Risk Severity Estimation for Medical Devices as per ISO 14971

N

nussehund

#1
Dear Everyone,

When estimating the severity of a risk I often find that there are multiple possible outcomes (severities). Obviously, the conservative thing to do would be to go with the worst case but what if the worst case is not very likely?

How do you guys handle this? Do you go with the average case? the worst case? do you split the risk into two different risks?

The reason that I am asking is that I am analyzing a risk where part of a device breaks off and hits the patient. In most cases this is unlikely to cause serious harm but if "the stars are right" permanent injury or even death could be a possibility. Assigning a severity of "catastrophic" to the risk is not without problems ...

Thanks!
Nusse
 
Elsmar Forum Sponsor

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#2
Welcome to the Cove!

Not being a medical device person myself, I will suggest you try looking at the similar threads shown at the bottom of this page.

I hope this helps!
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#3
I'm not a medical device person myself either, and I do not have a copy of ISO 14971, but in automotive and aerospace I always go with "worst case" when assessing "severity". If you have multiple outcomes, split the risk and address individually. If you do not, you better have a statistically valid reason (among other things) why you didn't because if the impossible happens (struck by lightning comes to mind, as does the GM ignition switch fiasco) you'll have a lot of explaining to do. I think the old saying is "better safe than sorry".
 
P

pldey42

#5
I understand that when Disney do an annual service on a rollercoaster they take it completely apart, inspect and replace things as necessary, then reassemble it. The first people to test-ride it are the maintenance team including the manager.

So for me the tests are: would I allow my child to be the patient? And would the CEO allow her child to be the patient?

Just 2c
Pat
 
N

nussehund

#6
Thanks you for the answers!

Splitting a risk to address the different scenarios based on the severity of harm and analyzing them individually sounds like a promising idea.

I could conclude that for a given event a "serious" outcome is "unlikely" and that a "catastrophic" outcome is "improbable". Both risks would be acceptable according to my acceptance criteria. Fantastic :)

But is this approach acceptable ???

One could argue that because the difference in probability hinges only on issues related to exposure that the different outcomes for the event must be treated as one risk?

If this is not so, then it would be possible to postulate that because each actual incident will be different, the probability component should be considered in relation to a single interaction with the equipment rather than with total amount of interactions over the cause of the equipment's lifetime.

At the very least this would be something that should be considered during "residual risk assessment"?
 

sagai

Quite Involved in Discussions
#7
I do not know how happy I would be to participate in an extremely rare case when a improbable catastrophic event does happen ... :cool:

Assessing probability is wordsmithing for me, it is subjective, up to the assessment team, up to cultural and educational background, etc. I see no real benefit of emphasising too much on probability to be honest.

Cheers!
 
M

medgar

#8
If you calculate 'probability' in with the severity aren't you then "double dipping" on 'Likelihood' in your risk assessment?
 
#9
Hello Nusse.

Score the worst case scenario against the likelihood of the event
This is all about reasonably foreseeable sequences of events following the identification of hazards and not unlikely sequences. :agree1:
 
M

MedTechSoftware

#10
Risk is made up of two factors - severity and probability. Both have to be considered when evaluating risk, so a risk with high severity, but extremely low probability might be considered acceptable. It is the responsibility of senior management to determine criteria for acceptability of risk. Also, in the EU, the Medical Devices Directive requires that all risks are reduced "as far as possible" taking account of the "generally recognised state of the art".

There is also the relationship between a hazard, a hazardous situation and harm. An example of this might be a shark in a swimming pool is a hazard; a person getting in the pool with the shark is a hazardous situation and the person being attacked by the shark is a harm. Each of those occurrences has a lower probability than the one preceding it. Someone might not get into the pool if they know a shark is in there and even if they do, the shark might not be hungry.
 
Thread starter Similar threads Forum Replies Date
S The Severity of a Medical Device Hazard - Risk Analysis Clarification ISO 14971 - Medical Device Risk Management 6
MrTetris Informational Risk Register - Same hazardous situation, different severity of harms ISO 14971 - Medical Device Risk Management 7
F Risk = Likelihood * Severity - Can we mitigate the Severity? Occupational Health & Safety Management Standards 41
E Risk Management selection Probability of Occurrence and Severity ISO 14971 - Medical Device Risk Management 17
E Normal Condition Hazards in Risk Analysis ISO 14971 - Medical Device Risk Management 3
S Rationalising the level of effort and depth of software validation based on risk ISO 13485:2016 - Medical Device Quality Management Systems 10
R Risk assessment on IT containers and the information they contain IEC 27001 - Information Security Management Systems (ISMS) 4
B Threat/Vulnerability Catalogue for risk assessment IEC 27001 - Information Security Management Systems (ISMS) 4
R Opportunity For Improvement vs Opportunity (Positive Risk) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
R FOD Risk Assessment - What tools would you recommend for assessing FOD risk? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
A ISO 14971 PFMEA Manufacturing Risk ISO 14971 - Medical Device Risk Management 2
Q Example of the Risk Template Document Control Systems, Procedures, Forms and Templates 1
K Overall residual risk according to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 5
A Risk Number for each software requirement IEC 62304 - Medical Device Software Life Cycle Processes 7
A IEC 60601 11.2.2.1 Risk of Fire in an Oxygen Rich Environment, Source of Ignition IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
D Importing a general wellness low risk product Other US Medical Device Regulations 3
C Quantifying risk in choosing the number of parts, operators and replicates in a GR&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
R AQL, Consumer Risk and MA Statistical Analysis Tools, Techniques and SPC 2
M Risk managment report of Surgical Mask Example ISO 14971 - Medical Device Risk Management 14
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R ECG Risk Analysis Standards ISO 14971 - Medical Device Risk Management 2
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
A 5 x 5 Risk Matrix - Looking for a good example Manufacturing and Related Processes 2
F Risk for Quality Assurance Department in a Hospital - Hospital Incident Reporting ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Should volume of sales be factored into risk probability assessments? ISO 14971 - Medical Device Risk Management 33
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 Documenting Risk Control Option Analysis ISO 14971 - Medical Device Risk Management 8
B Risk Assessment Checklist for Non product Software IEC 62304 - Medical Device Software Life Cycle Processes 1
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
K Identification of hazards and Risk file IEC 62366 - Medical Device Usability Engineering 7
S Risk based internal auditing Internal Auditing 6
Robert Stanley I'm @ RISK of not showing my RISKS! ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
M Estimating the benefit-risk ration under MDR EU Medical Device Regulations 1
adir88 Information of safety can reduce risk now? ISO 14971 - Medical Device Risk Management 12
G Any good examples of CAPA forms that include a risk based approach? ISO 13485:2016 - Medical Device Quality Management Systems 8
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5
M Has anyone heard of Run at Risk? Manufacturing and Related Processes 15
Tagin Is SARS-CoV-2/COVID-19 on your risk register? Misc. Quality Assurance and Business Systems Related Topics 11
D IEC 62304 Risk Classification - With and without hardware control IEC 62304 - Medical Device Software Life Cycle Processes 2
J ISO 14971 applied to ISO 13485? Low risk class 1 devices ISO 13485:2016 - Medical Device Quality Management Systems 3
DuncanGibbons Classification of aerospace parts depending on their risk and criticality etc. Federal Aviation Administration (FAA) Standards and Requirements 3
D Performance specification as a Risk Control Measure, EN 14971 ISO 14971 - Medical Device Risk Management 7
M Risk Classification For Supplier - Clinical Research Organisation (CRO) Supply Chain Security Management Systems 3
Sidney Vianna IAQG SCMH explains "positive risk"..........but does it? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
MrTetris Unacceptable risk and information for safety ISO 14971 - Medical Device Risk Management 16
M IATF 16949 (6.1.1 - Planning and Risk Analysis for a remote site) Process Maps, Process Mapping and Turtle Diagrams 5
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
C AS9100 Rev D 8.1.1 & APQP - Operational risk management process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
B ATP 5-19 "Risk Management" Misc. Quality Assurance and Business Systems Related Topics 2

Similar threads

Top Bottom