Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo including content not in the forum - Search results with No ads.

Risk-benefit Analysis - Hazard Analysis (HA) and FMEAs

#11
Yes, but this does not mean that to comply with (mandatory) regulatory requirements of medical devices you have to consider harm to property or environment, and ISO 14971 is a (usually) voluntary standard.. This is one of the errors, in my opinion, of ISO 14971 (not an error per se, but it induces erroneous actions).
 
Last edited:

AbelVV

Starting to get Involved
#12
Good point. I think it's still good practice to consider those two separate harm categories from a business and ethics standpoint.
 
#13
Good point. I think it's still good practice to consider those two separate harm categories from a business and ethics standpoint.
Totally agreed, but as you mentioned, it's more of a business thing than a medical device regulatory (meaning, putting and maintaining in the market) one.

The only regulation I know that requires risk management for people and property is the IVDD directive (and it was removed in the IVDR).
 

Watchcat

Quite Involved in Discussions
#14
Well this is posted in the subforum of 14971.
And the topic of this discussion is HA and FMEAs. So either these two topics should be addressed only as used to conform to 14971 (is that possible?) or this discussion should be moved to another forum. Marcelo?
 
#15
And the topic of this discussion is HA and FMEAs. So either these two topics should be addressed only as used to conform to 14971 (is that possible?) or this discussion should be moved to another forum. Marcelo?
Not, it's not possible to use only HA or FMEA to claim conformity with ISO 14971 (which is again an historical misunderstanding), but I think this kind of discussions are good to clear these topics.

So I think the topic being here is ok, but as I mentioned, it's important to clarify some things (one particular clarification that I always think is important is that standards, as good as they can be, can include errors, and it's top to the rear to know enough of the subject to spot those).
 

Watchcat

Quite Involved in Discussions
#16
A PFMEA (and also the DFMEA) originally come from other industries. The end point that they focus is the specification of the final device.
The risk table that is created to cover ISO 14971 is a different thing....the end point there is the harm - a physical damage of human body.
Oh my. Thank you. As a non-engineer who 1) has always worked with medical devices, 2) has most commonly worked with engineers who either came from other industries themselves, or who were trained in engineering taught from the perspective of other industries, and 3) had to figure out clinical risks long before ISO 14971 came along (one reason I've never read it), I have always instinctively felt a disconnect between FMEA and clinical risk, and I have always thought the reason was grounded in the FMEA's earlier history (which I figured out was in other industries) and its original purpose. But so many disconnects, so little time. I don't know if I would have ever gotten around to working this out, but I really appreciate your having spared me the task.

Dear akp060,
A big difference is also the risk priority number (RPN) that is part of PFMEA and DFMEA but never (!) of the risk table according to ISO 14971.
I'm still not clear on the value of the RPN in a FMEA, either. I'm very clear on its uselessness for clinical harm, but I'm not sure if the same reasoning might not apply to other harms:

The severity of a clinical harm (e.g. a post-surgical infection) cannot be captured with a single number, because from patient to patient, the same infection occurring due to the same failure in the same mode may result in anything from mild inflammation to death. To capture this in a FMEA, you would need to list every clinical harm along this continuum separately (including zero harm), along with different probabilities of occurrence. My instincts are that most of the engineers I've worked with (see above) have tried to average all of this out (without researching it or thinking it through, i.e., pick a number out of the air). But that simply isn't adequate when you are talking about clinical harm, and also makes things hopelessly murky when it comes to how effectively any given measure mitigates these risks.

Is the severity of all the non-clinical effects of failure that might be addressed in a FMEA very straightforward, or might some of them also exist along a continuum?
 
Last edited:

Ronen E

Problem Solver
Staff member
Super Moderator
#17
I have always instinctively felt a disconnect between FMEA and clinical risk,
The reason is that FMEA (and other design engineering techniques) focus on DEVICE FAILURE, or as earlier dubbed "the specification", while clinical risk may be present with a perfectly performing device, i.e. a device 100% at par with its spec. That's why an ISO 14971 compliant risk management process will benefit from both types of input.
The severity of a clinical harm (e.g. a post-surgical infection) cannot be captured with a single number, because from patient to patient, the same infection occurring due to the same failure in the same mode may result in anything from mild inflammation to death. To capture this in a FMEA, you would need to list every clinical harm along this continuum separately (including zero harm), along with different probabilities of occurrence. My instincts are that most of the engineers I've worked with (see above) have tried to average all of this out (without researching it or thinking it through, i.e., pick a number out of the air). But that simply isn't adequate when you are talking about clinical harm, and also makes things hopelessly murky when it comes to how effectively any given measure mitigates these risks.
It may help to think in terms of probability distributions. For a continuum of possible outcomes (e.g. mild inflammation to death), each outcome has a given (sadly, mostly unknown) probability, such that the sum of all possible outcomes' probabilities (including no significant harm at all) is 1. If we knew the exact distribution, we could calculate the Expected Value (E) of the generic harm, infection in this example, so we would obtain a single figure accurately representing the entire spectrum of outcomes. This is what engineers are intuitively trying to do, but they are usually neither fully aware of that nor actually able to do it - hence the appearance of "pulling numbers out of thin air".

I think that the entire "precise probabilistic" approach to risk management in device development is practically useless at best and misleading at worst, because it creates a false sense of control. Such calculations have merit only when actual data is available, and even then only under proper statistical rigour and acknowledgement of all the assumptions that the statistical models entail (both of which are typically in short supply in business enterprises).
 
Last edited:

Tidge

Involved In Discussions
#18
I'm still not clear on the value of the RPN in a FMEA, either. I'm very clear on its uselessness for clinical harm, but I'm not sure if the same reasoning might not apply to other harms...
Classically, (process) FMEA RPNs are used to prioritize the failure modes to identify the process elements that have the greatest need for controls. Once a business decides on the scales used to generate RPNs, it is common that there is a blanket policy for which FMEA lines require mitigations to reduce RPNs (not risk in a medical device sense). E.g. "all FMEA lines with an RPN greater that 75 require mitigation".

A cautionary note on FMEA: I have had an (unfortunate, IMO) experience with a European audit team that demanded full risk-control option analysis for every line of every FMEA. This was in addition to the full RCOA that was already done for each line of the Hazard Analysis (here, the FMEA were just subordinate documents to the HA). I label this as unfortunate because the FMEA provide valuable insight into the design, use and manufacturing of the device without specifically analyzing risk acceptability... that's at the HA... and the liberal application of RCOA at the wrong level can (in my opinion) dilute/obscure the final acceptability of the product.
 
Top Bottom