What is Risk Management for Medical Devices?
Risk, risk assessment, estimation, evaluation, risk control, and risk management are very well defined in BS EN ISO 14971: 2019. This standard is used for medical devices, IVDR, and has become a harmonized standard for risk management in Canada. Risk management is defined as the “Systematic application of management policies, procedures, and practices to the tasks of analyzing, evaluating, controlling, and monitoring risks. ”
What are the steps in the risk management process?
Identify Hazards, Hazardous Situations in Production and Postproduction, Literature Reviews, Adverse Event Databases
Estimate and Evaluate the Related Risks
Apply Control Measures for Risks
Effectiveness Check
Residual Risks Acceptability Check
Apply Additional Control Measures for Unacceptable Residual Risks
Benefit-risk Analysis
Risk Evaluation Performed Throughout the Product Lifecycle
Risk Management Review
Several risk management tools are used for risk analysis like pFMEA, dFMEA, fault tree analysis, probability risk matrix, preliminary hazard analysis, and final hazard analysis. ALARA, ALARP, and AFAP are the different risk mitigation strategies. AFAP is the most accepted risk reduction strategy as per EU MDR 2017/745. The quantitative and qualitative or semi-quantitative methodology is utilized for risk analysis. The risks are also collected from PMS, literature reviews, and adverse event databases. The various possibilities of hazards/failure modes are identified in the design, manufacturing, and postproduction phases of PLC. Any emergent risks are identified in PMCF activities and risk analysis is performed. The probability of occurrence and severity of the harm is defined for risk estimation. An acceptable threshold value is defined for several types of risks. If the evaluated value surpasses the acceptable threshold value, then appropriate control measures are applied to mitigate the risks. The residual risks are also evaluated in a similar methodology. A benefit-risk analysis is performed for unacceptable residual risks. If no further control measures can be implemented for unacceptable residual risks, a benefit-risk analysis is performed. All these risk management activities are drafted in risk management plan and risk management report.
The risk management plan contains:
Scope of Planned Risk Management
Identification of Lifecycle Phases for which Risk Management is Planned
Assignment of Responsibilities to Competent Personnel
Requirements for review of Risk Management
Criteria for Risk Acceptability
Evaluation of Residual Risk and Its Acceptability
Methodology Adopted for Risk Management
Verification of Effectiveness Check of Control Measures Implemented
Production and Post-production Activities Data Collection and Review Process
The risk management report contains:
The Personnel’s Information Involved in Risk Management Activities
The Findings of Risk Evaluation
The Appropriate Control Measures Implemented
The Risk Acceptability
Benefit/Risk Analysis
The Acceptability Evaluation of Overall Residual Risk and Additional Control Measures
The Modification of Production and Post-production Information
Risk Management Review