Benefit risk analysis on pFMEA

[Peretz87]

Hi everybody,
I hope you can guide my on something.
I’m writing pFMEA for packaging process for packaging medical device and i’m analysing the process to find all the risks that can produce harm to user/patient.
The pFMEA should answer the requirements of MDR and ISO 14971 and i’m not sure how to do benefit-risk analysis for each individual risk (do i need to do that for every risk?) and i should i do overall benefit risk analysis?
Examples will help.

 

[pziemlewicz]

The PFMEA will not talk about benefits, only risk. Process risks are given risk priority number based on severity, occurrence, and detection.

MDR and 14971 are also interested in your design and usability risks.

 

[Tidge]

Some Notified Bodies will require an individual risk benefit analysis for lines of analysis in FMEA, even if they are completely subordinate to a Hazard Analysis. It doesn't make sense to me, but they will consider your implementation of 14971 deficient.

 

[zoneofindifference]

Some Notified Bodies will require an individual risk benefit analysis for lines of analysis in FMEA, even if they are completely subordinate to a Hazard Analysis. It doesn't make sense to me, but they will consider your implementation of 14971 deficient.

Even if there is appropriate links between the Hazard Analysis and underlying FMEA docs?

 

[ThatSinc]

The pFMEA should answer the requirements of MDR and ISO 14971

Your Risk Management Process, and all resulting records, should answer the requirements of MDR and ISO14971 - how your pFMEA fits within your risk process will change what parts of 14971 must be covered by it.

If you consider your pFMEA as a means to identify sequences of events within your manufacturing process that could introduce hazards and/or lead to hazardous situations, and the individual probabilities of those happening, and align those with your hazard analysis which would document the hazard and hazardous situation, you will have a benefit/risk for the hazard and hazardous situation that captures the line item of the pFMEA.

However, as @Tidge has mentioned, some notified bodies are mandating all sorts of bizarre requirements.
I am still waiting for the NC's around disclosure of each and every residual risk identified.

 

[Tidge]

Some Notified Bodies will require an individual risk benefit analysis for lines of analysis in FMEA, even if they are completely subordinate to a Hazard Analysis. It doesn't make sense to me, but they will consider your implementation of 14971 deficient.

Even if there is appropriate links between the Hazard Analysis and underlying FMEA docs?

"Links" don't establish that any given control in the linked documents is actually reducing risk. Two general points:

1. The Hazard Analysis is where risks are analyzed. That's the only place where it makes sense to perform individual RBA
2. Subordinate documents typically do not reference each other, so performing an RBA in a subordinate document is going to be completely ignorant of other subordinate documents with also "link" to the same "risk". For example: If you didn't pursue all means of 'reducing risk (not really risk) in a FMEA at a supplier' because of some control in another place (e.g. a design FMEA) it would be a complete waste of effort to write the same thing in both FMEA and the Hazard Analysis. The cross-reference only makes sense at the HA level.

Defect Awareness follows.: Performing individual RBA in an FMEA is going to motivate several bad behaviors/attitudes:

• It propagates the idea that FMEA evaluate risks, but right in the name we know that this tool only evaluates failure modes.
• Failure modes can contribute to risk, but the controls for specific failure modes don't always control risks.
• A strict RBA analysis could imply the elimination/redesign of necessary (or otherwise acceptable) production processes because of some peculiar assessment of "final RBA" in a manufacturing FMEA. Without going into further detail, all I will write is "don't spill too much ink on the deburring process (for some devices)".
• A team can consider any number of failure modes, no matter how unlikely they are to actually occur. The classic RPN tool is the mechanism to keep people from wasting time implementing controls for 'low priority' failure modes, but requiring individual "RBA" on all the lines actually defeats the purpose of FMEA.
• FMEA are (in my opinion) the tool in which statistical analysis and study design can most legitimately/consistently used to evaluate the effectiveness of implemented controls. I am describing a quantitative assessment. Typically the RBA is a qualitative assessment. I don't believe it is logically consistent to have two different types of assessment for the same thing (here, RBA).

 

[RonanMc]

I’m writing pFMEA for packaging process for packaging medical device and i’m analysing the process to find all the risks that can produce harm to user/patient.

I'm not sure a PFMEA is the place to determine the possibility of harm to a user/patient. It is used to determine the likelihood of failure modes.
You would need an additional document which analyses the link between those failure modes and hazards (this could conceivably be part of the PFMECA, but usually isn't), and then from those hazards to potential harms (which you should be doing as part of your risk management system anyway).

For packaging the effects of failure modes would generally be limited to loss of sterility and damage to the device (although "damage to device" covers a lot of ground)

The pFMEA should answer the requirements of MDR and ISO 14971 and i’m not sure how to do benefit-risk analysis for each individual risk (do i need to do that for every risk?) and i should i do overall benefit risk analysis?
Examples will help.

Ideally you should be taking all of your process risks, along with your design & usability risks, and considering them as a whole.
Whether a component breaks (for example) because of poor manufacturing controls or because of poor material selection/part design is pretty much irrelevant to your overall risk - the effect and potential for harm is still the same.

Once you have your overall risk, you can compare it to the inherent risk of the procedure the device is used in, the risk associated with current devices, the risk of not using the device etc etc. as part of your Benefit-Risk Analysis.

 

[zoneofindifference]

I'm not sure a PFMEA is the place to determine the possibility of harm to a user/patient. It is used to determine the likelihood of failure modes.
You would need an additional document which analyses the link between those failure modes and hazards (this could conceivably be part of the PFMECA, but usually isn't), and then from those hazards to potential harms (which you should be doing as part of your risk management system anyway).

For packaging the effects of failure modes would generally be limited to loss of sterility and damage to the device (although "damage to device" covers a lot of ground)



Ideally you should be taking all of your process risks, along with your design & usability risks, and considering them as a whole.
Whether a component breaks (for example) because of poor manufacturing controls or because of poor material selection/part design is pretty much irrelevant to your overall risk - the effect and potential for harm is still the same.

Once you have your overall risk, you can compare it to the inherent risk of the procedure the device is used in, the risk associated with current devices, the risk of not using the device etc etc. as part of your Benefit-Risk Analysis.

Since the severity rating in terms of patient harm is applied in the hazard analysis, do you use a different severity scale (perhaps focused on end effects, like loss of device function) in the PFMEA to help prioritize the failure modes before you have created the hazard analysis, or do you not have a severity rating at all in the PFMEA?

 

[RonanMc]

Since the severity rating in terms of patient harm is applied in the hazard analysis, do you use a different severity scale (perhaps focused on end effects, like loss of device function) in the PFMEA to help prioritize the failure modes before you have created the hazard analysis, or do you not have a severity rating at all in the PFMEA?

As a design company (and legal manufacturer) that subcontracts assembly, we approach it from the opposite direction. We analyse our design risks and hazards (linking through to patient harms) as part of development. We do identify process risks (but not exhaustively) as part of Fault Tree Analysis of the design.

Generally, we generate PFMEA with our subcontractor under their QMS (rather than ours). The severity scores assigned would be influenced by our hazard analysis (ultimately through to patient/end-user harms).

 

[Tidge]

Generally, we generate PFMEA with our subcontractor under their QMS (rather than ours). The severity scores assigned would be influenced by our hazard analysis (ultimately through to patient/end-user harms).

I want to echo that this is my preferred method for manufacturing process risks, even when the manufacturing is done "in-house". It should be somewhat obvious that a medical device manufacturer wouldn't be obligated to do 'individual risk control option analyses' for failure modes identified at a component supplier; I don't know why representatives of NBs insist that medical device manufacturers do them for ANY Failure Modes and Effects Analyses if the manufacturer has an over-arching Hazard Analysis. If there are specific, necessary risk controls identified in subordinate (to a Hazard Analysis) documents then the individual risk control option analysis ONLY brings value (and makes sense) at the Hazard Analysis level.

There may be peculiar corner cases where a subordinate analysis of failure modes could document trade-offs (specific to an implemented design or process wholly contained within that design/process element), but such documentation wouldn't be very likely be able to speak intelligently to how such controls contribute the overall risk profile for the device.