Medical Device Development: Common Mistakes in Risk Management
If you’re the least bit interested in safety-critical product development, there is one obvious fact you have probably heard a million times: in this area, product quality, reliability and safety are fundamental. In order to make sure your railway, automotive, medical or other equipment functions as intended, you’ll have to take into consideration all the hazards that might affect the way it operates.
The development of medical technology solutions is one area that stands out in this respect. Any malfunctioning of medical equipment could directly result in death or injury to human patients. Reducing the probability of malfunctioning or human error in the intended use of the product is vital. Therefore, risk management is gaining more and more importance, and is increasingly becoming a fundamental requirement of the regulations and standards that apply to medical device development.
Not only can adequate risk management save lives, it can also help safeguard the profitability of development companies, which further adds to its significance. Catching risks early on in your development lifecycle might save you a great deal of effort and cost later on, and could help avoid recalls. Recalls are an especially dreaded threat in this area of development: the resulting loss of reputation, as well as the costs of recalls and ensuing lawsuits could severely affect the bottom line of companies involved in the development of medical technology.
While risk management is increasingly being viewed as a fundamental process and discipline, it is an evolutionary process. Consequently, mistakes still abound – some of which are painfully common, and could be relatively easy to avoid.
1) FMEA and risk management aren’t the same
At the dawn of risk management, when even the definition of ‘risk’ was hazy, Failure Mode and Effects Analysis (FMEA) was the go-to technique used to identify, analyze, and plan the mitigation of hazards. While FMEA is, to this day, a powerful tool to reduce the risks of device malfunctioning (what happens if the device fails or breaks in one way or the other?), the risk management approach required by today’s regulations and standards, specifically ISO 14971, is way more far-reaching and holistic.
Taking this more comprehensive approach helps you take in to consideration all the hazardous situations that may occur as your product is operating, even if it is being used as intended. In fact, most of the following common mistakes result from this misunderstanding of definitions.
2) Lack of integration, silos between risk management & development
It’s easy to think that you can simply add one step before/during the design or development process where you assess your risks, and plan all mitigation activities. Once that’s done, you can cross risk management off your to do list, right?
Wrong. Risk management and development (design, engineering, production) are processes conducted with the exact same goal in mind: to build safe and effective medical devices. They are parallel and interrelated processes that should be integrated to support each other throughout the lifecycle. In order to effectively identify, assess, and mitigate risks, and to show traceability between them, one should guide the other. Defining and analyzing intended use will help you assess your risks – the mitigation actions of which should feed into product design and development. Setting up a cross-functional team incorporating members from all aspects and steps of the development lifecycle will help you uncover and address more risks early in the process, which will contribute to reduced development time and costs.
3) Understand and incorporate ‘intended use’ in your risk management process
Defining intended use is fundamental to the entire process of development, including risk management. Intended use is, basically, the general purpose your medical device aims to serve – what conditions should it be used to diagnose, prevent, treat, etc. According to FDA:
The statement [of Indications for Use] should include specific indications, clinical settings, define the target population, anatomical sites, etc. This statement must be consistent with your labeling, advertising and instructions for use.
Therefore, intended use practically defines the scope of your risk management efforts. Limiting the scope of these activities to the areas that are really relevant allows you to conduct really thorough risk management without wasting effort on irrelevant hazards.
4) Failing to conduct & document risk-related activities in real-time
Once again, this common mistake results from the wrong perception of risk management: one that says you can simply conduct these activities at one point in the process, and forget about them for the rest of the lifecycle. As seasoned medical technology development companies will be able to tell you, thinking you’ll be able to catch up with your risk management and documentation later on is an approach that almost never works out.
As mentioned above, risk management should be happening integrated into development, throughout the entire lifecycle. By conducting and documenting these activities parallel to the process of development, you can make sure that preparing for compliance audits doesn’t delay your product’s release. What’s more, it may also affect the efficiency of your risk management & documentation efforts.
Summary: adjusting culture, processes, tools
In essence, all the above mistakes boil down to failing to adjust the company culture, as well as general lifecycle and risk management processes. A new approach to medical device risk management is necessary, which will lead to the use of new processes – processes that are best supported by adequate tools.
Using the right solutions, such as codeBeamer ALM and Intland’s Medical IEC 62304 Template, will support the implementation of these new types of processes that allow you to integrate risk management into development. By automating documentation, the effort needed to prepare for compliance audits is greatly reduced, and by enforcing adequate risk management processes, you won’t have to worry about compliance.
To learn more about how codeBeamer supports medical risk management, watch this webinar recording titled ISO 14971: Medical Risk Management Best Practices: