2
20110517dpr
Hello Everybody
I have some questions related to risk assessment for software used in medical devices and would be glad to get advices from experts.
Let's assume that I have a physiological monitoring device, driven by firmware and software components. A possible hazard for that the device is not showing correct values, due e.g. to a software bug. This bug may occur in some rare pathological cases, assume 1 people out of 10,000.
The likelihood that the hazard "incorrect values shown" becomes a hazard situation is hence 1/10,000.
Now the probability that this hazard situation becomes a harm might be quite different. For instance, the software can fail to display correct result as soon as this pathological case occurs. Should the medical decision relies exclusively on the results shown, it would lead to a probability of harm of 1.
My understanding of ISO 14971 is that we should consider the likelihood that a hazard situation becomes a harm; and not the whole chain. In the first case, the probability that the harm occurs is 1 (if it happens that the patient has the pathological case); in the second case it is 1/10,000. Which is a hell of difference!
Am I right, or am I missing something?
Furthermore, the probability that the hazard situation becomes a harm might depend on the country where the device is operated. For instance, in some countries, where the users are highly trained, they shall not trust the results, hence lowering the likelihood. In some other countries, the likelihood shall be much higher.
I understand that I have to take the entire clientèle into account; that is if I have different likelihood depending on the device location; I should take the highest one for the risk assessment (that would make sense). Is my understanding correct? Or is it really meant that I should take care of the ratio of device this country has (e.g. if only 10% my devices are in that country, then I should multiply the likelihood of harm by 0.1) ? The latter seems suspicious to me.
Any advices would be greatly appreciated!
Thanks in advance,
/lew
I have some questions related to risk assessment for software used in medical devices and would be glad to get advices from experts.
Let's assume that I have a physiological monitoring device, driven by firmware and software components. A possible hazard for that the device is not showing correct values, due e.g. to a software bug. This bug may occur in some rare pathological cases, assume 1 people out of 10,000.
The likelihood that the hazard "incorrect values shown" becomes a hazard situation is hence 1/10,000.
Now the probability that this hazard situation becomes a harm might be quite different. For instance, the software can fail to display correct result as soon as this pathological case occurs. Should the medical decision relies exclusively on the results shown, it would lead to a probability of harm of 1.
My understanding of ISO 14971 is that we should consider the likelihood that a hazard situation becomes a harm; and not the whole chain. In the first case, the probability that the harm occurs is 1 (if it happens that the patient has the pathological case); in the second case it is 1/10,000. Which is a hell of difference!
Am I right, or am I missing something?
Furthermore, the probability that the hazard situation becomes a harm might depend on the country where the device is operated. For instance, in some countries, where the users are highly trained, they shall not trust the results, hence lowering the likelihood. In some other countries, the likelihood shall be much higher.
I understand that I have to take the entire clientèle into account; that is if I have different likelihood depending on the device location; I should take the highest one for the risk assessment (that would make sense). Is my understanding correct? Or is it really meant that I should take care of the ratio of device this country has (e.g. if only 10% my devices are in that country, then I should multiply the likelihood of harm by 0.1) ? The latter seems suspicious to me.
Any advices would be greatly appreciated!
Thanks in advance,
/lew