Risk Management Must Be Applied Systematically

Originally Published MDDI March 2004NEWSTRENDS Erik Swain

March 1, 2004

4 Min Read
Risk Management Must Be Applied Systematically

Originally Published MDDI March 2004


Erik Swain

Ever since the publication of ISO 14971:2000, “Risk Management for Medical Devices,” FDA's scrutiny of device firms' risk management programs has grown. Therefore, according to an expert, device companies must apply policies, procedures, and practices systematically in order to properly analyze, evaluate, and control risk.

While it is up to each individual firm to determine how much risk it is willing to accept for each product, “we must be prepared to justify why those levels are acceptable to us,” said Frances Akelewicz, president of Practical Solutions LLC (New Providence, NJ). “The agency will ask this during the review of a submission. What's the foundation of your band of probability? What's your statistical support? What benchmark studies are there?” She made her remarks at a meeting of the New York and New Jersey chapter of the Regulatory Affairs Professionals Society (Rockville, MD), held in January. 

She said risk acceptability is a combination of the probability that the product will cause harm, and the severity of the consequences of that harm. But in most cases, it is up to each firm to decide this. “There are no mandates on this unless you make a product with a monograph or a strict guidance document,” she said. “Those tend to apply mostly to cardiology, where the guidances speak to tools such as confidence intervals and tolerance levels.” All decisions determining probability and severity of risk must be fully documented, she emphasized.

Absent prescriptive guidances, firms must rely on tools such as adverse-event databases, internal complaint databases, edge-of-failure studies from design control or process validation, reliability studies, clinical studies, morbidity and mortality reports and statistics, and comparison testing with competitive products. In particular, she said, the agency has been encouraging industry to do more reliability studies, which means firms may need to hire more reliability engineers or make staff familiar with reliability engineering.

Device firms must understand that they have to balance risks and benefits when performing risk management, she said. Firms must also consider what is the generally accepted state of the art for the technology. For example, a dialysis catheter potentially used in both hospital and home care should be evaluated in both environments.

Another thing to consider, said Akelewicz, is that risk acceptability is always changing based on the current values of society. “There are some risks that we do not tolerate now that we would have 20 years ago,” she said. “This is because of advances in information-sharing, science, education, and transportation, among other things.”

It is essential, then, that firms keep risk management files, which collect all records and documents related to the risk management process, she said. While it may be too cumbersome to keep a separate file for each product, there should be a file for each product family. They should contain or point to change-control events, and relevant documents in the design master file such as failure mode and effects analyses. The drawback is that “we are predeclaring what-ifs, which could be a playground for a litigator. But I don't [know] any way around that. There are certain individuals that will always abuse it.”

The overall risk management process should be circular, feeding from ideation to development to production, and then to postmarketing information that leads to change control and improvements in future designs. 

Management's responsibilities in the process include defining a policy, ensuring adequate resources to carry it out, assigning trained personnel to it, and reviewing the results periodically. The policy should be translatable to goals and objectives that can be quantified and measured, but it should be as simple as possible to allow for flexibility when dealing with different product types. The personnel should have a number of skill sets, including risk management, reliability, engineering principles, ethics, product history knowledge, and knowledge of the clinical user environment. FDA has grown more interested in seeing documentation on how risk-management personnel have been trained and qualified, she noted. Also, understanding how a product might be used off-label can be particularly important, she said. 

What device firms must especially keep in mind, she said, is that risk management “covers the product cradle to grave, must be exercised and change control, and must support decisions related to design control and process validation.”

Copyright ©2004 Medical Device & Diagnostic Industry

Sign up for the QMED & MD+DI Daily newsletter.

You May Also Like