ISO 14971 Medical Device Risk Management FAQ

They are related to the "outputs' of the device, meaning, the interaction between the device and people/property/environment."

Dilema:

An ECG recorder, Battery operated, not for emergency and non life saving device, no display, no printed output, no alarm function, no analysis function. Just for storing the ECG in memory for later sending it to a computer with software that can display it) - what are the hazards that the output of such a device can have with respect to patient, operator etc.?

Click to expand...

The answer to this really depends on the intended use/claims of the device itself. As you have described it, there would be in fact no reason to class it as a medical device at all, since you did not state that it would be used as a diagnostic tool.
If however, its intended use is for a diagnostic device (such as a holter monitor), then the principal output is the data that would be used to make a diagnosis. The ultimate hazard therefore is an incorrect diagnosis due to failure of the device, which could lead to incorrect treatment of the patient, potentially resulting in serious harm.

Hello,

I work in a medical device company as a desigh engineer. We make nails, plates, screws and those sort of implants for human body.

We have recently remaked our risk analysis and risk management from scratch to accomodate new ISO 14971. Our notified body was pleased with that, but he wanted to see design FMEA.
Our risk analysis is devided into groups. As we make nails, plates, screws, etc, they are made from same materials, and they share a lot of risks, we have risk analysis for "Implants", where we have all risks that may occur in "general" implant as nail, plate and so on. (for example infection, deformation of an implant due to fallo f the pationt and so on). Then we have RM for Nails and plates respectively. In those two there are risks that occur in plate/nail and of course all risks in Implants. I hope you have the idea. The final risk analysis for specific medical device includes all risks from "general implant" and "general nail/plate".

My question is:

If we already have risks for "general implant" and "general nail or plate" can we use this as a "design risk analysis"?

Thanks

Risk management following ISO 14971 (and regulations) is to be applied to a "medical device" or, at maximum, a medical device "family" or "variants". I understand that this "design FMEA" they want is related to the each device design. Also, please note that asking for a "design FMEA" means they might be a bit confused in understanding ISO 14971 because the standard does not required a design FMEA, nor any other technique.

Marcelo is correct, from a regulatory and technical point of view ISO 14971 applies to each individual medical device. It must be possible to start at the device (model or type number) and work through to each risk related decision, verification and validation. If the data is not included in the device file it must be clearly linked or referenced from the device file, and the action of linking makes an implicit (legal) assumption that the evaluation is representative of the particular medical device.

A lot of manufacturers fall into the trap of using undocumented assumptions, e.g. there is a general file that covers infection issues, which employees know that covers all products, even though not explicitly linked from the device file. From a regulatory perspective that is not enough, it must be formally linked.

Apart from that there are two other problems with generic risk evaluations. Number 1 is a responsibility gap: Person A prepares the generic assessment on the assumption that it will be carefully checked as being representative when it comes to an individual device. Person B handles the individual device and assumes the generic assessment is automatically OK without checking. So neither person takes responsibility for the decision on whether the analysis is actually representative.

Number 2 is with verification and validation. If the risk control (action or specification) is buried in a generic file, manufacturers often forget to confirm it is OK for the individual medical device. Again it comes down to a question of whether the generic data is representative, which is a case by case decision.

With all that in mind, yes it is OK to use generic risk evaluations. In many cases it depends on degree of variations in the product line. Probably the best model is to use the generic evaluations as a template only, copied ot each file so that each decision is re-confirmed as being OK for the individual device.

Peter Selvey said:

Probably the best model is to use the generic evaluations as a template only, copied ot each file so that each decision is re-confirmed as being OK for the individual device.

Click to expand...

One problem with this approach is that when a generic change is made all files have to be individually updated.

Hi,

So as I understand the content deviations listed in Annex ZA of EN 14971, it is no longer allowed to have a "risk acceptability" score. That said is it assumed that we still score risks by the S*P=RPN method.

Should there only be two regions in the scoring not "Unacceptable" and "reduced AFAP"?

Thanks!

You could write a thesis on the subject, but in practice just keep working as you are now.

My guess on the background is as follows:

Without Annex ZA, if a notified body or competent authority seriously disagreed with the manufacturer's approach (for example, a manufacturer that is being cheap and nasty, clearly unsafe, excessive use of warnings rather than reasonable protection), the manufacturer could argue that their decision is valid in "law" because ISO 14971 allows the manufacturer to set their own limits of risk acceptability. Legally the NB/CA cannot do anything.

With Annex ZA, the notified bodies and competent authorities can state that although a manufacturer complies with ISO 14971, they do not comply with the directive, which then permits them to raise a valid non-conformity or cancel a certificate if necessary.

However this would be an extreme case, and I am fairly confident that the powers to be did not make Annex ZA to force everyone to rework their risk management file. It is just to give them the power to trump the manufacturer's decision when justified.

Hi folks I stumble upon this thread.
@peter selvey: I already had a NC from NB audit about annex ZA non-compliance. Correction was to rework the risk assessment, fortunately without dire consequences on the device design.

Hi I have a question regarding risk control options under the 7 deviations in annex za.

For risks/hazards due to misuse or misinformation, what controls other than information in IFU or device labelling are appropriate? Under the MDD information provided cannot count as risk reduction, but for some cases it seems the only option.

Thanks!

Hey all,
I noticed that OD 2044 2.2, for some 60601 clauses it is required to check clauses 4.2 to 6.5 of ISO 14971, but in others, just 4.2 to 5 or even less. I couldn't figure out the reasoning for this, could anyone help?
Thanks!