Risk Management in an FDA Context - Extended definition of "harm"

M

MIREGMGR

#1
Those of you who manufacture devices for worldwide markets, and have a QMS that is intended to simultaneously comply with FDA and EC / MDD requirements:

My conclusion from reviewing various FDA 483s, PMN review comments and other actions is that the FDA regards the failure of a device to technically perform as expected as a "harm" outcome, even if it does not result in specifically identifiable "physical injury or damage to the health of people, or damage to property or the use environment."

(That is, a failure by inaction, rather than a failure by wrong action.)

Do you use an extended definition of "harm" in your ISO 14971:2007 implementation, to take this broader expectation of device risk into account?

And a second question: do you use modified wording in your Scope statement to take into account the inclusion of animals within some devices' permissible uses within FDA jurisdiction, but the exclusion of animals elsewhere?
 
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
Re: Risk Management in an FDA Context

We generally include any potential failure in our hazard analyses. In those cases where there is no harm, severity is close to, or 0.

Second question is interesting. We've never used any modified wording in the scope and I do believe we've done some devices that could be used on animals. I guess we figured harm is harm. If it makes sense and is justifiable, I don't see why it wouldn't be acceptable to do so. Note: we have, in many cases, mitigated risks by saying, where applicable, that the device is operated by a trained care professional.
 

Marcelo

Inactive Registered Visitor
#3
FDA regards the failure of a device to technically perform as expected as a "harm" outcome, even if it does not result in specifically identifiable "physical injury or damage to the health of people, or damage to property or the use environment." (That is, a failure by inaction, rather than a failure by wrong action.)
This is the principle behind the "essential performance" of devices, the best example being a defibrillator which does not deliver when expected, resulting in patient death. Please note that, in these cases, there´s harm (as defined).

It´s the same thing on ISO 14971, so i didn´t understand when you said "extanded" issue.

Action or inaction, failure or normal use, it does not matter. From a risk management perspective, you need to take them all into account, and all regarding the possible hazardous situations.
 
M

MIREGMGR

#4
This is the principle behind the "essential performance" of devices (...) It´s the same thing on ISO 14971 (...)
My copy of EN ISO 14971:2007 defines "harm" as "physical injury or damage to the health of people, or damage to property or the environment".

Is this term alternately defined elsewhere in 14971 to include failure to provide "essential performance" as harm, even if physical injury or damage to health does not result from a particular instance?
 

Marcelo

Inactive Registered Visitor
#5
Essential performance is defined in IEC 60601, not ISO 14971 (Performance necessary to achieve freedom from unacceptable RISK").

Anyway, the point here is that there´s physical risk in the hazardous situation of the device not performing as expected - in the defibrillator case i cited, the resulting harm of the hazardous situation of the equipment not performing is the patient death.
 
M

MIREGMGR

#6
My response above was only intended to note that, while in other standards the term "harm" is better defined, there is an issue with the definition provided within 14971 itself, and that can be a problem when another standard does not supply a contending definition...particularly because the FDA pretty much references 14971 on a freestanding basis, not as an element within an array of interrelated standards.

As to your defibrillator example...yes, if someone is injured or dies as a first-order result of non-performance, I agree that's harm per 14971. I'm aware of existing legalistic interpretations that the terms "injure" and "damage", used as verbs, infer action and therefore do not establish responsibility for the outcome of inaction or failure to act, but I'm not arguing legalisms in this forum.

My more serious perception, though, is that the FDA wants "harm" to additionally reflect the general requirement that devices be both safe and effective, by including in the "harm" definition something like "failure to meet reasonable performance expectations, applicable performance standards and/or general requirements for safety and effectiveness".

The OP was an inquiry as to whether any other participants here share this latter perspective and have used an extended harm definition within their own QMSs.
 
C

CluPhone

#7
Sorry for not responding earlier so I hope this discussion is still alive (even if not in Elsmar)... I was just in Elsmar looking for a similar dialogue.

I agree with the defibrilator example... but that is a no-brainer... the harm to the end user is a huge issue and the device should not be considered EFFECTIVE... (but highly safe:lmao:).

But what about devices that are typically considered more "Risk averse"? I'll use a tongue depresser as an example.

Hazard Analysis - Proper documentation of how to use... would most likely not have anything near "death" or even "moderate injury" assigned for the Hazard.

For the DFMEA... similar to the Hazard Analysis.... (unless someone else outside of the producer made a shiv):mg:.

For the PFMEA... if we use a saws and a planer in the process, we would want to ensure controls were in place to prevent the user (assembly line worker or similar) from being injured.:bonk:

However... if the depressors were made too "flimsy", they would not be EFFECTIVE... the patient harm is perhaps even too low to calculate... BUT the risk to maintaining that account (or the truckload of accounts that now have cases of flimsy tongue depressors) is HUGE and would under other industries practices be considered career limiting.

Now, when you have a number of the above events... eventually you have to prioritize them and demonstrate occurrences, detections and controls (if not for the "14971:2007" flavour) for the ability to demonstrate you can make these relatively reliably (else you end up no longer making much).

So does anyone have any ideas on how to manage those details... ideally within the PFMEA without losing the momentum and the synergy of the group of experts gathered performing the PFMEA? OR.. should we have to relagate this to yet another document???
 
M

MIREGMGR

#8
As long as this thread has magically come back to life...a further thought:

How is "harm" managed in instances where the "physical injury or damage to the health of people, or damage to property or the environment" is a matter of controversy or objective disagreement?

Suppose one doctor says that X may be significantly harmful, but another says it won't be? Instances of that are easy to find.

What about controversial environmental risks? It's easy to find authoritative opinions that Y is harmful, and others that it's not.

Regarding in this latter issue, national legal stances don't agree. I can point to a number of significant differences between the legal definitions of environmental harmfulness among different nations to which this standard is relevant. I think eventually the FDA will recognize that they screwed up badly from a legal perspective in moving toward ISO 14971 harmonization, without addressing the fundamental definition problems first.

My opinion is that ISO 14971 is the hardest of the broadly applicable medical device standards to apply, and the weakest from the perspective of utilizing its requirements as the basis for a responsible compliance program, because of this fundamental lack of clarity in its core definitions.

I think eventually the FDA will recognize that they screwed up in beginning to utilize ISO 14971 as a step toward harmonization, without first dealing with the legal definitional inconsistencies.
 
Last edited by a moderator:
C

CluPhone

#9
I agree.

As far as harm (environment or safety), you go with the conservative approatch... Sometimes I've dealt with harm due to environment as a seperate FMEA item (whether it is recyclability of some byproduct in manuf or end of life of product). If it is environment or operating personnel, I look to the ACGIH data... and check it against any OSHA or EPA / EU regs as well.

If it is patient harm, I try to obtain the study or paper. If it is a peer reviewed Journal, I stop there... if not, then I take the liberty of contacting the author. If they are willing to make the claim, the discussion of their data should be welcome... and... there may be a reason that it wasn't published in a peer reviewed publication (like it didn't pass critical examination).

Most of the time, I believe FDA only wants the focus of the FMEAs to be solely on patient safety... Unfortunately this only girdles the power of FMEAs under most circumstances.

Anyhow... That's why I'm asking if there have been any changes in paradigms for execution of FMEAs since we all now have been beaten with the 14971 stick.
 
Last edited by a moderator:

Marcelo

Inactive Registered Visitor
#10
Just as a general comment, these diverences in harms, even controversial ones, would need to be included in the development of the risk acceptability criteria, if using ISO 14971.

This is because it´s the responsibility of the manufactureer to take these into accoount.
 
Thread starter Similar threads Forum Replies Date
N Risk Management besides mandated FDA requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
A FDA Guidance for Risk Management for Medical Devices 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 7
D CAPA FDA Requirements and Guidance related to the Risk Management File 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 6
Marc The FDA and IEC 80001-1 (Risk Management for Medical Device IT networks) Other Medical Device Related Standards 2
G FDA Risk Management vs. CE Risk Management - Requirements Differences 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
B ISO 17025:2017 risk management Risk Management Principles and Generic Guidelines 0
S Risk Management Review ISO 14971 - Medical Device Risk Management 4
S Risk Management and other Files ISO 14971 - Medical Device Risk Management 8
silentmonkey Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
Aymaneh Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
A 21 CFR 820 - Risk Management - Looking for some guidance US Food and Drug Administration (FDA) 3
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
C AS9100 Rev D 8.1.1 & APQP - Operational risk management process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
B ATP 5-19 "Risk Management" Misc. Quality Assurance and Business Systems Related Topics 2
M Identifying Hazards - Risk management process ISO 14971 - Medical Device Risk Management 6
R Risk Management in the Medical Device Industry ISO 14971 - Medical Device Risk Management 4
F Linking an ISO 31000 Risk management SOP to ISO 17025 ISO 17025 related Discussions 2
Ronen E The unbearable insensitivity of risk management language Other Medical Device and Orthopedic Related Topics 1
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
M Risk/Benefit vs. benefit-risk - Revising an SOP covering Risk Management with the MDR in mind EU Medical Device Regulations 10
A Defining Expected Service Life in Risk Management File Reliability Analysis - Predictions, Testing and Standards 5
R Linking the Processes of Continual Improvement, Change Management, Risk Management, Action Planning, etc? Preventive Action and Continuous Improvement 5
D Risk management according to ISO 14971 - When to document risk controls? ISO 14971 - Medical Device Risk Management 10
J Software for Techfiles and Risk management ISO 14971 - Medical Device Risk Management 1
M Informational ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 6
M Medical Device News ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 0
D Where does FMEA fit in your ISO 14971 Risk Management process? ISO 14971 - Medical Device Risk Management 13
M Informational ISO TC 210 JWG 1 meeting in São Paulo – Revision of ISO 14971 and ISO TR 24971 – Medical Device Risk Management Medical Device and FDA Regulations and Standards News 0
T Risk Management Report as per MDR Requirements EU Medical Device Regulations 4
S Medical Device Cybersecurity Risk Management File ISO 14971 - Medical Device Risk Management 2
M Medical Device News Health Canada Notice of intent: Strengthening the post-market surveillance and risk management Canada Medical Device Regulations 1
Q Evidence of precautions (clinical evaluation report, risk management report) EU Medical Device Regulations 6
Q Risk / benefit Analysis in Risk Management Report CE Marking (Conformité Européene) / CB Scheme 12
A How to view supplier APQP timeline and do risk management APQP and PPAP 4
O Medical Device EMC Risk Management CE Marking (Conformité Européene) / CB Scheme 4
S ISO 13485:2016 - How I can integrate a risk management approach in our SOPs ISO 13485:2016 - Medical Device Quality Management Systems 1
B Time necessary for all Risk Management activities ISO 14971 - Medical Device Risk Management 2
W Virtual Manufacturer and Risk Management ISO 14971 - Medical Device Risk Management 3
O CQE Handbook - Missing Section VII - Risk Management Misc. Quality Assurance and Business Systems Related Topics 1
F Medical Device HACCP (Hazard Analysis and Critical Control Point) Risk Management ISO 14971 - Medical Device Risk Management 2
J Differences between a Risk Management Plan vs. Production Part Approval Process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
M Free Risk Management Webinar - Design for Quality - May 2017 Risk Management Principles and Generic Guidelines 1
J Will this fulfill the AS9100D Risk Management Requirement AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
A Including all Processes in Risk Management - ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 8
F Risk Management vs. FMEA ISO 14971 - Medical Device Risk Management 11

Similar threads

Top Bottom