Informational Risk Register - Same hazardous situation, different severity of harms

[MrTetris]

Hello,

I tried to read the faq and first two pages, but I could not find an answer to a probably basic question about the Risk Register.

My company is a manufacturer of imaging SaMD, used to prepare surgical plans.
One of the hazards considered in our Risk Register is the possibility for the clinician to overestimate the precision of our computer guided treatment system, thinking that if the plan is safe he cannot damage the patient. Hazardous situation: the clinician touches with his instruments a nerve of the patient (hazardous situation). The problem here is that two different harms are possible (or the same harm, with different severity): paralyzed muscle (severity: 4) or muscle temporary weakness/tingling (severity: 3).

Case 1:
p1 (probability of occurrence of hazardous situation) = 2
p2 (probability of hazardous situation leading to harm - paralyzed muscle) = 2
SE (severity of harm - paralyzed muscle) = 4

Case 2:
p1 (probability of occurrence of hazardous situation) = 2 (the same as case 1)
p2 (probability of hazardous situation leading to harm - muscle temporary weakness/tingling) = 3
SE (severity of harm - muscle temporary weakness/tingling) = 3

Same hazardous situation, but different probability for consequent possible harms.
Should we include both cases in the Risk Register, or only the second one with the highest severity harm?
I am also thinking about even more extreme cases (for instance, a hospital gas patient-delivery equipment, where the probability p2 decreases with the severity of the caused harm - headache p2=4, loss of balance p2=3, coma p2=2, death p2=1)... how to deal with this kind of situation?

 

[Kevin Shyu]

Generally, it's good to list all the hazards that are associated with the device in some document or across multiple documents. This helps in a few things:

1. Demonstrates to the reader/reviewer that the team has methodically evaluated all the risks associated with the device.
2. Provides a more complete view of the need to apply stricter risk controls/mitigation.
3. Assists in the evaluation of the risk acceptability of the entire product, considering all hazards (not just the most harmful ones).
4. Enables a more complete assessment of post market surveillance data after product launch.

Structure of documentation is generally up to the manufacturer, but should follow SOPs and/or risk management plan.

 

[Marcelo]

Please note that ISO 14971 does not require that you record all the sequence or combination of event (although I disagree with that, because I think they should be recorded).

Anyway, yes, you should include different risks for the same hazards and hazardous situations. For example, the risk control measure for them could be different.

 

[MrTetris]

Please note that ISO 14971 does not require that you record all the sequence or combination of event (although I disagree with that, because I think they should be recorded).

Anyway, yes, you should include different risks for the same hazards and hazardous situations. For example, the risk control measure for them could be different.

Thank you Marcelo, that is what I suspected, although I have never seen this implemented in my (limited) experience.
What if the risk control measure is unique for all risks? Where is the value of listing all the risks/hazardous situations in this case?

 

[Marcelo]

People tend to try and "reduce" the burden by saying that they will focus only in some part, usually the highest severity ones, but this does not make sense.

For a starter, risk (unless a special case) is not severity only, which means that a better justification (which still does not make sense) would be to focus in higher risks (probability/severity).

Second, most expectations (including regulatory) are that all risk are identified and evaluated. in the case for example of a hazardous situation with different harms, we have different risks. So all of them should be included.

Third, as I mentioned, for different risks (even from the same hazardous situation), different risk controls might be required, so it's important to have them all and analyze them all.

 

[MrTetris]

People tend to try and "reduce" the burden by saying that they will focus only in some part, usually the highest severity ones, but this does not make sense.

For a starter, risk (unless a special case) is not severity only, which means that a better justification (which still does not make sense) would be to focus in higher risks (probability/severity).

Second, most expectations (including regulatory) are that all risk are identified and evaluated. in the case for example of a hazardous situation with different harms, we have different risks. So all of them should be included.

Third, as I mentioned, for different risks (even from the same hazardous situation), different risk controls might be required, so it's important to have them all and analyze them all.

Thank you Marcelo, very valuable answer as usual...

 

[Ed Panek]

I agree. When we do risk reviews we include all possible ideas. Even if they seem nearly impossible its important to document you dont use group think to limit ideas. Groupthink - Wikipedia

 

[Peter Selvey]

I'd throw a bit of a wet blanket on the idea of documenting "all" possible types of harm for a particular sequence. It's a nice ideal, but not possible in practice. Just about every hazardous situation has a complex spectrum of severity, it is not just a single "risk"- consider for example electric shock:

- death from cardiac arrest, no resuscitation
- death from cardiac arrest with resuscitation, but with brain damage
- death from cardiac arrest with resuscitation, but with full recovery
- death from pulmonary arrest, with same range of outcomes as above
- involuntary action, which could lead to a wide range of outcomes with different severity of harm
- burns, with varying degrees of harm
- tissue necrosis
- short and long nerve damage
- ... and the list could go on, there are reports of broken bones, paralysis, damage to the spine ...

We could do this for all the lines in a risk management file and turn it into a 24 set encyclopedia for just one device.

So in practice it will require a degree of common sense in deciding what to document. To a large extent, it may come down to the type and effectiveness of the risk controls, with special attention to the case where reasonable risk controls were available but were not used. There may be very good reasons not to use the risk controls, but in my opinion they are the most important cases to sit down and write up a couple of pages to explore what the options were and why they were not implemented. In that case there is also scope to explore all the different types of harm and severity from a particular sequence.

Obviously though you can't do that for every line in the risk management table.

To look at the original post, the subject is the accuracy of the guidance system, which is really a core, critical risk for the product. So, it makes sense to really explore that well, not in a table form but in a special report. And within that report, it makes sense to identify the different types of harm, not only nerve damage but other types of injury as well. When the report looks at the risk controls, it might review how effective they are against each type of injury/harm.

Also note that ISO 14971 does not require this, the normative section has a "one size fits all" approach, with relatively simple records. My guess is that in the future, they will eventually figure out a way to a variable approach.

Ironically, it is the thinking which has been mentioned in this post (e.g. documenting "all possible ideas") which stops ISO 14971 from being improved. If for example, the standard selected three levels of documentation A, B and C, many auditors and experts would push for Level A to be used most of the the time because it seems the safest way. But the best way is to use Level A (i.e. special reports) sparingly so that it can be done properly and effectively.