Note: this article is a summary of the original article published on the Let's Talk Risk! newsletter on Substack, a reader-supported publication. Read the full article here.

ISO 14971, the International Standard for application of risk management to medical devices, requires device manufacturers to identify and document qualitative and quantitative characteristics that could affect the safety of their medical device.

A common industry practice is to review the questions in Annex A, Identification of hazards and characteristics related to safety, in ISO/TR 24971, the guidance for application of ISO 14971. It is generally followed by simply documenting the outcome of this review as a check-the-box reaction to comply with the ISO 14971 requirements.

A missed opportunity, generally speaking, is connecting these safety characteristics and their operating limits with design inputs. ISO 13485 requires the outputs of risk management to be connected with design and development inputs (see Clause 7.3.3 in ISO 13485:2016). In practice, however, there is a lot of confusion about which specific outputs need to be used as inputs to the design and development. As a result, links between design controls and risk management tend to be missing or ambiguous at best.

Consider these best practices

1️⃣ Start with a reasonably clear and complete definition of the intended use

Sounds simple, yet this is one of the most frequently missed opportunity early in the design and development phase. However, your entire risk management activities need to be planned in the context of the intended use. Regulatory authorities will evaluate your clinical evidence for safety and effectiveness in the context of the intended use. That is why it is useful to spend some time early in developing a reasonably clear and complete statement of intended use.

The intended use statement also provides the framework to identify reasonably foreseeable misuse(s) associated with your device. This analysis can be done iteratively as you review the questions in Annex A for identification of characteristics related to safety. But everything needs to start with the intended use statement.

2️⃣ Review applicable questions in Annex A (or Annex H for IVDs) in ISO/TR 24971

Annex A and Annex H in ISO/TR 24971:2020 provide a list of questions that are useful for identifying hazards and characteristics related to safety. However, this list is not complete and not all questions may be applicable to your device in the context of its intended use. These questionnaires should be used only as a starting point.

It is also useful to clearly identify applicable limits, whether qualitative or quantitative for safe operation. The following figure illustrates an example of how each safety characteristic can be linked to an appropriate safe limit and associated hazard(s):

When using the Failure Modes and Effects Analysis (FMEA) technique, it is a good practice to add a column in the FMEA worksheet to indicate whether or not a certain failure mode affects a safety characteristic at the system level. As an example, if a failure mode of a backup battery results in insufficient (or no) energy delivery, enter “Y” in this column to indicate the safety impact. Adding this feature to your FMEA will help you track failure modes and risk controls associated with safety characteristic.

3️⃣ Consider all relevant sources of information, including publicly available databases and clinical literature

It is a common mistake in the industry to limit the time spent in gathering relevant information from publicly available sources during the early phase of design and development due to resource constraints and accelerated timelines.

Sometimes we make an assumption that because our device is so unique we are not going to find any relevant information in the public domain, such as FDA's MAUDE or TPLC databases. This is not correct. Even if your device is different in its functionality and operating mechanisms, there are potentially other devices operating within the broader scope of the intended use and clinical environment. As an example, you may find many relevant use-errors or misuse(s) that might be applicable to your device as well.

We also do not account for potential incompatibility issues with other devices that may need to be used with our medical device. As a result, we often miss a lot of safety related characteristics that should be assessed for potential risk control measures through design, protective measures, and/or information for safety.

A review of publicly available data sources and clinical literature helps to build awareness of potential malfunctions, use-errors and resulting patient harm under similar clinical use as your device. This knowledge is important for you to develop a more complete and robust list of safety characteristics and associated hazards

4️⃣ Improve signal detection during post-market surveillance and create a closed-loop connection back to design controls

It is important to appreciate that identification of safety characteristics and associated hazards is not a one-time activity. It must continue during the post-market surveillance phase of the device lifecycle.

Sub-clause 10.3 of ISO 14971 requires manufacturers to review relevant production and post-production information to identify previously unrecognized hazards or hazardous situation. A key step in this process is to carefully review reported malfunctions, use-errors, and other misuses that might highlight expose device characteristics not currently recognized as linked to safety.

A common industry practice is to passively monitor complaints data using tend analysis. Trend analysis, bar charts, pareto analysis etc. are more suitable for high-level descriptive analytics but not as much for predictive or more sensitive signal detection purposes. Even a single incident can point to a new safety characteristic linked to a new or currently known hazard and hazardous situation.

Knowledge gained through post-market surveillance activities should be fed into the design and development process as part of a closed-loop feedback system. A good practice is to review all available post-market surveillance data on a similar device, including from external sources, during the concept phase of a new device under development. This is a good way to ensure that we do not miss any relevant safety characteristic and associated hazard(s) for the new device under development. A good way to achieve this is by creating a dedicated cross-functional team which includes subject matter experts from R&D and related engineering functions.

In summary

At first glance, the requirement to identify characteristics related to safety in Clause 5.3 of ISO 14971 appears simple and straightforward.

However, it proves to be quite difficult in practice to do it right and connect it appropriately with design controls. Safety characteristics and any qualitative or quantitative operating limits associated with them should be considered as design inputs. Ideally, you should establish a direct link between these safety characteristics and design inputs to ensure traceability with design outputs. This link between safety characteristics and design controls is often missed in practice.

It is useful to review all relevant sources of information, including publicly available databases, such as FDA’s MAUDE and TPLCE databases, and clinical literature. This information is useful to increase awareness of potential malfunctions, use-errors, misuses and related harms to inform the risk identification process.

Finally, it is important to appreciate that this exercise is not a one-time activity. It must continue throughout the design and development process, and subsequently during the post-market phase.

Read the full article to learn more.

References

1. ISO 14971:2019 - Medical devices - Application of risk management to medical devices

2. ISO/TR 24971: 2020 - Medical devices - Guidance on the application of ISO 14971

3. Let's Talk Risk! on Substack