What is Risk Management for Medical Devices?

 Risk, risk assessment, estimation, evaluation, risk control, and risk management are very well defined in BS EN ISO 14971: 2019. This standard is used for medical devices, IVDR, and has become a harmonized standard for risk management in Canada. Risk management is defined as the “Systematic application of management policies, procedures, and practices to the tasks of analyzing, evaluating, controlling, and monitoring risks.”

What are the steps in the risk management process?

·         Identify Hazards, Hazardous Situations in Production and Postproduction, Literature Reviews, Adverse Event Databases

·         Estimate and Evaluate the Related Risks

·         Apply Control Measures for Risks

·         Effectiveness Check

·         Residual Risks Acceptability Check

·         Apply Additional Control Measures for Unacceptable Residual Risks

·         Benefit-risk Analysis

·         Risk Evaluation Performed Throughout the Product Lifecycle

·         Risk Management Review

Several risk management tools are used for risk analysis like pFMEA, dFMEA, fault tree analysis, probability risk matrix, preliminary hazard analysis, and final hazard analysis. ALARA, ALARP, and AFAP are the different risk mitigation strategies. AFAP is the most accepted risk reduction strategy as per EU MDR 2017/745. The quantitative and qualitative or semi-quantitative methodology is utilized for risk analysis. The risks are also collected from PMS, literature reviews, and adverse event databases. The various possibilities of hazards/failure modes are identified in the design, manufacturing, and postproduction phases of PLC. Any emergent risks are identified in PMCF activities and risk analysis is performed. The probability of occurrence and severity of the harm is defined for risk estimation. An acceptable threshold value is defined for several types of risks. If the evaluated value surpasses the acceptable threshold value, then appropriate control measures are applied to mitigate the risks. The residual risks are also evaluated in a similar methodology. A benefit-risk analysis is performed for unacceptable residual risks. If no further control measures can be implemented for unacceptable residual risks, a benefit-risk analysis is performed. All these risk management activities are drafted in risk management plan and risk management report.

The risk management plan contains:

·         Scope of Planned Risk Management

·         Identification of Lifecycle Phases for which Risk Management is Planned

·         Assignment of Responsibilities to Competent Personnel

·         Requirements for review of Risk Management

·         Criteria for Risk Acceptability

·         Evaluation of Residual Risk and Its Acceptability

·         Methodology Adopted for Risk Management

·         Verification of Effectiveness Check of Control Measures Implemented

·         Production and Post-production Activities Data Collection and Review Process

The risk management report contains:

·         The Personnel’s Information Involved in Risk Management Activities

·         The Findings of Risk Evaluation

·         The Appropriate Control Measures Implemented

·         The Risk Acceptability

·         Benefit/Risk Analysis

·         The Acceptability Evaluation of Overall Residual Risk and Additional Control Measures

·         The Modification of Production and Post-production Information

·         Risk Management Review