Medical Device Failure Effects - Where to draw the line?

[Julison]

Hi,

I work for a medical device manufacturer.
I have led a few FMEAs to date and have run into a frequent issue of determining where to limit potential effects.
For example:
MFG Step Requirement: Deposit an Enzyme layer of 1 (+/-0.1um) on electrode.
Failure Modes: 1) Deposit too thick, 2) Deposit too thin, 3) Step missed.
Effects for any one of those Failure modes could be: Local: Fail Part, Local: Rework. Next Step: Poor adhesion, End: Product does not meet customer needs - Dissatisfied Customer, Product does not meet customer needs - misdiagnosis.

The question that typically comes up is: Should we consider existing prevention and detection control measures when determining potential effects? My belief is that you do not take control measures into account when identifying potential effects. I could be wrong here though and would like some outside opinions before I go too far off course.

Similarly, when determining severity, do you discount end user impacts if you have a great downstream detection or upstream prevention?

Any help here would be greatly appreciated,

 

[amehta44]

Hi Julison,

FMEA is a techniques used to determine high-risk product features based on the impact of a failure and the likelihood that a failure could occur without detection.

FMEA in a nutshell requires the following:
1. You analyze the product - including all functions, current performance levels, and definitions of failures of each function.
2. For each function, you'd then identify failures modes and associated effects.
3. You define Severity (S) for each failure mode: assigned as number 1-10, 1= not significant, 10=most severe.
4. You define the probability of occurrence (P): assigned as number 1-10, 1=not likely to occur, 10=highly likely to occur
5. You define the likelihood (D) of detection: assigned as number 1-10, 1=easily detected, 10=hard to detect
6. You calculate Risk Pririty Number (RPN): Severity (S) * Probability (P) * Detectability (D) [Result: 1-1000]
7. You'd then prioritize the failure modes based on RPN. Some organizations use threshold values, above which preventive action must be taken. For example, the organization may require improvement for any RPN exceeding 120.

With that said, lets look at your questions:

"I have led a few FMEAs to date and have run into a frequent issue of determining where to limit potential effects.": You'd include all potential high-risk effects, and let the RPN help you prioritize improvements.

"Should we consider existing prevention and detection control measures when determining potential effects?": You must absolutely account for existing prevention and detection measures without which you cannot have meaningful assignment for the probability of occurrence (P), and/or the likelihood of detection (D).

"Similarly, when determining severity, do you discount end user impacts if you have a great downstream detection or upstream prevention?": The RPN calculation automatically does this for you.

Hope this helps.

Regards.

 

[randomname]

Severity is the impact if it were to happen, independent of controls.

The boundaries of your analysis (internal, external) and a common concern. For example, harm to the patient is a no brainer. But how about impact on a medical provider, or calibration tech, etc.

 

[randomname]

By the way, the impacts and boundaries should have been already discussed during the device risk assessment (hazards and harms) required by the risk management plan (ISO 14971).

 

[Julison]

Hi,

Thank you for the replies.
However, based upon those replies I am still uncertain what the best answer is to the questions I have posed.

Question #1 was:
"Should we consider existing prevention and detection control measures when determining potential effects?":

Answer #1: You must absolutely account for existing prevention and detection measures without which you cannot have meaningful assignment for the probability of occurrence (P), and/or the likelihood of detection (D).

I think I may not have been clear enough in the question.
We do record failure modes, effects, causes and control measures.

The question I have is:

Do we record a potential end effect if downstream we have a control that will detect it with a high degree of certainty.

For instance. The process requirement could be to deposit a glucose sensor that is 1um thick. The failure mode could be that it is >1um thick or <1um thick or absent. Some of the effects could be local: Product fails at that step's inline QC, OR, End User: The customer (hospital) gets an inaccurate result.

IF the inline QC detection is VERY effective, should we even record the potential End User effect "The customer (hospital) gets an inaccurate result "?

Thanks again,

Julison

 

[Julison]

Thanks Randomname.

Your answer was "Severity is the impact if it were to happen, independent of controls."

I think part of my problem is that our severity criteria are based upon how far reaching the impact of the failure mode reaches.

If something is caught at the step that it occurs it has lower severity than if it makes it to the next step or worse case the customer is impacted in a manner that creates harm.

So, our criteria force us to assess internal and external controls and as such we cannot assess the severity "independent of controls."

Not sure how to address this without challenging the company risk criteria.

Ideas???

Julison

 

[randomname]

I would use the highest severity, since that is the actual risk. However, each failure mode could have multiple effects, with a different severity for each.

 

[howste]

I would use the highest severity, since that is the actual risk. However, each failure mode could have multiple effects, with a different severity for each.

I agree with this answer. Look at the worst case for each failure mode.

 

[Eamon]

Perhaps the following observation is obvious, or perhaps it bears suggesting.

It is often the case that the same failure mode has a greater likelihood of a lower severity effect, as well as a lesser likelihood of a higher severity effect. (This is without considering detectability, about which there may be similar dependencies and considerations.)

The way to document this would be to reproduce the same failure mode on more than one FMEA row, with each row possibly documenting a different effect, and with each row showing a different balance between the risk numbers. In such a case, the RPN on each row of the the "split" failure mode may be acceptable, but a single row combining the highest likelihood and the worst severity would be unreasonably high RPN.

I think this is a reasonable approach to take into account a common situation. I would be interested to know if this is commonly done, or there is an argument against taking this approach.

Eamon

Edit:

I have just realized that the likelihood primarily pertains to the occurrence of the failure mode, not to the occurrence of the effect, so my suggestion may not play well with the semantics of most FMEA methodologies. Nonetheless, there should be a way of capturing such analysis in an FMEA. How should it be done?