Speaking to participants at Medical Device Summits “Risk Management throughout the Product Life Cycle” conference last week, Havel described that risk management is the glue in between. “Earlier industry professionals just considered risk management as a lot of paperwork, and the amount of dust accumulated on this was evidence of how often these were updated and managed. But now risk management is finally accepted as a continuing process of improvement.”

New standards now require explicit risk management for biocompatibility, environmental control, usability, electromagnetic compatibility, electrical safety etc. So we have all these risks, but how do we identify these? We need to set up different risk management activities at different times in such a manner that the most relevant and urgent risks are identified, and that’s not very easy, Havel says. “Once you have the risks identified, then we need to evaluate these – are these risks acceptable or no? Then we need to build in mitigation – which sometimes in itself, may introduce a new risk. At the end of the process, you will end up with ‘acceptable’ risk, which management helps define.”

Risk severity and probability

All aspects of risk management including human factors, clinical, biological, hardware and software risks… considered for safe design, explained Havel. Citing an example about how risk analysis and management needs to consider both severity and probability of risk occurring, he posed a question to the audience:

If an infusion pump over-infuses, then that pump has a high risk factor. But what if there’s an alarm that would warn about such an over-infusion? In such a case, the over infusion wouldn’t stop, but the alarm would warn the patient or caregiver about this. So is risk changing in such a situation? Will this alarm help in lowering either probably or severity of harm occurring to the patient?

Medical device makers face questions like these when designing their devices. (According to me), the risk is unchanged, because the issue is still there, and the device can still fail. But the alarm works, and because of this, someone can hear the alarm and attend to the device (and the over-infusion), because too much harm is done. So probability of the risk is lowered.

Single fault condition

One of the requirements is that the medical device shall cause no safety hazard in normal condition and in single fault condition. Thus medical equipment has to be designed and manufactured so there are no unacceptable risks after single fault is applied. According to Havel, the single fault condition recipe cookbook should consider the following:

1. First random hardware failure can occur at any time
2. The first failure shall not cause a hazard
3. If the first failure is because of the operator, the device will no longer be use and will be fixed (end of procedure)
4. If the first failure cannot be detected, then after some time, a second failure has to be assumed
5. Outcome of the combination of the first and the second failure

End of procedure. In the coming weeks, we will continue to cover presentations from this Risk Management conference. Stay tuned.