how the manufacturing processes must ensure proper safety. Essential Requirement 10 specifically references new Commission Regulation (EU) No 722/2012 (http://bit.ly/AnimalTissueReg)–specific to devices manufactured using animal tissues or cells of animal origin.

Even though the proposed regulations are more detailed with regard to application of risk management, they do not specify if it is required to implement risk control options for both materials and methods of manufacture simultaneously, or if the manufacturer may choose between the two. The phrase “taking account of the generally acknowledged state of the art” is used in the second Essential Requirement, but “state of the art” is a moving target, and the European Commission may find existing Standards to be deficient.

For reducing the risk of infection, the Commission does not require that companies implement aseptic processing, antimicrobial materials and terminal sterilization. One of the three is sufficient. This is why we have ISO Standards for sterilization validation, and we define “sterile” as a sterility assurance level of 10-6.

If the Commission maintained the language of the ISO 14971:2007 Standard, “as low as reasonably practicable,” then manufacturers could select risk control options based upon acceptability of risk. However, the EN version of the risk management standard creates significant challenges for implementation, and we are forced to evaluate the risk control measures we implement against those used by other manufacturers during the process of risk option analysis.

A 7th and final blog regarding the seven deviations will be released later this month.

Posted in: Risk Management

Leave a Comment (0) →

ISO 14971 Deviation #5-Risk Control for CE Marking Medical Devices

The author reviews ISO 14971 Deviation #5, which is specific to selecting risk control options and protective measures for CE Marking medical devices.

%name ISO 14971 Deviation #5 Risk Control for CE Marking Medical DevicesIf your company is CE Marking medical devices, you are required to satisfy the Essential Requirements for Safety and Performance as defined in the three European Directives (i.e., – the MDD, http://bit.ly/M5MDD; the AIMD, http://bit.ly/AIMDDirective; and the IVDD, http://bit.ly/currentIVDD. Throughout these Essential Requirements, there is a requirement to reduce risks “as far aspossible” (AFAP) by implementing risk controls. At one time, the expectation was for companies to implement the state of the art with regard to risk controls, and “state of the art” was interpreted as the latest version of the harmonized ISO Standards. However, lawyers dominating the European Commission appear to disagree with the status quo.

Therefore, in 2012, the European National (EN) version of the Medical Device Risk Management Standard was revised (http://bit.ly/ISO14971-2012changes). There is no change to the content of Clauses 1 through 9. Instead, the European Commission identified seven content deviations between the 14971 Standard and the EU Directives. These deviations are identified and explained in Annexes ZA, ZB, and ZC. This blog is the fifth installment of Medical Device Academy’s seven-part blog series on this topic. The goal of the series is to identify solutions for meeting the Essential Requirements by suggesting changes to the current best practices of implementing a risk management process for medical device design.

Discretion as to the Risk Control Options/Measuresiso14971 deviation 5 ISO 14971 Deviation #5 Risk Control for CE Marking Medical Devices

Essential Requirement 1 and 2 require that risk control options are implemented for all risks prior to determining acceptability of residual risks. Essential requirement 2 also requires manufacturers to implement all risk control options—unless the risk controls do not further reduce risk.

Clause 6.2 of the 14971 Standard suggests that you only need to use “one or more” of the risk control options, and Clause 6.4 indicates that further risk control measures are not needed if the risk is acceptable. There is a clear contradiction between the intent of the Standard and the Directives.

If risk acceptability has no impact upon whether you will implement risk controls, there is really no need for performing a preliminary risk evaluation. Therefore, I have three recommendations for changes to your current risk management process:

  1. Ignore Clause 5 of the 2007/2009 version of ISO 14971
  2. Eliminate the second step of risk assessment from your flow chart for risk management (see Figure 1 from the 14971 Standard)
  3. Define risk management policies upon clinical benefits, rather than absolute risks

Instead of performing a preliminary risk evaluation (Clause 6.5), risk/benefit analysis should be moved to Clause 7, where the evaluation of overall residual risk acceptability is required. By making this change, risk controls will be implemented, regardless of risk acceptability, and acceptability of risks will be dependent upon the risk/benefit analysis alone.

Impact of this Deviation

Implementing changes to your risk management process to address this deviation has great potential to impact the design of devices—not just the risk management documentation. Design teams will no longer be able to stop the design process with an initial design that has an “acceptable risk.” Instead, design teams will be forced to implement additional risk controls and protective measures for device designs that already have a low risk of harm for certain failure modes.

The requirement to implement additional risk controls will increase the cost of devices that may have been relatively safe without the risks controls. For example, if a device is not intended to be implanted, but it is a potential foreseeable misuse, then your company may have used the instructions for use to communicate the residual risk associated with misuse of the device. However, now your company will have to implement design controls (e.g., –selection of materials suitable for implantation) to eliminate the risks associated with misuse, and protective measures (e.g., – radio-opaque thread) to help retrieve product that was implanted in an “off-label” usage.

For anyone interested in risk management training, please contact Rob Packard directly by email: rob@13485cert.com.

Posted in: Risk Management

Leave a Comment (0) →

ISO 14971 Deviation #4: Risk/Benefit Analysis

%name ISO 14971 Deviation #4: Risk/Benefit AnalysisThe author reviews ISO 14971 Deviation #4, which is specific to the requirement for risk/benefit analysis.

This blog is the fourth installment in our seven-part series, which  reviews each of the content deviations between the three device directives for Europe and international risk management standard (ISO 14971:2007). The deviations were identified in the new European National version of the Standard released in 2012. There was no change to the content of Clauses 1 through 9 in ISO 14971, but the there were seven deviations from the directives identified by the European Commission.

Discretion as to Whether a Risk/Benefit Analysis Needs to Take Place

The fourth deviation is specific to the requirement for risk/benefit analysis. Clauses 6.5 and 7 of the 14971 Standard both imply that a risk/benefit analysis is only required if risks exceed a threshold of acceptability, and Annex D.6.1 indicates that “A risk/benefit analysis is not required by this International Standard for every risk.” However, essential requirement 1 and 2 require that you perform a risk/benefit analysis for each risk and overall residual risk. Essential requirement 6a also requires a risk/benefit analysis as part of the conclusion in your Clinical Evaluation Report (http://bit.ly/ER6aMEDDEV).

Your company may have created a risk management procedure, which includes a matrix for severity and probability. The matrix is probably color-coded to identify red cells as unacceptable risks which require a risk/benefit analysis, yellow cells that are ALARP and green cells that are acceptable. Based upon the guidance provided in ISO 14971, your company probably identified that a risk/benefit analysis is only required for a risk which falls in the red zone of the matrix where the risk is “unacceptable.”

Deviation 4 ISO 14971 Deviation #4: Risk/Benefit Analysis

Unfortunately, this approach is not compliant with the European Directives, because the Directives require that a risk/benefit analysis be performed for each risk and all residual risks—not just the risks you identify as unacceptable. The fourth deviation between the ISO 14971 Standard and the Essential Requirements of the European Directives is relatively simple to address with a change to your risk management process. To comply with EN ISO 14971:2012, the “red zone” should not be labeled as risk/benefit analysis, because even risks in the “green zone” require risk/benefit analysis.

Impact of this Deviation

In a previous blog (http://bit.ly/14971Dev2), we determined that all risks must be reduced by the implementation of risk controls. In this blog, we established that after implementation of risk controls, all residual risks must be subject to a risk/benefit analysis. Your company will need to eliminate the use of a risk evaluation matrix like the one shown above. Instead of relying on a risk management policy for evaluating the acceptability of risk, your company should be performing a risk/benefit analysis to determine the acceptability of risks.

The best way to integrate risk/benefit analysis for evaluation of acceptability of all risks is to integrate this with the clinical evaluation process. In addition to using clinical literature, clinical study data and post-market surveillance as inputs for your clinical evaluation, your company should also be using residual risks as inputs to the evaluation. The clinical evaluation should be used to assess the significance of these residual risks, and verify that there are not any risks identified in the clinical evaluation that were not considered in the risk analysis.

In order to document that your company has performed a risk/benefit analysis for each residual risk, you will need to reference the risk management report in the clinical evaluation and vice-versa. Both documents will need to provide traceability to each risk identified in the risk analysis, and conclusions of risk acceptability will need to be based upon the conclusions of the clinical evaluation.

Once the product is launched, you will need to update the clinical evaluation with adverse events and other post-market surveillance information. As part of updating clinical evaluations, you will need to determine the acceptability of the risk when weighed against the clinical benefits. These conclusions will then need to be updated in the risk management report—including any new or revised risks.

If you are interested in risk management training, please send your request to: rob@13485cert.com.

Please Join us on Social Medialinkedin 1 ISO 14971 Deviation #4: Risk/Benefit Analysisgoogleplus ISO 14971 Deviation #4: Risk/Benefit Analysistwitter ISO 14971 Deviation #4: Risk/Benefit Analysis

Posted in: Risk Management

Leave a Comment (2) →

7 Deviations within EN ISO 14971:2012: Deviation #3-Risk Reduction

%name 7 Deviations within EN ISO 14971:2012: Deviation #3 Risk ReductionThis third blog in a seven-part series reviews deviation #3-risk reduction within the EN ISO 14971:2012 Standard.

In 2012, the European National (EN) version of the Medical Device Risk Management Standard was revised, but there was no change to the content of Clauses 1 through 9. Instead, the European Commission identified seven content deviations between the 14971 Standard and the requirements of three device directives for Europe. This seven-part blog series reviews each of these changes individually, and recommends changes to be made to your current risk management policies and procedure.

Risk reduction “As Far As Possible” (AFAP) vs. “As Low As Reasonably Practicable” (ALARP)

The third deviation is specific to the reduction of risk. Risk cannot always be eliminated by design solutions. This is why medical devices use protective measures (i.e., – alarms) and inform users of residual risks (i.e., – warnings and contraindications in an Instructions For Use (IFU). However, Essential Requirement 2 requires that risks be reduced “as far as possible.” Therefore, it is not acceptable to only reduce risks with cost-effective solutions. The “ALARP” concept has a legal interpretation which implies financial considerations. However, the European Directives will not allow financial considerations to override the Essential Requirements for safety and performance of medical devices. If risk controls are not implemented, the justification for this must be on another basis other than financial.

There are two acceptable reasons for not implementing certain risk controls. First, the risk control will not actually reduce additional risk. For example, if your device already has one alarm to identify a battery failure, a second alarm for the same failure will not actually reduce further risk. In fact, the redundant alarms are often distracting, and too many alarms will result in users ignoring them.

The second acceptable reason for not implementing a risk control is that there is a more effective risk control that cannot be simultaneously implemented. For example, there are multiple ways to anchor orthopedic implants to a bone. However, there is only enough real estate to have one fixation element at each location. If a femoral knee implant is already being anchored to the femur with metal posts and bone cement, you cannot also use bone screws at the same location on the femur to anchor the implants in place.

Example of Deviation #3-Risk Reduction

Annex D.8 in ISO 14971, recommends the ALARP concept in Clause 3.4 of the 14971 Standard. Therefore, the risk management standard is contradicting the MDD. This contradiction is the primary reason why medical device companies should discontinue the use of phthalates and latex for most medical devices. Even though these materials are inexpensive solutions to many engineering challenges presented by medical devices, these materials present risks that can be avoided by using more expensive materials that are not hazardous, and do not pose allergic reactions to a large percentage of the population. The use of safer materials is considered “state-of-the-art,” and these materials should be implemented if the residual risks, after implementation of the risk control (i.e., – use of a safer material) is not equal to, or greater than, the risk of the cheaper material.

Recommended Changes

Your company may have created a risk management procedure which includes a matrix for severity and probability. The matrix is probably color-coded to identify red cells as unacceptable risks, yellow cells that are ALARP and green cells that are acceptable. To comply with EN ISO 14971:2012, the “yellow zone” should not be labeled as ALARP. A short-term solution is to simply re-label these as high, medium and low risks. Unfortunately, renaming the categories of risk high, medium and low will not provide guidance as to whether the residual risk reduced “as far as possible.” chart dev 3 7 Deviations within EN ISO 14971:2012: Deviation #3 Risk Reduction

Resolution to this Deviation

As companies become aware of this deviation between the 14971 Standard and the Essential Requirements of the device directives, teams that are working on risk analysis, and people that are performing a gap analysis of their procedures will need to stop using a matrix like the example above. Instead of claiming that the residual risks are ALARP, your company will need to demonstrate that risks are reduced AFAP, by showing objective evidence that all possible risk control options were considered and implemented. Your procedure or work instruction for performing a risk control option analysis may currently state that you will apply your risk management policy to determine if additional risk controls need to be applied, or if the residual risks are ALARP.

This procedure or work instruction needs to be revised to specify that all risk control options will be implemented, unless the risk controls would not reduce risks further, or the risk controls are incompatible with other risk controls. Risk control options should never be ruled out due to cost.

Posted in: Risk Management

Leave a Comment (1) →

7 Deviations within EN ISO 14971:2012: Risk Evaluation Process

This 7 part blog series continues with the author reviewing deviation #2 of the EN ISO 14971: 2012 Standard, which is specific to the risk evaluation process. 
%name 7 Deviations within EN ISO 14971:2012: Risk Evaluation Process

In 2012, the European National (EN) version of the Medical Device Risk Management Standard was revised, but there was no change to the content of Clauses 1 through 9. Instead, the European Commission identified seven content deviations between the 14971 Standard and the requirements of three device directives for Europe. This seven-part blog series reviews each of these changes individually.

Discretionary Power of Manufacturers as to the Acceptability of Risks: The Risk Evaluation Process

The second deviation is specific to the risk evaluation process. The ISO 14971 Standard indicates in Annex D4 that the acceptability of risk is not specified by the Standard and must be determined by the manufacturer. In Clause 3.2 of the 14971 Standard, it states that, “Top management  shall: define and document the policy for determining criteria for risk acceptability.” This risk management policy is intended to indicate a threshold for risk acceptability. In Clause 5 of the 14971 Standard, the manufacturer is instructed to evaluate whether risks are acceptable using the risk management criteria defined in the risk management policy.

Essential requirements 1 and 2 require that risks be reduced as far as possible, and that all risks shall be included in a risk/benefit analysis—not just the risks above a certain threshold. Therefore, the requirement to establish a risk policy for the acceptability of risk directly contradicts the MDD.

Since the 2nd edition of the 14971 Standard was first issued (i.e., -2007), clients have been asking me how to establish acceptability criteria. For new devices, I recommend benchmarking the risks of the new device against existing devices. In other words, if the new device presents equal or lower risks than existing devices, then the risks of the new device are acceptable. For existing devices, I recommend performing a risk/benefit analysis, evaluating adverse events observed with the device against the benefits of using the device. Unfortunately, most companies choose arbitrary thresholds for acceptability of risk. Instead of relying upon benchmarking or risk/benefit analysis, companies will establish a policy that all risks must be below a quantitative value. For example, if the range of possible risks scores are from 1 to 1,000, all risks of 100 or less may be acceptable.

What is Acceptable?

In order to comply with the EN ISO 14971:2012 version of the risk management standard, you will need to implement risk controls for all risks, regardless of acceptability. However, you will also need to perform a risk/benefit analysis. The risk/benefit analysis should consider not only the benefits to patients and the risks of using the device, but the analysis should also consider relative benefits of using other devices.

The clinical evaluation report and the risk management report for the device should be based upon clinical evidence of the device for the intended use—including adverse events. For new devices that are evaluated based upon literature review of equivalent devices, Notified Bodies expect a Post-Market Clinical Follow-up (PMCF) study to be conducted in order to verify that the actual risk/benefit of the device is consistent with the conclusions of the clinical evaluation. In order to perform this analysis, a clinical expert is necessary to properly evaluate the risk/benefit ratio of the device, and to create a protocol for a PMCF study.

MEDDEV 2.12/2 rev 2, Post Market Clinical Follow-up Studies, indicates that the PMCF study protocol should indicate the study endpoints and the statistical considerations. In order to do this, your company will need to establish quantitative criteria for acceptability of the identified risks. Therefore, the existing 14971 Standard needs to be modified to clarify that risk acceptability criteria should be based upon clinical data, and evaluation of risks should be conducted at a later point in the risk management process (e.g., – as part of the overall risk/benefit analysis).

Impact of this Deviation

As your company becomes aware of the second deviation between the 14971 Standard and the Essential Requirements of the device directives, your risk management team will need to change the risk management process to clarify when risk acceptability should be evaluated, and the risk management policy should specify how acceptability should be determined.

The risk management process at your company will need to specify that implementation of risk controls is required for all risks—regardless of acceptability. You should also consider eliminating the evaluation of risk prior to implementation of risk controls. Instead, your company should base acceptability of risk solely upon the clinical risk/benefit analysis, and should involve the manufacturer’s medical officer in making this determination.

Finally, your risk management process should specify the need for PMCF studies in order to verify that actual clinical data supports the conclusion that the risk/benefit ratio is acceptable over the lifetime of the device.

Posted in: Risk Management

Leave a Comment (4) →
Page 1 of 2 12
Follow

Get every new post on this blog delivered to your Inbox.

Join other followers:

Simple Share Buttons
Simple Share Buttons