Please disable your adblock and script blockers to view this page
Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo including content not in the forum - Search results with No ads.

Risk-benefit Analysis - Hazard Analysis (HA) and FMEAs

#1
Hello All,

Looking for a thought process here. Do we consider the risks from both Hazard Analysis (HA) and FMEAs such as PFMEA, or only the HA?. The standard speaks about risks which may seem to include all but does it make sense to discuss the risks from FMEAs with clinical benefit?. If everything is to be taken into account, it would look odd as there would be a huge amount of redundant comparisons. This question was partially discussed in another thread, but the first part of my question, I guess, is new here.
 

Marcelo Antunes

Addicted to standards
Staff member
Admin
#2
All risks related to harm (normally to patient, user, etc.) . Please note that an FMEA does not output risks related to harm to patients, users, etc.
 
#3
Dear akp060,

I try to share my personal view:

A PFMEA (and also the DFMEA) originally come from other industries. The end point that they focus is the specification of the final device.

The risk table that is created to cover ISO 14971 is a different thing. It is not necessarily based on FMEA method (might also be PHA and FTA) and the end point there is the harm - a physical damage of human body.
A big difference is also the risk priority number (RPN) that is part of PFMEA and DFMEA but never (!) of the risk table according to ISO 14971.

So I always strongly insist on keeping both worlds apart. This is sometimes easy because production staff is doing the PFMEA, developers are doing the DFMEA and the risk manager for medical devices is responsible for the risk table according to ISO 14971.

But sometimes this risk manager involves production staff and developers to his risk management meetings and they say: wait a second, we already did that job before and risk manager is either happy for the already done work or is confused. And then they start to mix up both worlds in a very complicated or senseless or even non-conforming way. Because they have different ways of thinking and different standards that they refer to.

The good practice would be:
1) Keep both worlds separated first !​
2) Risk evaluation according to ISO 14971 starts very early in the development process​
3) DFMEA and PFMEA are done as soon as design specifications or production specifications are available​
4) the risk manager according to ISO 14971 shall evaluate the results of 3) for new causes or hazards not already covered by 3). If it turns out that a specification of the final device can not be guaranteed (high risk in DFMEA or PFMEA) even with defined counter measures and this "out of spec" can cause a harm, then the risk table according to ISO 14971 needs additional counter measures (preferred: "by design").​
By the way: People responsible for DFMEA and PFMEA often ask: How do I know which device specifications are more important than others to be sure my risk measures are focused on them? Answer: Risk evaluation according to ISO 14971 reveals critical/important design specifications (like tight connections, clean surfaces, etc.) and those critical specifications shall be labelled accordingly in the component requirment specifications or drawings or other documents (also quality agreements to suppliers). That is the communication channel between both worlds.

Do you agree?
 
Last edited by a moderator:

sagai

Quite Involved in Discussions
#4
Horrendously well said. :applause:

Somehow people obsessed with using FMEA only as a golden approach, whereas it is completely useless in the most situation for the design phase.
Another angle on it, that somehow people reluctant move beyond their comfort zone and to see things from a different angle.
Anyway ... much talking ... ;)

Cheers
Saby
 

FoGia

Involved In Discussions
#5
I agree there is a lot of confusion but from my perspective there is a lack of literature out there of what would constitute state of art risk analysis for medical devices. Things may look obvious for people well-versed in the field but when I see authorities agreeing upon less than ideal risk documentation I believe there is problem there, and it's not only on the side of the manufacturers. I would personally be very interested in a compilation of risk documentation for a variety of medical device types.
 

Watchcat

Involved In Discussions
#6
Some day I really must read ISO 14971.

The only thing I use the FMEA (or whatever tool design engineering is fond of) for is to generate a list of risks that potential design failures may pose to users. I find the FMEA reasonably adequate and easy to use for this purpose. I find it works better when used by an experienced medical device design engineer who understands what he's trying to do and doesn't get hung up on how he's "spozed to" do it.

To generate my list, I just run down the "effects" column and circle all of the effects that involve people. Any effort to quantify clinical severity is just nonsense, and I've always ignored the numbers.

For my purpose, the only flaw in the FMEA itself is that there is no way to confirm (I don't think?) that all failure modes and effects have been identified. You just have to think them up. Ironically, I became a fan because one mode got overlooked by a team that was developing a complex surgical device (electrical, mechanical, software). That mode was discovered in use, fortunately with no serious harm done. But that was the only significant problem that anyone ever reported as having occurred during use of the device. All other failure modes and effects were successfully identified and mitigated during its design. There were pages and pages of them, so I was impressed.

For my purpose, the main flaw I see in the use of the FMEA with medical devices is the omission of a clinician from the FMEA team. But what I pull from the FMEA is just a starting point for me. Then I sit down with a clinician and we go from there, so this oversight is not a problem for me. The main flaws I see in its use for whatever it is the engineers are using it for is that: 1) they pull numbers out of the air and 2) they start with numbers that are too low in order to avoid scaring off executive management or investors, and then there is nowhere much for those numbers to go once they implement risk mitigation. But again, not a problem for me.

My personal favorite tool is the "Device Evaluation Strategy Table" FDA provides in its guidance on early feasibility studies. Reminiscent of a FMEA, only it makes more sense for a medical device.

I think there may be a potentially unfortunate disconnect between risk analysis during design and what is known as risk management, but I haven't had a chance to dig into that, i.e., read ISO 14971.
 

AbelVV

Starting to get Involved
#8
Dear akp060,

I try to share my personal view:

A PFMEA (and also the DFMEA) originally come from other industries. The end point that they focus is the specification of the final device.

The risk table that is created to cover ISO 14971 is a different thing. It is not necessarily based on FMEA method (might also be PHA and FTA) and the end point there is the harm - a physical damage of human body.
A big difference is also the risk priority number (RPN) that is part of PFMEA and DFMEA but never (!) of the risk table according to ISO 14971.

So I always strongly insist on keeping both worlds apart. This is sometimes easy because production staff is doing the PFMEA, developers are doing the DFMEA and the risk manager for medical devices is responsible for the risk table according to ISO 14971.

But sometimes this risk manager involves production staff and developers to his risk management meetings and they say: wait a second, we already did that job before and risk manager is either happy for the already done work or is confused. And then they start to mix up both worlds in a very complicated or senseless or even non-conforming way. Because they have different ways of thinking and different standards that they refer to.

The good practice would be:
1) Keep both worlds separated first !​
2) Risk evaluation according to ISO 14971 starts very early in the development process​
3) DFMEA and PFMEA are done as soon as design specifications or production specifications are available​
4) the risk manager according to ISO 14971 shall evaluate the results of 3) for new causes or hazards not already covered by 3). If it turns out that a specification of the final device can not be guaranteed (high risk in DFMEA or PFMEA) even with defined counter measures and this "out of spec" can cause a harm, then the risk table according to ISO 14971 needs additional counter measures (preferred: "by design").​
By the way: People responsible for DFMEA and PFMEA often ask: How do I know which device specifications are more important than others to be sure my risk measures are focused on them? Answer: Risk evaluation according to ISO 14971 reveals critical/important design specifications (like tight connections, clean surfaces, etc.) and those critical specifications shall be labelled accordingly in the component requirment specifications or drawings or other documents (also quality agreements to suppliers). That is the communication channel between both worlds.

Do you agree?
Not really. Harm involves property damages and the environment as well. Quite an important distinction.
 

Marcelo Antunes

Addicted to standards
Staff member
Admin
#9
Not really. Harm involves property damages and the environment as well. Quite an important distinction.
The definition of harm used in 14971, yes, but regulatory requirements for medical devices are usually only focused on harm to patient, user or other.
 
Top Bottom