Risk Management for Medical Devices

Washington Laboratories has extensive experience with Risk Management for Medical Devices.

Risk analysis is an integral part of the compliance evaluation for IEC 60601-1:2005 and associated amendments and particular/collateral standards.  ISO 14971 provides the requirements for applying risk management to medical devices.  Risk management file (RMF) review is specified for many of the medical device evaluation requirements, so it is expected that the RMF is submitted with the test sample as part of the evaluation and test program.  Often the manufacturer strives to have all risks reduced to an acceptable level prior to submission for test, but this is not always feasible.

In dealing with the risk analysis, the purpose is to identify risks that are called out in the standard but do not exist for the particular device and to identify risks that are not covered by the standard.  Consider that the risk may be unacceptable until testing verifies that the potential risk is at an acceptable level.  As an example a risk of electrical shock could be present on the appliance inlet terminals after disconnecting the cord at that point.  Testing for residual voltage would provide results to confirm that the residual voltage discharges rapidly making contact with a live voltage not realized.  After these results are known the RMF is updated to show that an unacceptable risk has been mitigated.

We often see RMF submissions with an analysis indicated that the person doing the analysis in not familiar with the potential problem.  ISO 14971 clearly requires that the analysis team include appropriate skills.  Normally when the skills are not present on the team, the analysis includes inappropriate information and will not withstand the scrutiny of an agency approval.

Let’s note a few points regarding the ISO 14971 requirements.

1. Section 3 provides requirements for management responsibilities, personnel qualification, preparation of the risk management plan and preparation of the RMF.
2. Section 4 deals with the analysis process; identification of characteristics related to safety or essential performance, identification of hazards and estimation of the risk.
3. Section 5 deals with the risk evaluation to arrive at an objective measure of the risk.  Consider the severity and probability of occurrence (if 1 of 10 devices fielded result in death you may find that this is an unacceptable risk).  Detection of the risk when detection leads to preventing the hazard can be used to reduce the overall risk magnitude.
4. Section 6 deals with risk control and calls for documenting options considered and implementation of measures to reduce risk to an acceptable level.  Many RMF files fail to include documentation of the options considered.  Sometimes risks cannot be eliminated, so a risk/benefit analysis may be needed to determine acceptability.  Also consider the solution – does it introduce other risks?
5. Section 7 calls for overall risk acceptability review
6. Section 8 calls for the risk management report.
7. Section 9 point out the risk management is an ongoing process where production, post-production and user feedback support updates and resolution of issues discovered after release of the device.

Understanding the risk analysis process can be somewhat daunting for those new to the process and many feel that the analysis must result in acceptability without introducing control measures.  The analysis team needs to review objectively with worst-case being the analysis basis and always consider single fault conditions.

If you need support, contact us.  We have the ability to be a part of your team in accomplishing the analysis and to exclude that support person from the evaluation.

Related pages:

• Medical Device Testing and Evaluation Services
• IEC 60601-1-11 for Home Medical
• Comparison of IEC 60601-1-2 EMC Requirements ED3 and ED4