Risks which must be Distinctly Identified - Harm, Hazard, Severity

rothlis

Involved In Discussions
#1
Sorry for the length of this post. I would like to enlist the expertise on this forum to help define the proper extent to which risks should be distinctly identified. First, let me lay the ground work by defining the elements of risk:

  1. Harm: Physical injury or damage to the health of people, or damage to the property or the environment.
  2. Hazard: Potential source of harm
  3. Severity: Measure of the possible consequences of a hazard
  4. Risk: Combination of the probability of occurrence of harm and the severity of that harm
These definitions are straight from 14971. I think that the definition of severity can lead to confusion because “consequences of a hazard” implies that severity is a measure of multiple consequences. However, risk is defined as applying to a single harm. This is further muddied by the fact that harm is often dictated not only by the hazardous situation, but by the duration of the hazardous situation and the vulnerability of the affected person, both of which could be described as a widely variable continuum. For example, let's take the common hazard of electric shock. Clearly the harm can be time dependent. A microsecond of exposure may not cause injury, but several seconds of exposure likely will and can be deadly. Furthermore, the harm is dependent on the person. A patient with a weak heart is more likely to go into cardiac arrest than one with a strong heart.

This ambiguity leads evaluators to have to choose between a few different techniques:

  1. Define harm in a generic sense (e.g., as “electric shock” instead of cardiac arrest, severe burn, minor burn, etc…) and then assign probability as the likelihood of the hazardous situation.
    • The risk is difficult to assess due to ambiguity in the harm. This also potentially omits a mitigation that would have been necessary if each harm had been considered individually.
  2. Define harm to be the most likely consequence of the hazard and assign probability accordingly.
    • This ignores the worst case outcome. Maybe this is OK if that outcome is highly improbable, but you won’t know unless you consider each outcome.
  3. Define harm to be the worst case outcome and assign probability only for that harm.
    • The most probable harm may not be properly addressed.
  4. Define harm to be the worst case outcome and assign probability as the likelihood of the hazardous situation.
    • The resulting risk may not represent an actual scenario and may force risk control measures that aren’t actually necessary.
  5. Exhaustively cover all possible harms that could result from the hazard.
    • All possible scenarios are properly addressed but the resulting analysis may challenge War and Peace for length which, in turn, puts everybody in a foul mood.
In my view, #5 is the most complete and proper interpretation of 14971. This comes from the fact that risk is defined as applying to a single harm. 14971 also emphasizes that the probability of a hazard may not equal the probability of harm (D.2.2.1), and that probability needs to consider the level or extent of exposure (D.3.2.2). As a whole, I think this points toward uniquely identifying every possible harm with unique consideration for the conditions of the exposure (i.e., duration) and the people involved (i.e., vulnerability). Even so, I suspect that the majority of analyses are not doing this.

So my questions are:

  1. Which technique do you think is most correct? If not one of these five, then what?
  2. Which technique most closely resembles your current practice and how has that been viewed by auditors?
I'll also note that there is a similar question previously posted (topic 51897) but it did not go into as much detail and it does not appear that an obvious conclusion was reached. I'm hopeful that the collective expertise here can bring clarity and establish a consensus on this topic. Thanks.
 
Elsmar Forum Sponsor
K

kgott

#2
Rothlis; I agree that there is some variability in the way these things are defined, the context and application. You obvoisuly have a detailed understanding of the subject but sometimes these things are not an exact science and they are there to give us some rules and approaches to assess and manage risk in a reasonably consistent way.

Like many things in this imperfect world; apply it to one scenario or set of cirumstances and it works, apply it to another and it dosen't.

There are many issues with managing safety and risk in the work place, this is just one of them.
 
L

Lucasmf

#3
In my experience at several medical device companies we follow #5 but with the qualifier that I usually "call it good" if we have a line item for the most probable harm and the a second line for the 'worst case' harm. Each of these lines then has their own occurrence estimate. Your risk assessment then being the product of severity x occurrence will lead you to take the appropriate risk control measures either on the more common harm or the worst case harm as appropriate.

But as the old saying goes "you can make any hazard lead to death" so a well calibrated team doing the evaluation is very helpful.
 

rothlis

Involved In Discussions
#4
have a line item for the most probable harm and the a second line for the 'worst case' harm
I like this approach. This seems like a reasonable to way put some bounds on the analysis.

But as the old saying goes "you can make any hazard lead to death"
How do you avoid this? Is it reasonable to have a rule that a risk isn't included in the analysis if you determine that the initial probability (before risk control) is already at the lowest level?
 
L

Lucasmf

#5
Your risk analysis process per 14971 should always include an assessment prior to risk control and a re-assessment after risk control. "Acceptable" risks pre-risk control should not require further action.

To avoid everything leading to death you can have a rule that any event with a probability of occurrence less than "x" can be ignored. The x should be appropriate to your product and industry. For example in an airplane a one a million chance of death occurring may be significant but in a surgical procedure a one in a million chance of death is in the "noise" and can therefore be ignored.

Hope that helps.
 

Peter Selvey

Staff member
Super Moderator
#6
The problem is that there is a infinite number of hazardous situations and consequences that could be analyzed. One of the most important advances in risk management will be establishment of normative methods which allow the analysis to be focused where it can be effective.

Unfortunately, there is no such flexibility in the current 14971. Of course most auditors and regulators are happy to apply some flexibility, but there is no useful guidance how to focus the analysis and hence opinions vary widely.

It has been suggested that you can eliminate events with a probability of X to simplify the analysis, but this still grossly underestimates the sheer number of "risk controls" taking place in everyday design and production, literally 100,000's of individual actions taken to reduce risk. The probabilities leading to these risk controls would be well above any reasonable value of X.

If there are so many risk controls, and most of them are undocumented, how come medical devices don't harm people left, right and center?

The answer is evolution. Most of the underlying technology used in modern medical devices has evolved to a point where it is extremely reliable and well controlled. It is often the same technology in our TVs, iPhones, PCs etc, which need this high reliability to be economic. Plus a lot of medical devices have been around for a long time, to the point where a lot of risk controls are taken as read.

That gives us a first hint at one area where risk management should be focused: new areas of the device. It's not the only area that warrants attention, but a good start.

If fact, understanding why things go right most of the time is the best way to identify areas that might go wrong.

The need to simplify applies equally to the consequences as it does the selection of hazardous situations. That simplification will depend greatly on the risk control. A production test, inherent design or strong protection system that all but eliminates the problem means that there is little benefit in analyzing the consequences. On the other hand, a slow responding or inaccurate protection system might control some consequences and not others; the analysis would then have to be separated depending on the type and nature of harm.

The idea that you need to start the analysis without risk controls in place is misguided, and legally unsound (a hypothetical object that has no risk controls is not a "medical device" because it would never be placed on the market, and therefore does not need to be analyzed ... it's a dead end). Rather, the only legal requirement is the analyze the final device that is placed on the market, with all risk controls in place, and show that the risk is acceptable.
 

Roland chung

Trusted Information Resource
#7
The idea that you need to start the analysis without risk controls in place is misguided, and legally unsound (a hypothetical object that has no risk controls is not a "medical device" because it would never be placed on the market, and therefore does not need to be analyzed ... it's a dead end). Rather, the only legal requirement is the analyze the final device that is placed on the market, with all risk controls in place, and show that the risk is acceptable.
If starting the analysis with all risk controls in place, we would not find a risk needs to be reduced. That means the common analysis matrix table is wrong. What is the correct way?
 

Peter Selvey

Staff member
Super Moderator
#8
This is just predicting the future, not now of course.

But I would expect that in the future risk management would require the manufacturer to select a much smaller number of "significant" situations which then would require much more detailed analysis than is provided now. There may or may not be risk controls; that's not the point.

One of the key triggers whether a situation is "significant" might be whether or not it's obvious by inspection. Consider the following two cases:

Case 1: Production test of a patient monitor temp function, using dummy resistors representing 25.00, 35.00 and 45.00 degrees (from YSI 400 series), and the monitor must read these values exactly (i.e. 25.0, 35.0, 45.0).

Case 2: rinsing of a endoscope to remove production greases, performed at 22-28degC, 10 minutes, with Type X solvent, flow rate Y etc; solvent changed once a month.

Both are important production risk controls.

For Case 1, a qualified engineer and auditor should know it's an effective and expected risk control. I don't think it's worth putting this kind of thing in the risk management file; again keeping in mind there are 1000's of similar risk controls in design and production and we can't document them all.

For Case 2: here, it's not obvious by inspection the risk control is effective. Research is required to know what a reasonable limit for residuals grease is; there would need to be tests done to show at the worst case conditions the greases are removed. I've been an auditor and asked questions like - why did you choose 10 minutes, and some old guy pulls out some scrappy document from 10 years ago showing tests for residuals at different flow rates / temp etc. There's a lot of characteristics here that are important to document not only to prove it's OK in the first place, but also to have on file in case of design changes in the future. Perfect for storing in the risk management file.

There are other reasons a situation might be significant, for example, borderline cases; cases where conflicting requirements means the risk can't be eliminated and so on.

The important point is that these must be covered in something more than a single line in a traceability matrix. And if so, the number of items analyzed must be vastly reduced.
 
Thread starter Similar threads Forum Replies Date
I Is risk acceptability really needed if all risks must be reduced as far as possible? ISO 14971 - Medical Device Risk Management 6
L Reduce risks as far as possible - Quartz Crystal ISO 14971 - Medical Device Risk Management 11
S Cyber Security and Safety Risks Medical Information Technology, Medical Software and Health Informatics 0
I Сorrespondence between hazards and risks ISO 14971 - Medical Device Risk Management 2
T Risks of failure to meet intended use ISO 14971 - Medical Device Risk Management 6
L Sampling Plan Risks AQL - Acceptable Quality Level 6
A API Spec Q1 Purchasing Process - Supplier Reevaluation based on Supplier Risks 5.6.1.4 Oil and Gas Industry Standards and Regulations 17
T Risks arising from control measures vs. ineffective control measures ISO 14971 - Medical Device Risk Management 11
A Environmental Compliance obligations and risks (ISO 14001:2015 6.1.3) ISO 14001:2015 Specific Discussions 3
A IEC 62304 safety classification, External Controls and off-label use related risks IEC 62304 - Medical Device Software Life Cycle Processes 5
D ISO 14971:2019 vs MDR Annex 1, Requirement #4 - "Manufacturers shall inform users of any residual risks" ISO 14971 - Medical Device Risk Management 5
silentmonkey Are risks in supply chain and development activities within scope of MDD? EU Medical Device Regulations 4
Robert Stanley I'm @ RISK of not showing my RISKS! ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
Richard Regalado Top 10 operational risks of 2019 for business continuity planning Business Continuity & Resiliency Planning (BCRP) 6
A Managing overseas travel risks to food handlers Food Safety - ISO 22000, HACCP (21 CFR 120) 3
T ISO 14971-2019 doubt - Evaluate if estimated risks are acceptable ISO 14971 - Medical Device Risk Management 9
M Informational US FDA – URGENT/11 Cybersecurity Vulnerabilities in a Widely-Used Third-Party Software Component May Introduce Risks During Use of Certain Medical Dev Medical Device and FDA Regulations and Standards News 0
Jacquie Collins 6 Risks and Opportunities ISO 14001:2015 ISO 14001:2015 Specific Discussions 6
D How to Identify the Risks and Opportunities required for QMS Processes? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
M Are Risks and Opportunities Required as Part of the Process Definition ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
H Addressing of Undesirable side-effects, harms, risks and side-effects in clinical evaluation report (CER) EU Medical Device Regulations 12
M Informational How To Avoid Compliance & Timeline Risks When Selecting A Medical Device Supplier Medical Device and FDA Regulations and Standards News 0
M Informational Understanding Costs And Risks For HFE Usability Studies — Part 1: Testing In-House Medical Device and FDA Regulations and Standards News 0
M FDA News Safety Alert – USFDA warns about safety risks of teething necklaces, bracelets to relieve teething pain or to provide sensory stimulation Medical Device and FDA Regulations and Standards News 0
B ISO 17025 8.5 Actions to address risks and opportunities ISO 17025 related Discussions 7
A Risks and Opportunities associated to Legal Compliance - 6.1.3 ISO 14001:2015 Specific Discussions 4
O Examples of the external and internal issues and their risks and opportunities IATF 16949 - Automotive Quality Systems Standard 2
A Risks related to Method Validation and Stability Studies Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 2
qualprod ISO 9001 Risk control method - What could be the better way to control risks? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
R Redundancy between Process risks and Process Performance indicators ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
Q Risks and opportunities that could be associated with the purchasing department ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
Q ISO 14001:2015 Clause 6.1: Actions to address Risks & Opportunities ISO 14001:2015 Specific Discussions 2
Sidney Vianna Guidance on Management of Psychosocial Risks in the Workplace Occupational Health & Safety Management Standards 5
H Depth in the organization for Interested Parties and Risks & Opportunities ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
A Compliance Obligations - Implementing 6.1.1 and 6.1.3 NOTE - Determine risks and... ISO 14001:2015 Specific Discussions 1
Q ISO 9001:2015 - Clarification in 6.1.2 Note 1 (Options to Address Risks) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
Q Practical guide to scan for Risks in all QMS systems without missing any ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
Q Risks Examples in Top Management ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
O How will you handle Clause 6.1 - Risks and Opportunities for AS9100 Rev. D Auditors? Risk Management Principles and Generic Guidelines 22
Q SWOT Outputs - Risks, Opportunities and Improvements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
Q Source of practice to Evaluate Risks? (ISO 9001:2015) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
Q Opportunities only derived from Risks? Detecting Risk & Opportunities in ISO 9001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
A Does KPI for Processes need to be correlated with the specific Risks for Processes? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
R Actions To Address Risks and Opportunities IATF 16949 - Automotive Quality Systems Standard 1
W Chinese Authorized Representative - What are the regulatory risks? China Medical Device Regulations 3
M Informational Is Identification of Risks and Opportunities required for QMS Processes? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 96
V Deleting Risks if a particular Risk has been Eliminated ISO 14971 - Medical Device Risk Management 3
A Informational Confusion about Risks for Processes in ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 44
R OHSAS 18001:2007 Section 3 - Controlling Work Place Risks Occupational Health & Safety Management Standards 3
D Biological and Chemical Risks to the user in the Hazard Analysis ISO 14971 - Medical Device Risk Management 1

Similar threads

Top Bottom