How do you define your Hazards? <a Risk Management discussion>

ThatSinc

Quite Involved in Discussions
You need to document each hazardous situation applicable to your device. You mention at least two hazardous situations above. Since we here don't know the details of what your device does, we can't tell you what to include or not. Just try to go with your gut and keep the patient in mind as you go through this.

Sorry, I appreciate I am being vague - this is most definitely intentional on my part; the reason for the vagueness is I am not looking for the forum to give me an answer that I can just put into my risk file or design file etc. That doesn't actually help me in the long run at all. I'm trying to get a better understanding and clarity of each concept and the requirements, through how other people see the same issue. Give a man a fish... You get the idea.

If you see multiple hazardous situations, which I do too, these need to be documented separately.
The risk control measure is the same for all of them, so should be listed against each one.
The hazard is different for each one as a different source of harm.
The fluid ingress is consistent to all.
I see "device surface becomes live" as one hazardous situation, and "device stops provision of therapy" as another, and the third regarding the device being out of service is being unable to treat the patient.

I think the root of this goes to the reason I started this thread in the first place - "hazard" and "hazardous situation" are so poorly defined in terms of where they sit within the "sequence of risk" that interpretation is wildly different.

And the various other standards that require you to follow the 14971 framework define hazardous situation differently, with 62366 being the worst in my opinion and 60601-1-8 incorporating further elements such as onset of harm.

The standard directly lists "no output" as a hazard (informatively in the annex), yet Tidge feels that no output is not a hazard but a failure to meet essential performance. (Not suggesting Tidge is wrong)

Device (un)availability is not a hazard. This is more appropriately considered in a failure to provide essential performance.

I had written the above before your reply, so will add this in here - that's two sets of failure to provide essential performance from the hypotheticals in this thread, and I agree with you in many respects, but am struggling to get these issues into my risk documentation - how do you align failure to provide essential performance with appropriate hazards and hazardous situations in your risk files?
Would you consider the device being taken out of service as the hazardous situation? Or do you treat essential performance in a different manner?
 

Tidge

Trusted Information Resource
Would you consider the device being taken out of service as the hazardous situation? Or do you treat essential performance in a different manner?

"Hazardous Situation" is different from "Hazard". A device stopping unexpectedly during intended use could be a Hazardous Situation, but the Hazard to which it is exposing a patient/user must be identified. I don't know your device or what it does, so I can't say what the hazard is. Presumably even though I am not using your device right now I am not exposed to a (mythical) hazard of "device not available".

Reductio ad absurdam: If you think I 'not having my device' is a hazard, I can't believe you are also going to self-report to the authorities when you discover patients don't have access to your device because they didn't buy one.
 

ThatSinc

Quite Involved in Discussions
I don't think I've said that hazardous situation isn't different from hazard... How hazards and hazardous situations are linked is definitely poorly worded, where the annex in some places states a hazard progresses to a hazardous situation, or that hazards transform into a hazardous situation.
Some places say sequences of events lead to hazardous situations that expose the user/patient to a hazard.
I believe those are at odds with each other.

It's hard to read the tone in your message as jovial sarcasm or condescending, I'm hoping the former as I'm not trying to be difficult.
I'm genuinely appreciative of the help.

Reductio ad absurdam: If you think I 'not having my device' is a hazard, I can't believe you are also going to self-report to the authorities when you discover patients don't have access to your device because they didn't buy one.

That makes sense to me, thank you for putting it in such terms.
In itself you are absolutely correct that not having the device is not a hazard, but if you need the device and it's not available then a source of harm likely exists.

---

Lets say the device is a ventilator and was taken out of service due to a critical component failure outside of the maintenance window, a patient requires ventilation but there is no ventilator available.
The potential harm from this could be severe hypoxemia & Organ Failure, with a catastrophic severity "results in permanent impairment or death".

Taking the guidance of the hazard progresses to hazardous situation, and the examples in annex C3, this would be (Hazard) No Ventilator > (Hazardous Situation) No Provision of oxygen > Hypoxemia/Organ Failure.

Unless you would turn it entirely on its head and consider hypoxemia the hazard, the lack of device due to component failure the hazardous situation, and organ failure the harm - again, catastrophic severity.

I worked with ventilators several years ago and hypoxemia was always considered the harm from lack of ventilation, but as a condition it has outcomes such as organ failure / brain damage / death*

*though I'm personally not comfortable with "death" being listed as a harm, but rather a severity of whatever harm has occurred.
 

Tidge

Trusted Information Resource
This is much closer to how I would approach the problem:

Unless you would turn it entirely on its head and consider hypoxemia the hazard, the lack of device due to component failure the hazardous situation, and organ failure the harm - again, catastrophic severity.

I wouldn't consider this 'on its head', as it aligns with the commonly accepted implementation of risk controls. For example:

Infection is the hazard, breach of sterile packaging is the hazardous situation, fever is a possible harm.
 

ThatSinc

Quite Involved in Discussions
I'd consider it on its head as it's entirely backwards with regards to hazard and hazardous situation, as per the examples in annex C.

Using your example of infection, within the 2019 edition;
How do you define your Hazards? <a Risk Management discussion>


Would you consider the example better reworded as inadequate cleaning as the hazardous situation, as the circumstance that leads to the patient exposure to the microbial contamination?

this allows you direct linkage between the hazardous situation and the control mechanism.
And also gets closer to a 1:1 hazardous situation to control mechanism, where with the standard examples there can be a significant number of events that could lead to bacteria being released into the patient airway.
 

Tidge

Trusted Information Resource
I could have written "Infectious agent" as the hazard but I was using quick shorthand. The Annexes are informative.

Development teams are supposed to use critical thinking to identify risk controls (and assess the effectiveness) for actual harms.

"Cleaning an infectious (reusable) device" is unlikely to be a hazardous situation to patients (1); users who clean the device may be exposed to infectious agents (and/or sharp edges). An unclean (e.g. non-sterile, or otherwise contaminated) device is a different hazardous situation, presumably with a higher risk to patients (2). The example you provided is more of the latter.

(1) see issues with non-tuberculous mycobacterial infections for a hazardous situation (for patients) that can develop because of the design of a device. The actual harms appear to be specifically linked to the design of a specific heater-cooler used in (e.g.) bypass surgery, no matter what cleaning regimen is implemented.

(2) this is presumably the case with infections due to GI endoscopy. I haven't followed this in a while, but there could have been inferior sterilization of the devices, or certain models of devices may not lend themselves to (at the time) standard sterilization processed.
 

Bill Hansen

Registered
We've struggled with defining Hazards, especially with devices that provide information which must be acted on. For instance, a monitor "lies" to the doctor; the doctor administers the wrong drug; harm occurs. The "lion in the room" (Hazard) is the incorrect drug, but our device's responsibility ended at the information it provided. So, we would list the Hazard as "incorrect measurement", which (I believe) is in the examples in 14971. It helped our team focus on what our device could do to cause Harm.

Speaking of Harm... has anyone considered the newer Harms that 14971:2019 talks about? "Unreasonable psychological stress", or the cybersecurity items, Loss of Confidentiality, Availability or Integrity? We are wondering how to incorporate these into our Master Harms List, since some of them will apply to our device. Of course, we will consult with our clinical expert. But we are wondering, especially, about Loss of Confidentiality... how can that be dropped into the classic 5-scale Severity range?

Has anyone dealt with this yet?
 
Top Bottom