Skip to : [Content] [Navigation]
 

European Medical Device Manufacturer

Print Supplements

 
 
Email article link Print article

Industry News

Risk Analysis: A Never-Ending Part of Risk Management

Jeanette Marchant

Risk analysis is an integral part of the CE-marking process. The medical device directives state that devices must present "no undue risks" and ensure reasonable safety. Manufacturers are required to demonstrate that any residual risk is acceptable and to have a systematic risk-reduction protocol in place. Practical advice on how to negotiate the minefield of risk analysis was provided to delegates at the IBC Conference on Risk Analysis and Management for Medical Devices in Europe, held in Brussels on 17 February.

Fundamental to risk analysis is the identification of potential hazards and an assessment of the level of risk they pose. While standards such as EN 1441 provide a broad framework for risk assessment, their general terminology makes them difficult to apply directly to individual projects. The standards "provide no factual markers to tell designers they have fulfilled their obligations," Patrick Campbell of Team Consulting Ltd. (Barkway, Herts, UK) said at the conference. Nevertheless, there are several techniques and models that can be employed to establish a target risk level.

Dario Pirovano, consulting director at MTC-Quintiles (Brussels), detailed a stepwise approach based on questions that will need to be addressed. Companies should begin by identifying the device to be assessed and enumerating its characteristics, such as who will use it, the type of procedure in which it will be used, the length of time it will remain in the body, and its material composition.

The next step involves the identification of possible hazards. Energy-related risks (radiation, for example); biological hazards; and potential risks stemming from such factors as inadequate labelling, functional failure, maintenance, and device aging are among the hazards to consider. Companies should then try to estimate the risk for each hazard and decide whether it is acceptable.

Pirovano stressed that the onus of carrying out risk analysis falls on the manufacturer--consultants can provide guidance but they cannot actually do a company's risk analysis. Assessing the level of potential risk is a subjective exercise, but tools are available to assist manufacturers in arriving at realistic answers. IEC 513 provides a useful matrix that matches the probability of risk, from frequent to unbelievable, with the level of risk, from catastrophic to negligible. Pirovano advised companies to "err on the most critical side," suggesting that once the probability and level of risk have been estimated, a company propose solutions and describe methods that would reduce the risks.

Finding Fault

Common tools used in the risk analysis process are the failure mode and effects analysis (FMEA)/ FME and criticality analysis (FMECA), which is a bottom-up approach starting at the component level, and the fault tree analysis (FTA), a top-down method. Campbell said that FMEA might typically involve 90-minute sessions in which up to three components or operations are assessed by four colleagues, especially nonproject members, since the process must be negatively challenging. Approaching from the other direction, FTA traces the hazard down through all levels to identify the basic failure event.

In a debate on the definition of foreseeable misuse, it was suggested that pilot user groups be established to review instances where a device could be used for indications other than those for which it was intended. While not condoning misuse, Rob Lally, head of medical sector certification at the UK notified body BSI (Milton Keynes), said that risk analysis must allow for the fact that problems could occur in the field through misuse. As a precautionary measure, he advocated the use of symbols--such as "Do not reuse" for single-use devices--on labelling.

Tight management control of the design process is essential if product safety is to be ensured, according to Campbell, and adherence to ISO 9001 will provide the necessary framework. The product design specification should consider promotional material: if product safety claims are to be made, they must be known from the outset. Campbell recommended setting up formal design reviews and maintaining records of the rationale for design decisions. "Fixed sign-off stages ensure that product safety is kept at the forefront of the design process," he said.

"An increasingly adopted approach to product design is concurrent engineering, in which the design and manufacture of a product are considered simultaneously and not sequentially," said Campbell. By increasing input at the design stage when costs are low, risks can be eliminated or reduced before the manufacturing process begins. Concurrent engineering has the additional benefit of reducing time to market by getting it right the first time.

Guidant/CPI's Strategy

One company's approach to safety assessment was described by Lillian Roman, supervisor for reliability assurance at Guidant's CPI division (Minneapolis, MN, USA) for its cardiac rhythm management devices.

CPI has a dedicated team devoted to new projects and sets milestones that must be reached before proceeding with the next development stage. Included in the team are representatives from all applicable areas, ranging from hardware design to embedded software. Marketing staff provide considerable input at an early stage in defining what they need. In assessing the new device's intended use, clinical aspects, design constraints, and field performance of similar devices are among the factors that are taken into account.

CPI's safety assessment model is based on an iterative process in which the results of FMECA, FTA, and other analyses are linked. Open communication lines are crucial, stressed Roman, particularly when as many as 90 designers may be working on a project. The system requirements are constantly modified as a consequence of analysis and verification, and design reviews are a continuous process. Underlining management's responsibility for product safety is the corporate product safety and efficacy review committee, which includes directors and vice presidents.

Having evaluated the potential hazards throughout the life phases of the device, the team prioritizes them. It is essential to document all analyses so they can be linked back to the system process requirements, noted Roman.

Keys to a successful safety assessment, she summarized, are to begin the process in the early design stages, to show commitment from the top down, to encourage a team effort, to provide training that will get teams thinking along the right lines, and to analyze--not simply document--every hazard.

An Antidote to Testing Escalation

Reviewing biological evaluation of devices, Wolfgang G.K. Müller-Lierheim, president of the German notified body mdc GmbH and testing agency mdt GmbH (Memmingen), noted that "most companies do too much testing" and advocated the use of existing information where possible. Guidance is available in ISO 10993 and EN 1441, and from US FDA's Office of Device Evaluation. When referring to prior-use information, companies should note that "previous use of an ingredient or material does not necessarily ensure its suitability in similar applications." Müller-Lierheim pointed out that risks of sensitization, genotoxicity, carcinogenicity, and reproductive toxicity cannot be excluded solely on the basis of data from clinical investigations or human-use history. Depending on the individual case, additional testing may be required.

Risk analysis must be seen as part of the total risk management procedure, emphasized Peter Styles of Oxford Instruments (High Wycombe, Bucks, UK). While EN 1441 provides details of risk analysis, it is "very light" on other elements of the risk management process, said Styles, who is the UK delegate to the ISO/IEC joint working group on risk management applied to medical devices. The group will soon release a draft document (RM N27), which companies were advised to obtain since "it gives a much better picture of the entire risk management process."

This draft standard, which is expected to replace EN 1441, states that "a manufacturer's management shall define its policy to determine acceptable risk" and requires management to review risks at intervals. "Light has finally dawned on the European Commission that we should be dealing with risk management, not just risk analysis," said Styles.

Styles underlined the need for companies to produce and maintain thorough documentation. "Before a risk analysis can be conducted, there should be a documented management plan to be followed." While neither the Medical Devices Directive nor EN 1441 specifies the format required, companies can usually adapt their existing documentation. Analytical tools such as FMEA, which have been used to estimate risk, should all be recorded.

The amount of documentation will generally depend on the type of device. BSI's Lally noted that risk analysis can sometimes be a simple process, and for a Class I device a 10-page document would not be unusual. However, 10 pages for a high-risk device would be seriously questioned by a notified body, whose level of scrutiny of product design will be commensurate with the perceived risk of a device. Manufacturers' efforts in risk analysis are never wasted, Lally commented, since standards usually follow technology. "Companies at the leading edge of technology are generally pushing the bounds of standards."

"Risk analysis doesn't stop at production," said Styles. New information obtained during postmarketing vigilance regarding a new hazard or risk must be assessed and recorded in the risk management file. Risk analysis and management is thus an ongoing process throughout a device's lifetime. While more effort in identifying potential risks at an early stage of the device design process may prevent problems from occurring at a later stage, there is, in fact, no hiatus in a company's responsibility to ensure product safety.