The Cove Business Standards Discussion Forums
Risk Assessment according to ISO 14971 - Medical Device Software
UL - Underwriters Laboratories - Health Sciences
Risk Assessment according to ISO 14971 - Medical Device Software
Risk Assessment according to ISO 14971 - Medical Device Software
Risk Assessment according to ISO 14971 - Medical Device Software
Risk Assessment according to ISO 14971 - Medical Device Software
Risk Assessment according to ISO 14971 - Medical Device Software
Risk Assessment according to ISO 14971 - Medical Device Software
Risk Assessment according to ISO 14971 - Medical Device Software
Risk Assessment according to ISO 14971 - Medical Device Software
Risk Assessment according to ISO 14971 - Medical Device Software
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > > >
Forum Username

Elsmar Cove Forum Visitor Notice(s)

Wooden Line

Risk Assessment according to ISO 14971 - Medical Device Software


Monitor the Elsmar Forum
Sponsor Links




Courtesy Quick Links


Links Elsmar Cove visitors will find useful in the quest for knowledge and support:

Jennifer Kirley's
Conway Business Services


Howard's
International Quality Services


Marcelo Antunes'
SQR Consulting, and
Medical Devices Expert Forum


Bob Doering
Bob Doering's Blogs and,
Correct SPC - Precision Machining


Ajit Basrur
Claritas Consulting, LLC



International Standards Bodies - World Wide Standards Bodies

AIAG - Automotive Industry Action Group

ASQ - American Society for Quality

International Organization for Standardization - ISO Standards and Information

NIST's Engineering Statistics Handbook

IRCA - International Register of Certified Auditors

SAE - Society of Automotive Engineers

Quality Digest

IEST - Institute of Environmental Sciences and Technology


Some Related Topic Tags
medical device software, iso 14971 - medical device risk management, software (general topics)
Reply
 
Thread Tools Search this Thread Rate Thread Content Display Modes
  Post Number #1  
Old 14th June 2008, 10:46 AM
20110517dpr

 
 
Total Posts: 3
Please Help! Risk Assessment according to ISO 14971 - Medical Device Software

Hello Everybody

I have some questions related to risk assessment for software used in medical devices and would be glad to get advices from experts.

Let's assume that I have a physiological monitoring device, driven by firmware and software components. A possible hazard for that the device is not showing correct values, due e.g. to a software bug. This bug may occur in some rare pathological cases, assume 1 people out of 10,000.

The likelihood that the hazard "incorrect values shown" becomes a hazard situation is hence 1/10,000.

Now the probability that this hazard situation becomes a harm might be quite different. For instance, the software can fail to display correct result as soon as this pathological case occurs. Should the medical decision relies exclusively on the results shown, it would lead to a probability of harm of 1.

My understanding of ISO 14971 is that we should consider the likelihood that a hazard situation becomes a harm; and not the whole chain. In the first case, the probability that the harm occurs is 1 (if it happens that the patient has the pathological case); in the second case it is 1/10,000. Which is a hell of difference!

Am I right, or am I missing something?

Furthermore, the probability that the hazard situation becomes a harm might depend on the country where the device is operated. For instance, in some countries, where the users are highly trained, they shall not trust the results, hence lowering the likelihood. In some other countries, the likelihood shall be much higher.

I understand that I have to take the entire clientèle into account; that is if I have different likelihood depending on the device location; I should take the highest one for the risk assessment (that would make sense). Is my understanding correct? Or is it really meant that I should take care of the ratio of device this country has (e.g. if only 10% my devices are in that country, then I should multiply the likelihood of harm by 0.1) ? The latter seems suspicious to me.

Any advices would be greatly appreciated!

Thanks in advance,
/lew

Sponsored Links
  Post Number #2  
Old 15th June 2008, 01:37 AM
somashekar's Avatar
somashekar

 
 
Total Posts: 5,356
Re: Risk assement accordingly to ISO 14971

<<< I understand that I have to take the entire clientèle into account; that is if I have different likelihood depending on the device location; I should take the highest one for the risk assessment (that would make sense). Is my understanding correct? Or is it really meant that I should take care of the ratio of device this country has (e.g. if only 10% my devices are in that country, then I should multiply the likelihood of harm by 0.1) ? The latter seems suspicious to me. >>>

Too lenghty, but I guess you prefer not to share the exact cause and effects. However keeping in mind the human behaviours irrespective of the country and going about the Risk assessment is ideal. Please also note that the Risk assessment document is dynamic and can always be improved as a response to situations. Going further the control measure in your case may be a user communication appropriately, thus ensuring a closed loop.
Good luck ....
Thanks to somashekar for your informative Post and/or Attachment!
  Post Number #3  
Old 20th June 2008, 09:15 AM
danpa

 
 
Total Posts: 47
Re: Risk Assessment according to ISO 14971 - Medical Device Software

Lewis,
While I am not an expert on risk mgmt, my opinion is that alot depends on how you structure your risk management study. I prefer to look at software as part of the overall system, and it is the system that we do risk management on (Software alone generally can not cause the harm, it must be part of a system with physical interfaces to cause harm).
As such, I would look at the probability of the system causing the harm and not assume "1" as the probability.
As a side note, I am always suspect of hard quantitative numbers like 1/10,000 when conducting risk management for software. I prefer qualitative terms such as Frequent, Probable, Remote, Improbable.
Small differences in the hard numbers can have huge differences in final risk assessment and the hard numbers are very difficult to quantify for software system failures. We know that the software will always behave the same way with the same set of conditions, but determining how often a certain set of conditions will exist is often impossible.
I have the same problem with various countries using the products differently and have not come up with good guidance for how to account for this in the risk mgmt assessment.
Thanks to danpa for your informative Post and/or Attachment!
  Post Number #4  
Old 20th June 2008, 02:08 PM
Marcelo Antunes's Avatar
Marcelo Antunes

 
 
Total Posts: 3,232
Re: Risk Assessment according to ISO 14971 - Medical Device Software

Quote:
My understanding of ISO 14971 is that we should consider the likelihood that a hazard situation becomes a harm;

Did you see the second edition of ISo 14971? It explains some problematic issues regarding hazards and hazards situation (for example Figure E.1 - Pictorial representation of the relationship of hazard, sequence of events, hazardous situation and harm). There it can be seen that you do not only have to take into account the likelyhood that a hazard situation turn into harm, but also the likelihood that the hazard, after a sequence of events, turn into a hazardous situation. So there´s in fact two probablities of ocurrence of harm.

Also, you´re corret when you say that you have to use the highest likelihood depending on the country. In fact i would say more, you have to take into consideration the accepted culltural values of the country/population/etc. into your risk acceptability policy and risk analysis, so this is in fact much broader than what you said.
Thanks to Marcelo Antunes for your informative Post and/or Attachment!
  Post Number #5  
Old 22nd June 2008, 03:58 AM
20110517dpr

 
 
Total Posts: 3
Thank You! Re: Risk Assessment according to ISO 14971 - Medical Device Software

Gidday,

Thanks mmantunes, danpa and somashekar for your answers!

Quote:
As a side note, I am always suspect of hard quantitative numbers like 1/10,000 when conducting risk management for software. I prefer qualitative terms such as Frequent, Probable, Remote, Improbable.
Absolutely right. Actually, I am using hard figures to make the example somewhat more palpable for the reasoning.

Quote:
There it can be seen that you do not only have to take into account the likelyhood that a hazard situation turn into harm, but also the likelihood that the hazard, after a sequence of events, turn into a hazardous situation. So there´s in fact two probablities of ocurrence of harm.
Yes, and in fact I think I believe that I know where the misunderstanding is coming from.

If I assess the risk that, for a given patient, the hazard turns into harm, it is indeed 1/10,000. But if I assess the risk that, during the life of my product, the hazard turns into harm for at least one patient, then the likelihood is very high (given that we have something like 1,000 operations per year and device ).

Of course, the risk management policy in place defines what means terms like "likely" etc. So If I refer to that policy, there is no ambiguity at all.

However, I have a last question. When speaking about risk's likelihood does the standard mean: "the likelihood that the hazard turns into harm for a given patient" or "the likelihood that the hazard turns into harm for at least one patient during the foreseen product's life". Or is it left to the risk management policy to define what is meant exactly?

TIA,
/lew.

Last edited by 20110517dpr; 22nd June 2008 at 10:59 AM.
  Post Number #6  
Old 24th June 2008, 03:49 PM
gholland

 
 
Total Posts: 101
Re: Risk Assessment according to ISO 14971 - Medical Device Software

"However, I have a last question. When speaking about risk's likelihood does the standard mean: "the likelihood that the hazard turns into harm for a given patient" or "the likelihood that the hazard turns into harm for at least one patient during the foreseen product's life". Or is it left to the risk management policy to define what is meant exactly?"


Reading ISO14971, Annex E it is stated that the guidance is to consider both when determining 'Probability of occurence of harm (Figure E.1)'. The probability you're hunting for is basically the probability of the Hazard occurring (P1) multiplied by the probability of the Hazardous situation (P2).

In the 'real world' you'd have to come up with some sort of 'Frequent, Probable,....' ranking and be able to defend it. At that point you can go to your risk chart (Chart D.7 in Annex D for example) and see where you stand. If you have a frequent 'P1' but a remote 'P2' then your probability of the risk occuring may be Remote and you may be able to defend it to yourself and to your auditors. I would definitely get management buy-in as to your Probability of Occurence' ranking and heavily document the rationale if your failure mode is lethal.

Thanks to gholland for your informative Post and/or Attachment!
  Post Number #7  
Old 28th June 2008, 12:32 AM
Marcelo Antunes's Avatar
Marcelo Antunes

 
 
Total Posts: 3,232
Re: Risk Assessment according to ISO 14971 - Medical Device Software

Quote:
However, I have a last question. When speaking about risk's likelihood does the standard mean: "the likelihood that the hazard turns into harm for a given patient" or "the likelihood that the hazard turns into harm for at least one patient during the foreseen product's life". Or is it left to the risk management policy to define what is meant exactly?
It´s up for the policy, meaning, the manufacturer. This directly impacts the risk acceptability criteria (in fact it´s one of it´s components) so the standard does not have a saying on this.
Thanks to Marcelo Antunes for your informative Post and/or Attachment!
  Post Number #8  
Old 4th July 2008, 04:57 PM
20110517dpr

 
 
Total Posts: 3
Re: Risk Assessment according to ISO 14971 - Medical Device Software

Thanks everyone for your explanations!

/lew
Reply

Lower Navigation Bar
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > > >

Bookmarks



Visitors Currently Viewing this Thread: 1 (0 Registered Visitors (Members) and 1 Unregistered Guest Visitors)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Forum Search
Display Modes Rate Thread Content
Rate Thread Content:

Forum Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Emoticons are On
[IMG] code is On
HTML code is Off


Similar Discussion Threads
Discussion Thread Title Thread Starter Forum Replies Last Post or Poll Vote
Are you looking for ISO 14971 - Medical Device Risk Management? Marc Risk Management Principles and Generic Guidelines 1 16th September 2014 11:22 PM
Risk Management Portal - Beyond ISO 14971 - Incorporate $$ into the Risk Assessment k3nny ISO 14971 - Medical Device Risk Management 4 11th July 2011 02:11 AM
Medical Device Risk Assessment to ISO 14971 ISO 13485 - Medical ISO 14971 - Medical Device Risk Management 4 24th March 2010 07:12 AM
Software to Manage Compliance to ISO 14971 (Medical Device Risk Management). TJG954 - 2009 ISO 13485:2016 - Medical Device Quality Management Systems 9 11th September 2008 11:55 AM
Medical Device Software Risk Management and ISO 14971:2007 RA Princess ISO 14971 - Medical Device Risk Management 7 5th June 2007 09:30 AM



The time now is 01:48 PM. All times are GMT -4.
Your time zone can be changed in your UserCP --> Options.



Misc. Internal Links


NOTE: This forum uses "Cookies"