Risk Assessment- What to do?

[alimary15]

Dear all cove members,

I have the following question: How do you deal with risks that have multiple severities? How do you document and discuss such risks in your risk management file?

Let me give you an example:

Hz. Situation: Failure of component xxx leads to additional exposure to anesthesia

This could cause:

Harm1: Minor Bleeding --> Severity: Marginal, Probability: Frequent

Harm 2: Death--> Severity: Catastrophic, Probability: Incredible

Assuming that the mitigation measures are the same for both harms and that I am able to use the same risk control measures for mitigating of both dead and minor bleeding, how can I document this risk in my risk analysis?

Option 1: I go with the most " likely-to-happen" harm, but in this case this would mean e.g. I am not considering at all the possibility of death.

Option 2: I go with the worst case harm, which is very very remote to happen, but this way I would not be able to account for marginal harms which instead occur very frequently

Option 3: I document this risk twice, one time assessing Harm 1 and one time assessing Harm 2, even if the mitigation measures are the same. But this way means my risk analysis documentation will explode!

Can anyone provide guidance or suggestions on how to handle such cases?

Thank you so much for your help!

 

[somashekar]

The manufacturer shall ensure that the risk(s) from all identified hazardous situations have been considered.
The results of this activity shall be recorded in the risk management file.

Completeness is very important in risk management. An incomplete task can mean that an identified hazard is
not controlled and harm to someone can be the consequence. The problem can result from incompleteness at
any stage of risk management, e.g. unidentified hazards, risks not assessed, unspecified risk control
measures, risk control measures not implemented or risk control measures that prove ineffective. Traceability
is needed to establish completeness of the risk management process.

So you deal with all of them.
I do not know about explode of your risk management file., but this file must be alive and address the product life cycle. So it is expected to be growing as you discover more risks...

 

[Ronen E]

True, option 3 is the way to go.

Risk assessment, evaluation and (as necessary) mitigation are done an a harm-basis, with back traceability to the hazardous situation(s) and harm realization scenario. Thus, every different harm needs its own entry. It's possible that a given risk mitigation measure will serve against several different potential harms (what you call risks), i.e. will appear on several different entries.

 

[mihzago]

is the full chain of events from the failure to the harm exactly the same in both cases?
also, does the harm depend on the patient e.g. geriatric or pediatric vs middle-age adult? I've done risk assessment where hazards would be considered separately depending on the population or the conditions diagnosed/treated.

As others have weighed in, I would too probably go with #3, but if that is not an option for some reason then #2; focus on severity and you will very likely address the lower severity harm with the control measures anyway.