 |
The Basics of Medical Device Risk Management |
What is risk management and why do you have to pay attention to it now, more than ever before?
 |
| Sharad Narayan |
The bar for risk management has suddenly moved higher for medical device companies. After numerous product-safety-related recalls and field actions over the past few years, FDA has dramatically increased its scrutiny of the product risk management practices, demanding adherence to the current standard, ISO 14971:2007. With the agency now examining risks in terms of the worst possible outcome, practices that had been presumed acceptable are subject to heightened scrutiny. The rate at which FDA issues warning letters citing risk management deficiencies has more than doubled since 2007. Recent warning letters have highlighted inadequate links between risk management practices and corrective and preventive actions (CAPA) that have always been the focus of FDA inspections. This shift in risk management regulatory expectations makes it imperative for medical device companies to revamp their risk management practices.
 |
| Jim Prutrow |
The change on the regulatory front is only one reason for companies to reassess their practices. The use of risk management as a development tool to drive product quality often falls short of its potential. Much of the time, it is seen by development teams as a paper exercise to be completed right before launch. Poorly implemented risk management programs further fuel this misguided notion that the practice adds little value. To the contrary, a well-executed risk management program that includes product development and safety, process development, strategic planning, and project execution can serve as a powerful tool for a firm to innovate and grow.
When initiated early and employed frequently throughout the product life cycle, risk management can promote innovation, leading to a reduction in the number of customer complaints, lowered service and support costs, fewer disruptions from field actions, and improved execution against program expectations. Resources once spent on such non-value-added activities can instead be used to fuel growth and shareholder value.
To reap these benefits, the organization needs to apply risk management practices across the product life cycle. This means eliminating silos and aligning incentives between development and post-commercial organizations. For maximum impact, risk management practices must be data driven, with logical, consistent risk characterization that is well communicated across the organization.
Companies should ensure robustness in the following fundamental areas:
- Integrated processes. Companies need to develop risk management processes with integrated links to CAPA and management review processes, systems, and procedures. Such integration allows companies to prioritize continuous improvement activities, improve customer satisfaction, and sustain long-run profitability—maximizing results while minimizing risk.
- Robust governance. Management must also play a strong role in ensuring the proper governance of risk management processes. It’s critical that an established governing body make executive-level decisions regarding risk-benefit analyses and drive key company-wide risk control measures; doing so provides single-point accountability. This body must also establish and monitor sensible metrics to measure process effectiveness.
- Cross-functional involvement. Risk management is not limited to the quality function. Success requires close collaboration with a variety of groups, including regulatory, medical, manufacturing, R&D, and engineering. Management must ensure that these different functions all play a part in risk-management initiatives.
- Adequate resources and tools. Determining the right number and type of resources is also crucial. Dedicated resources, fully engaged in development and post-market risk management activities, are critical to the effective and timely identification and resolution of product risks. To ensure sustained excellence, ongoing investment in training and evolving tools and techniques is key.
Given the current regulatory climate, there is no better time for companies to revamp their risk management programs—and to realize the potential business benefits.
Sharad Narayan is a PRTM manager in the healthcare business group. Jim Prutow is a PRTM director in the healthcare business group.
Login or register to post comments
|
Most Recent |
|
Related articles |
No ISO 14971:2010
Gentlemen,
In the first of the four bullet points at the end of your article on Integrated Processes, you missed the most important process, that of Design Control. There is much room for improvement in most company’s integration of risk management and design control especially at the Design Input stage and in the Design Review process. This process is especially important to FDA, as that is the only place in the regulation where risk is mentioned, and can therefore be legally cited in Warning Letters. Now that Districts have the authority to write and release Warning Letters, there have been some letters that have incorrectly questioned some industry practices. If industry were to contest the letters, the letters may well be invalidated. In this arena, much care must be exercised by FDA in properly creating citations of risk management activities by manufacturers.
While I have those criticisms, much of your article is well-founded and gives excellent advice to medical device manufacturers. As you have intimated, improvement of risk management processes will require a great deal of effort and qualified personnel to bring risk management practices to the current ISO 14971:2007 requirements.
Ed Bills
Member, AAMI/QM/WG04 , Application of risk management to medical devices, and participant in development of ISO 14971 Amend 1:2003 and ISO 14971:2007
Response to Mr. Bills from authors
We thank Mr. Bills for his comment and agree with him in regards to the relevance of Risk Management to Design Controls. Our intent is to highlight the relevance of Risk Management to Quality System processes beyond those explicitly in the regulations, with the intent stated earlier in the article to highlight how Risk Management can be a tool to further business ends beyond regulatory compliance.