Establishing risk acceptability is a fundamental yet complex part of risk management, throughout the product lifecycle. With a variety of factors involved in the process, medical device companies face the coordination of differing perspectives REGISTER for the Risk Acceptability and Lifecycle Risk Management conference | In-person or virtual attendanceon risk and balancing the use of the right tools and systems. During next week’s MedTech Intelligence conference, “Risk Acceptability and Life Cycle Risk Management”, industry experts will be tackling complicated issues, including the state of risk management itself, patient, engineering and clinical perspectives, premarket and postmarket risk assessment, human factors, and corporate liability. Jon Speer, founder and vice president of QA/RA at greenlight.guru, recently sat down with MedTech Intelligence to share a preview of some of the topics that will be discussed at the event.
MedTech Intelligence: When defining risk acceptability, where should a company start?
Jon Speer: This may seem obvious, but when defining risk acceptability a company needs to start by understanding the intended use of the product, and how the end user and patient are going to interface with that product. Another key part involves understanding what the other products, technologies or methods by which this particular clinical issue is currently being addressed in the marketplace.
Risk acceptability is two factors: If you look at ISO 14971, it defines risk as the combination of the probability of occurrence of harm and the severity of that harm. So in order to understand how risk acceptability works, you need to understand what are the possible harms that could result from using a particular device or technology, and how big of an issue it is. Is it a commodity device in which millions are used per year? Or, is it a niche product that has a much smaller market size?
MTI: What are the common mistakes that device companies make when approaching premarket risk assessment?
Speer: The biggest mistake I see medical device companies make with premarket risk assessment is that it comes down to the application and understanding of ISO 14971. I can trace this back to the late ‘90s with the design controls regulation. Risk is a concept that has evolved over time. Back in the early days of my career, I, like many people, used a tool called FMEA [failure modes and effects analysis]. FMEA is an ‘okay’ tool, but it has a very specific intent or purpose. FMEA looks at something that happens when [a device] fails or breaks, or [an issue] that won’t go away—it’s a single failure sort of thing.
ISO 14971 looks at risk management. It’s not just about failure—it looks at hazards and hazardous situations that can occur. The key thing here is that you could use a product exactly as it’s intended and exactly according to its instructions for use and labeling, and there will still be hazards and hazardous situations. That’s a key difference. FMEA looks at what happens when something goes wrong, and ISO 14971 looks at the entire picture—when things are done exactly the way they are intended as well as when things go wrong. Even today, the mistake that companies make is in using FMEA-only approaches to capture risk management in detail.
MTI: Are there tools that companies should be using but are not when it comes to risk management?
Speer: ISO 14971 as far as standards go, is pretty good. It’s not so prescriptive of a standard to force you into a “you must do it this way and following this step” [approach]. ISO 14971 lays out a workflow and identifies some basic process steps. My recommendation would be to understand that standard and then adapt your internal processes, procedures and tools sets that you’re using to align with that.
Identifying hazards, determining foreseeable events or a sequence of events that could lead to a hazardous situation, and determining possible harm that could result—just following that basic workflow is key. There are a lot of different names for it, and sometimes the name gets in the way. Just make sure your process and the tools that you’re using align with ISO 14971.