This would still makes no sense under ISO 14971. The concept is that, if the risk is acceptable, no risk control is needed. If the risk is unacceptable, then risk control is always required. If, after analyzing the risk control options, you conclude that the risk cannot be achieved by practicable means, then you can perform a risk/benefit analysis. Also, if you implement risk control measures and then, after the second analysis, identify that they did not reduce the risk as expected and additional measures would not reduce the risk (it?s still unacceptable) then you can perform a risk/benefit analysis.
IN your case, is seems that you said that 3 is unacceptable but needs no risk control if a risk benefit/analysis is performed. This is what is wrong. The risk control option analysis is always mandatory, and then, if the analysis shows that risk control is impractical, you can proceed to the risk/benefit analysis.
Also, I don?t think you need a separate 3 and 4, they should be the same.