How do you define Risk (Medical Device)?

[Marcelo]

An embolism can develop on the device itself and then travel through the patient bloodstream to the brain.

The hazardous situation in this case would be the embolism reaching the brain, and the hazard. Not sure why the embolism would develop in the device, but the hazard may be something like incorrect output or loss of function.

Also, the act of implanting the device means the interior walls of the vasculature may be damaged or there may be plaque in the vasculature that breaks loose from the vascular wall and is large enough to block an artery in the brain.

Does this only occur with implanting the device or is this a general possible problem with implantation?

With all of these hypothetical situations, there is no way to know exactly what happened to a particular patient.

If you don't know what happened, you cannot manage risk.

 

[Ronen E]

Hi,

You guys have been very productive while I was away...

Some general comments:

1. It's important not to confuse what a published standard requires (mandatory) with guidance it provides (optional) and what people - other than official auditors - think/say about it. In general, ISO 14971:2007 doesn't require any specific technique, eg FTA. I was really taken by the statement that that standard doesn't require an overwhelming amount of tedious work, because according to most of my clients that's exactly what it does, and I have to admit that except in trivial cases I agree...

2. Implants are somewhat different from other types of devices in that the implantation procedure can usually be seen as part of the device. Novel implant devices involve developing the procedure and educating the surgeons, and typically the manufacturer/developer will undertake that endeavour. The procedure then becomes an integral part of the IFU (user manual) issued by the manufacturer. In some (maybe most) cases implantation requires special tools that the manufacturer will develop, manufacturer and supply with the implant itself. So I guess that an ISO 14971 implementation considering an implant does need to consider the implantation procedure and the integral tools used, as sources of hazards, hazardous situations and resulting harms.

Now, specifically - I understand that the implant is already on the market / in clinical trials and we are discussing a retrospective risk analysis or an update. Correct? The way you describe the situation, a very significant increase in risk seems to be associated with the use of the implant, overall. This is under the assumption that the data is randomized - if only patients already at higher risk are elected to receive the implant, that can account for some of or all the difference. It is very important to establish causality and not just correlation. Any way, if the risk increase is fully / mostly attributable to the device use (including implantation) then yes, all aspects of it should concern the manufacturer. The key word in my previous comment was independent.

 

[Ronen E]

If you don't know what happened, you cannot manage risk.

Marcelo,

My initial response to that statement is disagreement (respectful ), and honestly I'm a little surprised that you made it because you've already brought to our attention the issue of uncertainty in risk management.

In my understanding we should be able to manage risk in uncertain conditions, ie even if we're not fully informed about each and every step in the chain of events. That's the whole point of risk management. I also think that ISO 14971 doesn't do a bad job in providing a workable framework for handling such uncertainty.

I'd say the solution would be to go one level up. If we don't know what particular type of embolism has caused the stroke, we should treat them all together. Of course it might push us towards more crude mitigation means, but that doesn't mean we can't analyse the risk and reduce it if required. Ideally we would pin-point the problem and try to tailor a perfect, elegant solution, but unfortunately that's not always possible.

More generally, I see formal risk management as a rational, methodical examination of the state of things, then making decisions and taking action to change that state of things from overall unacceptable to acceptable risk. I think that this can be done whether we have a full knowledge / understanding of every little detail, or not. The difference would be mostly in the efficiency / elegance of our action.

 

[Marcelo]

My comment was in a more general way, trying to mean that, if you have no idea of the situation, you cannot manage risk.

ISO 14971 is mostly a scenario-based risk management system. You do have to model a scenario. If you do not know the scenario, you cannot manage risk per ISO 14971.

You do not have to know in detail everything within the model of a scenario (and the less you know, the more uncertain are the estimates), but you do have to have a scenario model.

If you lack thing likes the link between the device and how it is part of the scenario, you cannot manage device risk.

More generally, I see formal risk management as a rational, methodical examination of the state of things, then making decisions and taking action to change that state of things from overall unacceptable to acceptable risk. I think that this can be done whether we have a full knowledge / understanding of every little detail, or not. The difference would be mostly in the efficiency / elegance of our action.

Sure (although I disagree a little with part of the statement), but the risk of what? If that's the risk to patient harm in which the device is/might be involved, unless your scenario includes the device, it does not make sense to do device risk management per ISO 14971. That's my problem with the comment on noncompliance to medication, for example.

Also, take the comment for implantation. Implantation itself is not the problem (unless there's a problem 'during"the implantation), but what happens next after the device is implanted. Sure, in a cardiovascular device, stroke is a risk and may be related to the device (in this particular case you would need a clinical trial to verify those adverse events and the link to the device, before that, there's no way you can finish you risk management related to this aspect), but in other implanted devices, a stroke might not be a risk. Again, it all goes back to the scenario.

 

[Ronen E]

Of course you have to hypothesise a scenario and the device has to be a part of it. What I meant is that you don't necessarily have to have all the information about the scenario (we seem to agree about that). You can overcome some missing knowledge by using a more crude description of the scenario.

If we continue the cardiovascular stent example, an embolism may be associated with the device implantation through damage to blood vessel walls during implantation (scenario 1a), through release of preexisting plaque during implantation (scenario 1b), through facilitating accelerated plaque growth on it (scenario 1c) or through some other scenarios. As stated by the OP, when a stroke occurs in a patient post implantation, it's sometimes (usually?) impossible to determine the exact nature of the embolism and/or how it came into being. This is what I referred to by incomplete knowledge. Either way, we could instead address "scenario 1" which would be the sum, or higher level description, of scenarios 1a, 1b, 1c and so on. This is a compromise in the ISO-14971-style risk management process, but in my opinion not an overwhelming one. The process might still conclude effectively (though maybe less efficiently) with the risk brought down to an acceptable level.

 

[Marcelo]

But then scenario 1 would be what? Implantation? If so, this could happen with any implantation, not of the device only. And this would go back to what I mentioned, how would you link the device?

Anyway, maybe the problem has a different origin. The ISO 14971 scenario-based model (which is depicted in Figure E.1), although it can include any risk in principle, is obviously more related to technological risk (and in fact it's even lacking some specificities, see attached for the inclusion of "hazardous event", which is what other IEC standards do).

With this in mind, the "clinical risks"which we are discussing may not easily fit the model. This is clear when we go back to the discussion of probabilities the OP mentioned. Is it worth, or is it even possible, to define specific probabilities for each event in the sequence of events, even if know the events? The problem with this is that there might be too much factors that may influence the probabilities that cannot or a much difficult to take into account (for example, the influence os different drugs).

From my experience, generally what is done is that the risk in those cases is viewed in a more general way (and this fit into the idea of a higher level description) BUT the probabilities can only be verified thru clinical trials, and even then, they might not in the end be clearly related to the device (but the manufacturer would use the clinical trial information to give information for the user/patient to enable them to perform a informed clinical risk-based decision).

This is not prevented by ISO 14971, but clearly does not fit scenario-based model of Figure E.1.

 

[Marcelo]

This I also the same reason that techniques such as FMEA, FTA and the like don't fit too well with clinical risks. These techniques are failure analysis techniques created for mechanical/electrical systems.

 

[indubioush]

Hi,
Now, specifically - I understand that the implant is already on the market / in clinical trials and we are discussing a retrospective risk analysis or an update. Correct? The way you describe the situation, a very significant increase in risk seems to be associated with the use of the implant, overall. This is under the assumption that the data is randomized - if only patients already at higher risk are elected to receive the implant, that can account for some of or all the difference. It is very important to establish causality and not just correlation. Any way, if the risk increase is fully / mostly attributable to the device use (including implantation) then yes, all aspects of it should concern the manufacturer. The key word in my previous comment was independent.

To answer your questions, yet, this is regarding a device that has already gone through a clinical trial; however, the hazardous situations I mention are only loosely based on the actual clinical risks. This is a device in which there is a lot of clinical data and information available from similar devices, standards, journal articles, etc. The rate of certain clinical events is known. It is a life saving device that is considered high risk because of adverse events associated with its use (in both fault and non-fault conditions). As the manufacturer, we are required to always consider these clinical adverse events when doing a risk/benefit analysis. There are some clinical events in which there is no way to reduce risk, but we still must justify them compared to the life-saving benefit and also compared to other similar devices.

These clinical events that occur under normal use would not be listed in any FMEA. They would be listed in other risk analysis documentation though, and there are ways that some of the risks could be reduced. For example, if we discover that a certain set of the patient population has a much greater chance of developing a stroke. We may specifically exclude those patients from the target patient population. If a physician then decides to go ahead and implant the device in one of those patients, this would be considered off-label use.

I agree with Ronan in that for many of these clinical events we do the best we can when writing down the hazardous situations and estimating the probability of harm.

 

[Ronen E]

But then scenario 1 would be what? Implantation? If so, this could happen with any implantation, not of the device only. And this would go back to what I mentioned, how would you link the device?

(The following are just initial thoughts for discussion sake. For clinical validity - which is not the focus here - subject-matter expertise would be required, so it must be sought and engaged in real life risk management).

Scenario 1 would be the release of an embolism into the blood stream as a result of implanting the stent, then travelling to the brain and causing a stroke. The hazardous situation probability would be the aggregate probability of all the sub-hazardous-situations ( as in 1a, 1b, 1c...) and the harm realisation probability (what you refer to as the hazardous event probability) could be estimated based on emboli size distributions and the likelihood of any such embolism traveling from the implantation site to the brain (or any other anatomical site of interest). True, it's a more crude analysis (as I already stated more than once), but it's a way of addressing uncertainty. In my opinion it's much better than stating "we can't manage the risk at all because of uncertainty".

 

[Ronen E]

To answer your questions, yet, this is regarding a device that has already gone through a clinical trial; however, the hazardous situations I mention are only loosely based on the actual clinical risks. This is a device in which there is a lot of clinical data and information available from similar devices, standards, journal articles, etc. The rate of certain clinical events is known. It is a life saving device that is considered high risk because of adverse events associated with its use (in both fault and non-fault conditions). As the manufacturer, we are required to always consider these clinical adverse events when doing a risk/benefit analysis. There are some clinical events in which there is no way to reduce risk, but we still must justify them compared to the life-saving benefit and also compared to other similar devices.

These clinical events that occur under normal use would not be listed in any FMEA. They would be listed in other risk analysis documentation though, and there are ways that some of the risks could be reduced. For example, if we discover that a certain set of the patient population has a much greater chance of developing a stroke. We may specifically exclude those patients from the target patient population. If a physician then decides to go ahead and implant the device in one of those patients, this would be considered off-label use.

I agree with Ronan in that for many of these clinical events we do the best we can when writing down the hazardous situations and estimating the probability of harm.

To me you seem to be on track on most of the issues

Are there still any unanswered questions?