The ACHIEVE Blog

Insights on risk management topics and tips and techniques for implementation.

Confused about defining a hazardous situation? You are not alone!

fmea hazard hazard analyis hazardous situation iso 14971 Jan 30, 2023
 

There is a lot of confusion in the medical device industry about the term hazardous situation. It is a common practice in the industry to equate failure modes to hazardous situations, but that is generally not correct. 

One consequence of this confusion is that individual risks in the context of ISO 14971 are not correctly analyzed.

ISO 14971 defines it simply as "circumstances in which people, property or the environment is/are exposed to one or more hazards ".

But what does that mean?

It is not that this definition is incorrect. The problem is that this definition is not sufficiently precise to be useful in practice. As a result, many mistakes are made during risk analysis when hazardous situations, and related potential harms, are not correctly identified. 

What exactly is a circumstance? How do we interpret it in the context of ISO 14971?

Merriam-Webster dictionary defines the term circumstance as: 

  1. A condition, fact, or event accompanying, conditioning, or determining another
  2. The sum of essential and environmental factors (as of an event or situation)
  3. State of affairs
  4. An event that constitutes a detail (as of a narrative or course of events)

In other words, a hazardous situation could be an event, or a condition created by a set of events, which may include a combination of factors.

A key point to note in the ISO 14971 definition is that there is exposure to one or more hazards in a hazardous situation.

In other words, if there is no exposure to one or more hazards, then there is no hazardous situation.

As an example, there might be a live, exposed wire carrying electricity at high voltage. But unless someone touches it and gets electrocuted, there is no hazardous situation

This example highlights why the concept of a hazardous situation is so confusing to clearly understand in the context of ISO 14971. 

Why does it matter, you ask?!

A practical consequence of this confusion is that failure modes in an FMEA are generally considered to be the same as a hazardous situation. 

A failure mode is the manner in which a medical device may fail to meet its intended functionality requirement. There may be one or more causes associated with a single failure mode, but each failure mode is one specific way in which a device can fail to meet requirements.

In the example above, a live wire carrying electricity may have its insulation damaged due to one or more causes. In this situation, the wire is failing to meet the requirement that it must be insulated to prevent an electrical shock, or other consequences such as an electrical fire. 

Common sense suggests that this situation should be considered hazardous. However, unless a person touches this exposed wire, which results in electrocution, this is not a hazardous situation. It is probably one step closer to being a hazardous situation, but not quite. 

That is why, if you consider a failure mode (in this case insulation damage leading to an exposed wire) as a hazardous situation, you would incorrectly equate the probability of occurrence of a failure mode to the probability of occurrence of a hazardous situation (P1). The end result is that your risk estimation will be inaccurate. 

Here are a few other examples of hazardous situations and common mistakes

Here are 3 different examples of a hazardous situation. Note that in case, we must identify the applicable hazard, and how exposure to this hazard could occur before we can say a hazardous situation has occurred. 

 As discussed above, it is not uncommon to find that many people in the industry incorrectly equate the  a failure modes to hazardous situation(s). This is not necessarily correct in many situations. For example:

Failure of a glucose monitor to trigger a high value alarm is not a hazardous situation

A continuous glucose monitor (CGM) may fail to trigger an alarm when a high blood glucose reading is detected. There may be more than one cause for this failure, but this is only a trigger event. It may lead to a hazardous situation, through a sequence of events where a patient actually experiences a high blood glucose level. But until then, there is no hazardous situation. 

A false negative result from a rapid COVID-19 test due to expired reagents is not a hazardous situation

A false negative result is only a trigger event, which may lead to subsequent events where the patient is not given correct treatment in a timely manner. Generally, we will identify this type of a failure mode, and potential causes, in an FMEA, which will allow us to estimate the probability of occurrence of a false negative and identify potential controls to mitigate its effect. However, this should not be considered as a hazardous situation unless we identify "delay in treatment" as a hazard. 

Cybersecurity vulnerability in a networked medical device due to poor access control is not a hazardous situation

In this case, there is a latent vulnerability in the system, which has not been exploited yet. As a result, there is no exposure to any hazard. It will be a good practice to identify such vulnerabilities in an FMEA or a cybersecurity risk analysis tool to identify and implement appropriate control measures. However, this should not be treated as a hazardous situation unless the full sequence of events has been developed and applicable hazards identified to which a user or a patient is exposed.   

So, how do you identify the real hazardous situations?

Identification and analysis of hazards, hazardous situations and applicable harm is done using hazard analysis. This analysis involves starting with a trigger event (or an initiating event) and building a sequence of events leading up to an exposure to one or more hazards. Keep in mind that the initiating event may not always be a device malfunction.

As an example, if there is a failure to trigger a high value alarm from a continuous glucose monitor, the sequence of event may include the patient not taking a preventive action, or an insulin pump failing to deliver the required amount of insulin. As a result, the patient is now exposed to a high glucose level, a condition known as hyperglycemia. 

Watch the brief video above for a few examples. Other examples of different types of hazards that may be applicable for your medical device are provided in Annex C of ISO 14971:2019. 

Conclusions

  1. A simple definition of the term hazardous situation as "circumstances in which people, property or the environment is/are exposed to one or more harms " is not sufficiently precise for application in practice.
  2. Failure modes are not hazardous situations and their effects are not necessarily hazards.
  3. We need to identify a trigger event and outline a potential sequence of events that may eventually lead to a hazardous situation. A hazard analysis is more suitable for this purpose.
  4. Using FMEA for the purpose of identifying hazards, sequence of events and hazardous situations is not effective.
  5. Examples of different types of hazards are provided in Annex C of ISO 14971:2019.

Learn more about this topic in this Hazard Analysis Made Easy webinar!

Click below to sign up!

 

 

LET'S TALK RISK! NEWSLETTER

Say yes to receiving a practical risk management tip each week!

 

You're safe with me. I'll never spam you or sell your contact info.