Is foreseeable misuse considered as single fault condition?

Roland chung

Trusted Information Resource
#1
Hello folks,

As you can see from the caption, I am just confusing a little bit if foreseeable misuse belongs to single fault condition. Anyway, I think misuse is neither normal condition nor single fault condition. It is just independency.

Please kindly advise it.

Thanks and regards,
Roland
 
Elsmar Forum Sponsor

Mikishots

Trusted Information Resource
#3
Hello folks,

As you can see from the caption, I am just confusing a little bit if foreseeable misuse belongs to single fault condition. Anyway, I think misuse is neither normal condition nor single fault condition. It is just independency.

Please kindly advise it.

Thanks and regards,
Roland
Risk analysis is intended to identify foreseeable hazards and their associated risks under normal condition AND single fault condition, during both intended use and foreseeable misuse. In that vein, I see it as applying to both.
 

Marcelo

Inactive Registered Visitor
#4
Misuse is related to incorrect or improper use. This is tied to the usability engineering process.

Single-fault condition (it´s a 60601-related term tied to risk management) is related to a problem in a risk control measure, or single abnormal condition.


Reasonably foreseeable misuse is in principle independent of single fault condition. However, some misuses might led to single fault conditions.
 

Peter Selvey

Staff member
Super Moderator
#5
The definition of single fault condition includes abnormal conditions, of which misuse could reasonably be considered.

For example, if equipment is rated for 1min on / 10 min off, foreseeable misuse includes the user ignoring this rating and using continuously. The rationale in Annex A, 13.2.13.4 specifically states this is "foreseeable misuse". The test also applies abnormal condition limits (i.e. higher limits than for normal use), thus making it equivalent to a SFC.

In practice it is not really critical about the definition provided the risk assessment is robust.

Misuse normally falls in a probability range that is below normal use but above typical single fault conditions: e.g. 0.01 times / procedure, but if there are 200 procedures / year, it means it happens 2 times / year. SFC rates are typically 0.01~0.001/device/year.

On the other hand, typical misuse rarely causes severe direct harm.

So, it needs a risk evaluation scheme that handles high probability/low severity range effectively. If done properly, you can then decide if a risk control is necessary, and proceed from there.
 
T

tomshoup

#7
A slightly different way to analyze this is to consider the sequence of events that might occur in foreseeable misuse. If a sequence of events occurs after foreseeable misuse, that can lead to a hazardous situation in the presence of a single or multiple fault, then you have your answer.

Tom
 

MediKit

Starting to get Involved
#8
Hi all, my first post on this forum. I understand this is an old thread but interesting.

Peter, you mention the following which makes sense.

Misuse normally falls in a probability range that is below normal use but above typical single fault conditions: e.g. 0.01 times / procedure, but if there are 200 procedures / year, it means it happens 2 times / year. SFC rates are typically 0.01~0.001/device/year.
However, what about a misuse that can disable a risk control? For example, consider the followings:
1) A device (with software) controls heating to the patient.
2) It has a temperature sensor to detect overheating of patient and cut off heating to prevent patient burn (serious harm)
3) However, the temperature sensor is a detachable probe, which rely on the nurse to plug it in.
4) Because this relies on the user action, the probability of the risk control being disabled is ~1 time / year.
5) To mitigate against the misuse, the software continuously monitor the probe connection during operation and alarm if disconnection detected.

The probe connection monitor is also implemented in the same software as the control system. This type of configuration seems reasonably common and it seems safe to me. But if we consider the disconnection as a misuse, then the probability of harm would be something like control software failure (0.001/year) x probe disconnection (1/year) = 0.001/year, which is unacceptable for a serious injury.

Is the above analysis correct? Would you consider the system be unsafe and further control is required? Or would you consider the probe connection monitor algorithm is independent from the control although they are implemented in the same software? Or would you consider the probe disconnection as a single fault instead of misuse?

Thanks.
 
T

tomshoup

#9
Having the software monitor whether or not the probe is connected as part of a risk mitigation is flawed. One should assume that the software has a probability of failure of 100%, so there should be a hardware-only circuit that detects the missing probe and prevents the use of the device.

In terms of risk management, when a risk-control measure is added, it should be evaluated for new risks which it might add. Given that this probe is a risk-control measure, it brings along with it the scenario you describe, and the misuse of the temperature probe, whether accidental or willful, needs to be addressed.

Section 15.4.2 of 60601 describes the reliance on thermal cutouts, which is your situation. Section 15.4.2.1 c) applies to your situation since the missing probe can be viewed as the failure of a thermostat and you need an independent safety circuit. Detecting the missing probe and preventing operation would satisfy this.
 

MediKit

Starting to get Involved
#10
Hi tomshoup, thanks for your reply.

However, assuming 100% failure of software does not seem reasonable to me in such situation. I believe cl.15.4.2.1c) refers to the thermostat being the normal control device, and a fault of the thermostat will lead to a hazardous situation. In this case I agree that the software self checking (let's assuming it is possible) may not be sufficient to protect against a serious harm and additional control is required. Actually, even this I am not 100% sure if additional control is required if a software can detect the fault, as the protection (software self checking) is independent of the target failure (thermostat). We probably need a risk control against the software failing during operation though.

In my example, I am considering the temperature sensor being used as the risk control against the failure of the control system (with software). A disconnection of the probe will disable to risk control, but does not lead to a hazardous situation UNLESS the normal control also fails (double fault). Would you consider this to be different to cl.15.4.1c)? Thanks.
 
Thread starter Similar threads Forum Replies Date
O Safety Classification and Reasonably Foreseeable Misuse IEC 62304 - Medical Device Software Life Cycle Processes 3
B Interpreting "misuse" when assessing Hazardous Situations ISO 14971 - Medical Device Risk Management 2
A Should Intentional Misuse be covered in the Risk Analysis under ISO 62366? IEC 62366 - Medical Device Usability Engineering 3
C Medical Device Malfunction during misuse - Does this need to be reported to the FDA? Other US Medical Device Regulations 5
U The Misuse of Lean Principles Lean in Manufacturing and Service Industries 12
D Another binomial use/misuse question Inspection, Prints (Drawings), Testing, Sampling and Related Topics 6
Le Chiffre Misuse of the ISO name! ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 39
Marc ISO Gets Tough - Cracks down on misuse of the ISO name by web sites World News 1
Y Software updates considered servicing (7.5.4) ISO 13485:2016 - Medical Device Quality Management Systems 4
J Should a Class 1 medical device with an option to measure body weight be considered Class 1m? EU Medical Device Regulations 0
D CB and customer audits considered as internal audits? General Auditing Discussions 9
U NOC - What is considered a "design change" EU Medical Device Regulations 5
S What is considered a "core algorithm"? (From an FDA guidance document) Medical Information Technology, Medical Software and Health Informatics 4
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
D CE Marked product considered a Drug in India Other Medical Device Regulations World-Wide 0
J Are DAM tools, Mobile application, clinical dashboard, etc. considered accessories to medical device or supportive functions? Manufacturing and Related Processes 4
S Is any dissatisfaction over a Medical Device considered as a complaint? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
I Is highlighting on a printed document considered a change? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
M Are mortuary/autopsy tables considered to be medical devices EU Medical Device Regulations 7
K AS9100D Clause 7.5.2.a) - What is considered to be "documented information"? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
V Which batches should or could be considered for design validation and design verification? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 0
M Professional Use Medical Software French Labeling for Canada -- Not Considered Medical Device Canada Medical Device Regulations 2
S Tools and equipment provided by customer - Considered as external provider? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
S What is considered the complete software medical device? Medical Information Technology, Medical Software and Health Informatics 6
D Risk Register - have we considered enough and is the format acceptable? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
E Are EEG electrodes considered as one applied part? IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
R Can a Attribute Study be considered a Visual Inspection? Reliability Analysis - Predictions, Testing and Standards 6
M What is considered an "Audit Day" for OASIS AEA application? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
K What can be considered a "Post Delivery Activity" (ISO 9001:2015 Clause 8.5) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
C What is considered a "Critical" Raw Material? (Re: DNA Synthesis) Misc. Quality Assurance and Business Systems Related Topics 3
F Is Training Material Considered Labeling - FDA 21 CFR 801 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
C DFAR 252.225-7008 - Is aluminum, say T6061, considered specialty metal (i) steel? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
I What are considered next generation ITSM tools? IT (Information Technology) Service Management 1
J Can a Surge test fail to a test level and still considered as Compliant? IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
Y Which version of ISO 13485 would be considered for MDSAP certificate? Canada Medical Device Regulations 8
L AIs the R&R study a training evidence considered ? Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 2
C When is a device considered "sold to the general public?" Canada Medical Device Regulations 2
M Is Pain considered Harm in ISO 14971? ISO 14971 - Medical Device Risk Management 11
F Can be several measurement in a repl considered as nested factor in Minitab analysis Using Minitab Software 14
J Can some measurements be considered information only and not need calibration? General Measurement Device and Calibration Topics 7
M Is a computer used in hospitals considered a medical device? ISO 13485:2016 - Medical Device Quality Management Systems 17
S Are Polyethylene-folie gloves considered Medical Device ? EU Medical Device Regulations 4
T Has anyone considered what logic is? Coffee Break and Water Cooler Discussions 23
D Identification and Traceability 7.5.3 - What is considered Traceable? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
J Is Metals Analysis of Water Samples considered "sampling"? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 15
J Is painting considered a Special Process as defined by ISO 9001 7.5.2? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
E Extent of modification to be considered as Modified Adoption Other ISO and International Standards and European Regulations 1
R How much Protective Current Rating of Building Branch Circuit should be considered? IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
O Is this considered Design and Development in ISO9001? Mushroom Farming ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
V What are Basic Dimensions about and why are they considered basic? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 2

Similar threads

Top Bottom