Integrating the FMEA process with problem investigation/RCA process and PFMEA

[v9991]

We are using the pFMEA for co-relating with the process controls. Further, we are using FMEA process in handling complaints & deviation process (FMEA to drive the Root cause analysis process)

I request guidance/precautions from the experts:

1. On the steps of integrating the RCA-FMEA process with pFMEA process.

Whenever an incident occurs [complaint/NCR/Change control], the risk-perceptions of 'risks/effects' and 'failure modes' are updated.

The 'updating' could be revising the earlier existing RPN (of the effect/failure modes) in the pFMEA OR including new effects/failure modes...

2. On the contents/index of the annual review report on risk management.

Thanks in advancevvg

 

[Coury Ferguson]

Any guidance that someone can provide on this topic?

 

[Bev D]

I'm not really sure what the question is?

 

[Murphys Law]

V999x - I would recommend you do NOT use FMEA as a tool for problem solving.

I would wait until root cause and corrrective actions determined before looking at PFMEA.

Take a look at the "8D" problem solving methodology (search this site and I am sure you'll find out what an 8D is. Each D = a Discipline but another way of looking at it is to break a problem up into individual modules.) "D7 = Prevent Reoccurance". under here is where I start to question what in the PFMEA needs to be updated.

To come back to the problem solving methodology, Within an 8D, I'd recommend you look at fishbone diagram or a Faulty Tree Analysis (FTA) to investigate root cause. It should give same mapping to process controls.

 

[quality.shesha]

We are using the pFMEA for co-relating with the process controls. Further, we are using FMEA process in handling complaints & deviation process (FMEA to drive the Root cause analysis process)

I request guidance/precautions from the experts:

1. On the steps of integrating the RCA-FMEA process with pFMEA process.

Whenever an incident occurs [complaint/NCR/Change control], the risk-perceptions of 'risks/effects' and 'failure modes' are updated.

The 'updating' could be revising the earlier existing RPN (of the effect/failure modes) in the pFMEA OR including new effects/failure modes...

2. On the contents/index of the annual review report on risk management.

Thanks in advancevvg

Welcome to cove!

Can I request you to rephrase the question so that the experts in here can guide you.
You will get a answer if you post your question correctly.
All the best!

 

[MCJames]

It's been a while since this thread has seen any action but I think this might be a good place to post. I'm a medical device manufacturer. We've now had 2 distributors act very surprised that we do not update our FMEAs after each-and-every complaint we receive. To my knowledge this is not explicitly required by any regulation -- at least not by 21 CFR 820. Regarding the original post, I think the question I, and possibly the original poster, goes something like this:

1) What does the process look like for updating FMEAs in response to a given quality event? Can anyone share an example of how this process should play out? I'm picturing something like the graphic below. Is this a gross over-simplification of what is expected?



2) Is there a regulation or standard that I am missing that would describe the requirements around a process such as this (remember: medical device)? As I responded to our customer, we periodically review and update our FMEAs, using our complaint/NC files as guidance for determining our RPN values. Is it necessary/required by regulation to do this in response to each event? If so, can someone point to the clause I'm missing?

3) As an added wrinkle to this question, this situation was brought up after a complaint occurred with no discernable failure mode. By far, our leading "complaint" occurs when an implantable device must be explanted due to patient infection -- as is the standard of care for our device. It doesn't take an expert to know that any time you undergo a surgical procedure you run the risk of developing an infection at the surgical site. This is also well documented in scientific literature. Yes, a failure of a process (e.g., ultrasonic cleaning) could cause or contribute to an infection, but it's difficult, if not impossible, for us to make that connection when infection is also just an inherent risk of surgery. In other words, all we know is the effect, not the cause. How would we go about updating our FMEAs in response to individual events like this?

Please accept my apologies if this is the wrong forum to get into such specifics. Thanks in advance for any input!

 

[Jen Kirley]

Hello MCJames,

How many of these infection complaints have you received? Even if 21 CFR 820 does not expressly require revisiting process controls after a complaint, each complaint adds to your exposure so it seems to me like a good idea to run through the process in your graphic. Ideally, the more process improvements result in fewer complaints which then result in fewer needs to run through this effort.

I agree there is certainly more than one potential cause for infection at the surgical site. It has been receiving greater focus lately. Some protocols are being adapted to manage risk in surgical centers. In the three days before my back procedure late last year they had me shower using surgical soap and a clean washcloth and towel, and use clean nightclothes to sleep in immediately following. I suppose that helped avoid infection, as none occurred. I didn't have an implant, but several years back I had hardware put in my ankle and fibula to fix a nasty fracture. No infections occurred then either, but I was not able to do this same protocol for that surgery. I wonder what protocols your end users are being asked to do - anything similar? We'll probably never know that, so let's stick to the basics. I have some questions:

1. Is there a way to compare your incident rate to those of your competitors?
2. How did you validate your cleaning process?
3. Do you periodically re-validate your cleaning process?
4. What about packaging - how do you know it is continually sterile?
5. How is the product handled after cleaning and during packaging?
6. Are you required to use a clean room environment with particulate limits?

Maybe some of our fellow Covers have more questions.

 

[MCJames]

Thanks for the fast reply! I'll try to address your questions in order. We're a small company so we only receive about 8-10 reports of infection each year. We currently benchmark our rate of infection against the numbers reported in peer-reviewed literature. I suppose we could try to contact our larger competitors but I've never tried. Our infection rate currently hovers around 1.5%. This is compared to anywhere from 5-10% reported in the literature. Our sales and marketing team has a target to follow up with at least 10% of our customers after surgery. That is to say, I feel confident that we have a reliable picture of how often our products are associated with infection.

We validated our cleaning process by analyzing TOC and non-polar gravimetric residuals, total bioburden, bacterial endotoxins and cytotoxicity. It's really tough to find acceptance limits for residuals so we largely based these on the cytotoxicity endpoint. Of course FDA is kind enough to give us clear BET limits. We'll also send off samples as part of monitoring for variations in the process.

As for the packaging, the device is intended to be removed from the original non-sterile packaging and sterilized in sterile wrap. This is consistent with the packaging configuration and sterilization method for our larger competitors. As I mentioned, we're a small company so package these products by hand immediately after cleaning. Because the product is packaged non-sterile and is intended to be removed from this packaging prior to sterilization (i.e., not "terminally sterilized" per ISO 11607-1:2019) we do not have clean room requirements defined. Although I've personally been pushing to move toward ISO Class 5 clean room for packaging, management asks "If our infection rate is so low why do we need to add clean room requirements?"

To bring things back to the topic of risk, I'm thinking we might want to update our complaint procedure and form to more clearly show the results of the flowchart in my previous post. @Jen Kirley with your experience as an auditor, would that seem like a logical place to show how we consider risk when documenting complaints?

 

[Jen Kirley]

@Jen Kirley with your experience as an auditor, would that seem like a logical place to show how we consider risk when documenting complaints?

Thank you so much for your detailed explanations. They do seem reasonable.

I think your approach seems reasonable; have you done root cause analyses for these complaints before?

I would think root cause would be difficult for complaints like this. Have you noticed more or fewer are occurring in specific surgical centers? Are there centers who use your product who never, ever have problems? I am trying to think of ways to draw patterns to sort out if some of these incidents are avoided through rigorous pre-op cleaning like I did for my back.

 

[elly12345]

View attachment 28059

My apologies as this isn't a response to your question, but why would you not need to update the fmea to add a new line item based on a lower severity complaint? X company is trying to add new line items to the fmea if they do not match the RPN but are lower severity (which is ALL the time). Sam process, failure mode, everything the same execpt the severity/RPN. I guess for tracking severity of risks? Does this make sense and if not why not?