6/6/2014 Risk Management for Medical Devices Safe and Effective Products Paul McDaniel ASQ CQM/OE Executive VP Operations and QA Sicel Technologies

6/6/2014 Overview Product Life Cycle Model Role Process Hints In-depth discussion of a Risk Management Analytical Tool: FMEA

6/6/2014 Risk Management Defined (a practitioner's definition) Risk: probability of harm occurring AND the severity of harm Risk Management: Use of relevant information to identify possible harmful events, to assess the events acceptability in the eyes of the at risk population (probability*severity), and exert effective controls of the risk

6/6/2014 Risk Analysis -Intended use and Id of Char related to safety of the device -Id hazards -Est risk for each hazardous situation Risk evaluation Risk Control -Option analysis -Implement controls -Residual risk evaluation -Risk/benefit analysis -Risks arising from control measures -Completeness of risk control Risk Assessment Evaluation of overall residual risk acceptability Risk Management Report Production and post-production information Risk Management Adapted from ISO 14971:2007 Figure 1

6/6/2014 Product Life Cycle Model Role Understand the Regulatory Model –A product life cycle has many phases –Information/Products/Design at the start of a phase is input; possibly input requirements –Information/Products/Design at the end of each phase is output –Outputs must be verified against inputs The model assumes verification at each phase end

6/6/2014 Product Life Cycle Model Role The Current State of the Risk Management Standard Assumes the Regulatory model –You may follow the described process and be confused unless you recognize the phase boundaries How can I determine the answer to is risk acceptable if Im just defining design inputs –The planned mitigation is acceptable, detail design may introduce new information, stay alert in the next phase!

6/6/2014 Risk Management by Phase Design Input (Hazard Analysis/Fault Tree) –Focus on generating product shall not do or shall comply with standard... type of specification requirements Detailed Design (Fault Tree/FMEA) –Look to your product architecture and add architecture interface risks to your analyses –Further on, examine higher risk areas and product failure risks in detail

6/6/2014 Risk Management by Phase Design Verification/Validation –Watch for occurrence of anticipated but intended to be mitigated risks Risk Control failure –Assess impact of V&V findings for new risks needing analyses We didnt imagine that would happen: Risk? –Listen to any customer feedback for risk acceptability Those safety lock outs are too confusing to work with, can we disable them?

6/6/2014 Risk Management by Phase Commercial Distribution/Disposal –Vigilance Reporting is a Risk Analysis Update Opportunity NEW for 2007! –Production feedback into the Risk Analysis Am I seeing higher rates of occurrence? Are new failure modes presenting themselves that we havent analyzed? Are we having control failures or excessive cause failures

6/6/2014 Risk Analysis in Production Non-conforming material and Material Review Board Processes? –Can they effectively consider risks on each occurrence? Control charts, acceptance data –Are risk controls part of acceptance testing? –Frequency of occurrence suggesting anything Risk of failure was ranked as remote yet weve had three catastrophic hot-pot test failures this month!

6/6/2014 Risk Analysis in Production Comment period…………

6/6/2014 Process Considerations Define the scope of your analysis –What systems, what interfaces, who as user... –The records produced will be subject to second guessing if harm occurs: dont allow hindsight to change the rules –Document your information sources!!!!!!! When you made your risk acceptability decision, what information was available and used? We can only be diligent, not psychic

6/6/2014 Analysis Scope Intended Use: Use for which the product, process or service is intended according to the specifications, instructions, and information supplied by the manufacturer Essential Performance: Performance necessary to achieve freedom from unacceptable risk Note: is most easily understood by considering whether its absence or degradation would result in an unacceptable risk You must have these two clearly in front of the analysis team.

6/6/2014 Process Considerations Use a Risk Source List as a Reminder –ISO has such lists –Add your Industrys Experience If a harmful event has been reported, it has higher mitigation priority than hypothetical risks –flag real occurrences in your analyses –Rely on accepted standards If there is a test standard, understand the underlying reason for the tests

6/6/2014 Process Considerations Sources of harm should suggest action –electricity is not harmful, electrocution is A hazard exists –A sequence of events leads to a hazardous situation (normal or fault conditions) The hazardous situation has a probability (P1) Harm occurs from the situation –A probability of harm exists (P2) –A severity of outcome can be assigned (S) –Risk = S, P1 x P2

6/6/2014 Process Considerations While defining the system inputs, what harmful things can occur: –Very early on, a Preliminary Hazard Analysis can screen out higher risk approaches What are the harmful things that the system can do considering: –user, patient, environment or property (a subject)

6/6/2014 Process Considerations Typically, the Device Design Requirements Are Broken Down Into Smaller Pieces During Detailed Design –focus on interfaces, signal and data path integrity –trace system requirements to sub-system –Use Fault Tree Analysis (top down) –Consider Using Failure Modes and Effects Analysis (bottoms up)

6/6/2014 Process Considerations Observe Verification/Validation findings for unanticipated device behavior –the best design analysts miss things Initiate a process for V&V findings classification –did harm occur?, or if the behavior re-occurs, could harm occur? –if I cant recreate the behavior, I still may have to mitigate it

6/6/2014 Risk Management Process Tools

6/6/2014 System Hazard Analysis (design input) Draw boundaries between the system and the at risk subject and define harmful events –Energy sent across a boundary –Look for potential to kinetic energy transition did you control the transition –Changes in state may be potentially harmful –Your seed list may leave you with many deferred answers

6/6/2014 Probability and Severity Estimates Risk management relies on expert judgment so dont let novices work alone! Focus on one device, one device lifetime Set Quantitative or Qualitative criteria –high probability is...several times in a device lifetime???, 1< per million uses –moderate injury is....medical attention to return to pre-risk exposure state

6/6/2014 Probability and Severity (use graphical techniques) Increasing Severity Increasing probability unacceptable okay Increasing Severity Increasing probability no risk or too great a risk is easy, what about moderate risks? Split up the quadrants to refine the estimates in stages of analysis

6/6/2014 Detailed Risk Analyses One of the more popular design evaluation tools is the Failure Modes and Effects Analysis (FMEA) –IEC 60812, Analysis techniques for system reliability - Procedure for failure modes and effects analysis –FMEA is used more for design evaluation than for design development –Works for manufacturing processes too!

6/6/2014 Detailed Risk Analyses Definitions: –FMEA: a structured analytical technique which determines relationships between basic element failure characteristics and the system failures –Failure mode is how a failure manifests itself (system shuts down) –Failure mechanism is why a failure occurs (defect in the transistor silicon)

6/6/2014 Process Needs for a FMEA Prior risk analysis work to build on if available –System level harmful events will be analyzed to see how component/assemblies may contribute to the harm cause –System failure and degraded modes definitions functional block diagrams may be needed for each operating/failure mode

6/6/2014 FMEA Process Needs a design solution, down to the component level, has been identified –failure modes of components are defined resistors fail open circuit, shorted, does the analysis include increasing or decreasing resistance? Component vendors may provide failure modes –open 30%, shorted 70% a complete understanding of the design solution

6/6/2014 FMEA Form

6/6/2014 FMEA Process At the appropriate level of system detail consider the first item –How can the item fail (failure modes) and why may be more than one cause for each failure mode –for each mode of failure, what happens at the system level –Estimate Probability, Severity, Detectability –If necessary, implement corrective measures

6/6/2014 Q & A?

6/6/2014 Conclusions Regulatory Agencies are requiring Risk Management processes International standards are being utilized to meet the requirements and standardize processes The analytical tools necessary to support a device risk management process exist today