In my last post, I looked at some of the common but confusing terminology used in hazard analysis. Now let’s take it a step further and examine how we approach hazard analysis.
In the absence of a dedicated functional safety standard for the medical device sector, we turn to ISO 14971, which is a risk management standard for medical devices. It helps medical device manufacturers set up a risk management process appropriate to their sector.
Firstly, we look at intended use of the device, which if you recall is what it is supposed to be used for. We document this, as well as any reasonably foreseen misuse. We also document its qualitative and quantitative characteristics that could affect its safety.
Next we compile more documentation, this time about known and foreseeable hazards that affect the device. Documentation is a word you’ll come across a lot in this process. Then, as ISO 26262, a functional safety standard for a completely different sector – automotive – puts it, “The hazards shall be determined systematically by using adequate techniques.” We’ll be coming back to automotive later, by the way.
What’s an adequate technique? They might include brainstorming, checklists, quality history, failure mode and effects analysis (FMEA) and field studies.
Then we need to estimate the risks of each hazard, remembering that risk combines probability of occurrence with severity of harm. Something unpleasant that happens virtually never might get the same risk rating as something trivial that is quite likely. Also, as ISO 14971 points out, we aren’t just looking at single events. Instead we also need to consider “reasonably foreseeable sequences or combinations of events”. And of course hazardous situations resulting from those combinations need to be recorded or documented.
Ways of estimating risk include consulting:
- Scientific technical data
- Field data from similar devices, including published and reported incidents
- Usability tests amongst typical users
- Clinical evidence
- Results of investigations
- Expert opinion
- External quality assessment schemes.
To wrap this post up, let’s look at an example that will illustrate how all the different concepts interconnect. Let’s take an implantable defibrillator. The hazard is functional failure with no output.
A foreseeable sequence of events is that the battery powering the defibrillator reaches the end of its life and the patient fails to attend a clinical follow up appointment. The hazardous situation is that the device cannot deliver defibrillation shock when arrhythmia occurs. The harm is death.
These harms then need to be quantified by probability and severity to produce the risk. Although the probability of this may be low, the severity of death is high so the risk is high.
Finally, just as an aside, ISO 14971 does have weaknesses though – for example it does not consider controllability i.e. what level of control exists over the hazard or the factors that create the risk. For example does the device have a safety override button in case of malfunction? Is there a process in place to ensure that the battery is replaced well before depletion?
This is in fact a great example of how we can draw some useful learnings from a completely different sector – automotive – which does have its own functional safety standard – ISO 26262. Risk assessment as defined there does include controllability. Once the automotive Hazard Analysis and Risk Assessment team have reviewed severity against probability, they then consider controllability.
Indeed learning from how functional safety is dealt with in other sectors can be very illuminating and is something I plan to return to in future posts.
I hope this walk through some of the concepts helps. If you’d like more information about hazards, risks and functional safety in the medical device sector, please get in touch with me now.