Slides from the meeting
Transcription
Slides from the meeting
Introduction to Risk Management EN ISO 14971:2012 Medical Devices: Application of Risk Management to Medical Devices 16 March 2015 Terri Kurtz TLK Consulting tkurtz@tlkconsulting.com Agenda • • • • • • • • • • • Introduction Scope Key terms and definitions General requirements for risk management Risk analysis Risk evaluation Risk control Evaluation of overall residual risk acceptability Risk management report Production and post-production information Additional thoughts Related International Standards EN 62366, Medical devices — Application of usability engineering to medical devices EN 10993 (all parts), Biological evaluation of medical devices IEC 60601-1, Medical electrical equipment — Part 1: General requirements for basic safety and essential performance IEC 62304, Medical device software — Software life cycle processes TIP: Recommend review of ISO/TR 24971, Medical devices Guidance on the application of ISO 14971 Goals of this presentation • What is required by EN ISO 14971:2012? • Why should you care about risk management? • How can risk management help produce better medical devices? EN ISO 14971 Introduction • What is risk management? – Determine how a medical device may fail • Design, user, process, environment – Estimate the probabilities and risks associate with a failure – Implement mitigations to eliminate or reduce the risk – Evaluate overall residual risk – Continually evaluate risk assumptions against product performance Scope of EN ISO 14971 • Provides a process to identify hazards of medical devices (including IVD medical devices) • Applicable to all stages in the life-cycle • Does not specify acceptable risk levels 2012 Annex ZA • Informative annex detailing the relationship between ISO 14971:2007 and the EU Directive 93/42/EEC (MDD) • Notified Bodies Recommendation Group (NBRG) published a draft consensus paper in June 2014 with further interpretation of the 2012 Annex NOTE: This is listed as Informative, but because it points out differences to the Essential Requirements is enforceable by Notified Bodies to ensure Essential Requirements are met. Key terms and definitions • 2.2 harm – physical injury or damage to the health of people, or damage to property or the environment • 2.3 hazard – potential source of harm • 2.4 hazardous situation – circumstance in which people, property, or the environment are exposed to one or more hazard(s) • 2.16 risk – combination of the probability of occurrence of harm and the severity of that harm Pictorial representation of the relationship of hazard, sequence of events, hazardous situation and harm From EN ISO 14971, Annex E General Requirements – Process From EN ISO 14971 General Requirements • Management responsibilities – Resources, qualified personnel, criteria for risk acceptability, review of the process • Qualification of personnel – Knowledge and experience General Requirements - Risk Management Plan • • • • • • Scope of activities for life-cycle phases Responsibilities Review requirements Risk acceptability criteria Verification activities Collection and review of production & postproduction information NOTE: The Risk Management Plan may be a separate document or integrated within other documentation (QMS) General Requirements - Risk Management File • RM File to provide traceability for each identified hazard to; – – – – Risk analysis Risk evaluation Implementation & verification of risk control Assessment of residual risk • Standard identifies what is required to be in the RM file NOTE: The Risk Management File may be any type of medium and may reference the location of documentation. Risk Management Process Risk analysis – systematic use of available information to identify hazards and to estimate the risk Risk evaluation – process of comparing the estimated risk against given risk criteria to determine the acceptability of the risk Risk assessment - Overall process comprising a risk analysis and a risk evaluation Risk control – process in which decisions are made and measures implemented by which risks are reduced to, or maintained within, specified levels Residual risk – risk remaining after risk control measures have been taken Risk management report – documented review of the risk management process Post-production – part of the life-cycle of the product after the design has been completed and the medical device has been manufactured Intended use and identification of characteristics related to the safety of the medical device – Document intended use and reasonably foreseeable misuse – Annex C questions that serve as a guide – Questions help you define and evaluate characteristics of the device that may affect safety TIP– overlap of Annex C and EN 62366 Application Specification may allow integrating the two process Identification of hazards – Compile a list of known and foreseeable hazards associated with the device – Consider hazards in both normal and fault conditions • Normal – device is performing as intended (normally) and the user or environment causes the hazard • Fault – the device faults resulting in the hazard – Determine how hazards could progress to hazardous situations 2012 Annex ZA – all risks must be taken into account (negligible risks may not be discarded) Identification of Hazards From EN ISO 14971, Annex E Risk Estimation – Identify reasonably foreseeable sequences or combinations of events that can result in a hazardous situation – Estimate the risk of each hazardous situation • Probability of occurrence & the consequences • Risk estimation can be quantitative or qualitative Foreseeable sequence of events From EN ISO 14971, Annex E Hazard – Harm Relationship From EN ISO 14971, Annex E Techniques - PHA • Preliminary Hazard Analysis (PHA) – may be used early in the development process – Top-down analysis – Start with hazards, determine hazardous situations / event which could cause harm – Assign probability that the hazardous situation occurs and the severity of the resulting harm Hazard Sequence of events Hazardous Situation P Harm S List potential sources of harm What would have to happen to create the hazard? What situation results from the events? Probability this occurs What is Severity the injury of harm or damage Techniques - FTA • Fault Tree Analysis (FTA) is used early in the development process to identify and prioritize hazards and hazardous situations – Identify a failure or hazard – Identify all possible ways to create the hazard Techniques - FMEA • Failure Mode and Effects Analysis (FMEA) is used as the design matures to evaluate effects of the design and/or individual components (DFMEA), processes (PFMEA) or procedural steps (AFMEA) systematically – – – – – – – Brainstorm failure modes for each function List effects of the failure (device, patient, user, environment) List causes of the failure Assign severity, occurrence (and detection) ratings Calculate the risk index (RPN, other scale of S vs. probability) Determine risk controls Calculate residual risk Function Failure Mode Effect(s) S Cause(s) O Controls Initial Risk Index Additional controls Verification of effectiveness Residual Risk Index Ability to remove catheter from patient Tip detaches Tip migration in vessel 4 Material selection, bond design, component tolerances 2 Use of materials with history Med End of catheter is formed, no detachable part Tensile testing, simulated use, animal study Low Risk Management Process Risk analysis – systematic use of available information to identify hazards and to estimate the risk Risk evaluation – process of comparing the estimated risk against given risk criteria to determine the acceptability of the risk Risk assessment - Overall process comprising a risk analysis and a risk evaluation Risk control – process in which decisions are made and measures implemented by which risks are reduced to, or maintained within, specified levels Residual risk – risk remaining after risk control measures have been taken Risk management report – documented review of the risk management process Post-production – part of the life-cycle of the product after the design has been completed and the medical device has been manufactured Risk Evaluation • 2007 standard - Based on the criteria defined in the Risk Management Plan, determine if risk reduction is required, reduce risk As Low As Reasonably Possible • 2012 Addendum (Annex ZA) – all risks must be reduced as far as possible without economic consideration • 2014 DRAFT NBRG Guidance – If death or serious deterioration of health is unlikely to occur, risk shall be considered acceptable. If likely, use risk control measures from harmonized standards, other standards, or implement other risk reduction means 2014 guidance - Safety must not be traded against business perspectives Risk Management Process Risk analysis – systematic use of available information to identify hazards and to estimate the risk Risk evaluation – process of comparing the estimated risk against given risk criteria to determine the acceptability of the risk Risk assessment - Overall process comprising a risk analysis and a risk evaluation Risk control – process in which decisions are made and measures implemented by which risks are reduced to, or maintained within, specified levels Residual risk – risk remaining after risk control measures have been taken Risk management report – documented review of the risk management process Post-production – part of the life-cycle of the product after the design has been completed and the medical device has been manufactured Risk Control • Risk control option analysis (in order of priority) – Inherent safety by design • Eliminating a hazard • Reducing the probability or severity of harm – Protective measures (design / process) • Use of alarms / alerts • Using automatic cut-off or safety valves – Information for safety • Warnings • Restrict the use • Provide training Risk Control – Annex • Use of ‘one or more’ risk control options vs. use of ‘cumulative’ risk control options – 2012 Annex ZA – manufacturer must apply all control options unless adding another does not improve safety – 2014 NBRG Draft Guidance – all risk control options shall be considered and implemented, in priority order, and risk reduced to an acceptable level. If risk is acceptable, further risk reduction may be justified. Risk Control – Information for Safety • 2012 Annex ZA – manufacturers shall not attribute additional risk reduction to the information given to the users • 2014 NBRG Draft Guidance – Information for safety may be considered a risk control measure. Effects of risk reduction are to be documented. The probability of harm may not be reduced as a result of disclosing residual risk. NOTE: Consider demonstrating information for safety is an effective control to strengthen it as a control (e.g., usability validation.) Risk Control - Implementation • Verify implementation of each risk control measure – Is the control in the final design? • Verify the effectiveness of each risk control measure – Does the control actually reduce the risk? – Validation study NOTE: Auditors expect to see two different verifications (e.g., implementation = design output, effectiveness = validation). Risk Control - Residual risk evaluation • Residual risk is evaluated against the criteria in the Risk Management Plan – Not acceptable – add risk control measures or perform a risk/benefit analysis – Acceptable – determine which residual risks to disclose in the accompanying documents (e.g., labeling) • This is done so the user can make informed decisions, but is at the discretion of the manufacturer Risk Control - Risk/Benefit analysis • Risk/Benefit of individual risks – Document analysis of weighing the benefit of the device against the individual residual risk(s) • Benefits come from – – – – Literature Comparison to other devices Unmet patient needs Etc. Risk Control – Risks from risk control & Completeness of risk control • Risks from Risk Control Measures – When risk control measures are implemented, evaluate each to determine if new hazards or hazardous situations introduced NOTE: – . Auditors may expect to see documented evidence this was considered. • Completeness of Risk Control – Ensure all identified hazards have been evaluated Risk Management Process Risk analysis – systematic use of available information to identify hazards and to estimate the risk Risk evaluation – process of comparing the estimated risk against given risk criteria to determine the acceptability of the risk Risk assessment - Overall process comprising a risk analysis and a risk evaluation Risk control – process in which decisions are made and measures implemented by which risks are reduced to, or maintained within, specified levels Residual risk – risk remaining after risk control measures have been taken Risk management report – documented review of the risk management process Post-production – part of the life-cycle of the product after the design has been completed and the medical device has been manufactured Evaluation of overall residual risk acceptability • After all risk control measures are implemented and verified, the manufacturer shall decide if the overall residual risk is acceptable per Risk Management Plan criteria – Determine information to include in accompanying documents to disclose residual risk NOTE: Auditors may expect to see documented evidence this was considered, criteria . Overall Risk/Benefit Analysis • Requirement of 2012 Annex ZA – 2007 implied that if individual and overall risks were ‘acceptable’ a risk/benefit analysis was not needed – Annex ZA and draft NBRG guidance state Risk Management Process Risk analysis – systematic use of available information to identify hazards and to estimate the risk Risk evaluation – process of comparing the estimated risk against given risk criteria to determine the acceptability of the risk Risk assessment - Overall process comprising a risk analysis and a risk evaluation Risk control – process in which decisions are made and measures implemented by which risks are reduced to, or maintained within, specified levels Residual risk – risk remaining after risk control measures have been taken Risk management report – documented review of the risk management process Post-production – part of the life-cycle of the product after the design has been completed and the medical device has been manufactured Risk Management Report • Prior to commercial release, the RM Report is created to ensure – The Risk Management plan has been appropriately implemented – The overall residual risk is acceptable – Methods are in place for production / postproduction information Risk Management Process Risk analysis – systematic use of available information to identify hazards and to estimate the risk Risk evaluation – process of comparing the estimated risk against given risk criteria to determine the acceptability of the risk Risk assessment - Overall process comprising a risk analysis and a risk evaluation Risk control – process in which decisions are made and measures implemented by which risks are reduced to, or maintained within, specified levels Residual risk – risk remaining after risk control measures have been taken Risk management report – documented review of the risk management process Post-production – part of the life-cycle of the product after the design has been completed and the medical device has been manufactured Production and post-production information • Goal is to collect information after launch and update risk management file – To confirm or correct initial assumptions • Device use • Occurrences (over- and under-estimates) – Identify omissions • Additional risks • Information from manufacturing, R&D, customer, sales, competitor, new / revised standards • Affects risk analysis, risk evaluation, risk control, residual risk, risk / benefit analysis Additional thoughts • The standard outlines a process • Determine how to do this based on complexity of your medical devices • Consider maintenance of risk management files during system development • Risk management should be started early and used to make decisions throughout the product life-cycle