Understanding+the+changes+EN ISO14971 2012

Understanding the changes to
the risk standard for medical

devices: EN/ISO 14971:2012
Peter Bge
Informa Post Market Surveillance and Vigilance conference
Amsterdam, 24. -26. February 2014
Presentation title Date 1
Peter Bge
>20 years working with development processes within medical devices
>15 years working in ISO and IEC with
ISO14971 Risk Management,
IEC6366 Usability
IEC60601-1 Safety of electrical medical devices
Background
1. Why the risk standard has been amended
2. Examining the content deviations in Annex
ZA, ZB and ZC and how this will impact
medical device and IVD manufacturers
3. Clarifying how medical device manufacturers
should adapt to meet the requirements of
the standard
4. Some open questions
A gruesome story,
with a happy end, starring the PMS-hero
In the MDD from 1993 Essential Requirements were
phrased ambiguously regarding risk mgt.
However consensus until the EU Commission in 2011
raised a warning to deharmonise ISO14971.
CEN communicated with the EU Commission, initially
aiming at convincing the Commission,
Having failed in that, CEN wrote Annex Z explaining,
where the Commissions saw it not meeting the Essential
requirements of the MDD, spelled out as 7 Content
deviations.
Resulting in the European EN14971:2012, with Annex
Z being the only difference to ISO14971:2007.
The ISO JWG 1 for ISO14971 has continually been
following the talks with the Commission and given
scientific advice to CEN. But has no formal role.
1. Why the standard has been amended: History
EN ISO14971:2012 is one of a kind:
An Annex is not normative - but this Annex Z
contains normative requirements,
The content deviations are stated to be from the
original 1993 MDD - but for most readers, they
are new requirements.
Standards usually become mandatory after e.g. 3
years - this became mandatory 19 years ago (!)
Lets hope it will remain a one of a kind.
Some of the deviations are raising the bar/
adding to requirements,
some seem to conflict with the risk mgt principles
of ISO14971, the industry and risk mgt. science.
1. Why the standard has been amended:
The resulting EN14971
The existing ER do not seem to
express the requirements in Annex Z well.
The proposed new ones have ben fitted to do that
So now its a bit more clear
But are they the right ones?
The question of the
Essential Requirements 1-4
FDA (U.S.A.) and EU
New requirements are also coming from FDA
Unlike EU they target using internationally recognized
standards more, not less
Unlike EU FDA is actively involved in standardization
E.g. ISO14971 & IEC62366.
Unlike EU FDA seems more committed to discussing
practical issues in industry regarding new
requirements.
Part of the standardization process
FDA seems more interested in raising the bar for data
(related to e.g. risk mgt.) than principles.
Principles are part of the standardization process
1. WhyDifferences between US and EU
Content deviation Impact. Issues?
1.
Treatment of negligible risks:
manufacturer must take all risks
into account when assessing
Sections 1 and 2 of Annex I of
the directive.
A statement in
the Risk Mgt
Report may be
sufficient
- i.e. also the
acceptable/small ones.
How to demonstrate that
you have identified all risks?
2.
Discretionary power of
manufacturers as to the
acceptability of risks: all risks
have to be reduced as far as
possible and that
all risks combined, regardless
of any "acceptability"
assessment, need to be balanced,
together with all other risks,
against the benefit of the device.
Update of RM
Report may be
sufficient
How to demonstrate
that you have reduced
all, potentially many
small, risks?
What does combined
mean?: Add? - Fault
Tree?
Is this the right focus?
2. The impact of content deviations in Annex Zx
Do the content deviations also apply to risks that
have been addressed by meeting a standard?
E.g. IEC60601-1 series or ISO10993 series.
If yes, what then is the point in having harmonized standards?
If not, is the concept of risk in MDD different from that in
ISO14971? Suggestion:
14971- Risk can be reduced to an acceptable level, but not to zero..
MDD Risk cannot be reduced to acceptable level, but may be
eliminated by meeting a harmonized standard.
The question of harmonized standards
3.
Risk reduction "as far as
possible" versus "as low as
reasonably practicable":
manufacturers
and Notified Bodies [!] may not
apply the ALARP concept with
regard to economic considerations.
Update of
RM Report
may be
sufficient
1. If disregarding that As Far As
Possible usually is reserved
nuclear plants-safety (i.e. issue
with the science of RM),
2. And disregarding the economic
considerations of society (who is
the ultimate payer), then:
3. You can still apply ALARP on
technical considerations (State of
the Art).
4.
Discretion as to whether a risk-benefit
analysis needs to take place: the
manufacturer must undertake the risk-
benefit analysis for the individual risk
and the overall risk-benefit analysis
(weighing all risks combined against the
benefit) in all cases.
Update of RM
Report may
be sufficient
If the Clinical Evaluation
report is used.
Makes sense for injection
devices.
Makes less sense for devices
used in complex medical
procedures: Then it is truly a
new requirement.
6.
Deviation as to the first risk
control option:
Eliminate or reduce risks as far
as possible (inherently safe
design and construction)"
Update of
RM Report
may be
sufficient
Some think its a new
requirement.
How to demonstrate
that youve done all?
5.
Discretion as to the risk control
options / measures: the
manufacturer must apply all the
"control options" and may not
stop his endeavours if the first
or the second control option has
reduced the risk to an
"acceptable level" (unless the
additional control option(s)
do(es) not improve the safety).
Update of
RM Report
may be
sufficient
Some think its a new
requirement.
How to demonstrate
that youve done all?
ISO 14971, 6.2:
The manufacturer
shall use one or
more of the
following risk
control options in
the priority order
listed:
a) inherent safety
by design;
b) protective
measures in the
medical device
itself or in the
manufacturing
process;
c) information for
safety.
At some point tests will not demonstrate any effect of
additional risk control measures
Shall the manufacturer still do all possible that MAY reduce risk?
Difficult to see happening in the real world
Or only all possible that demonstrably reduces risk?
I.e. if data from e.g. test demonstrates a lower probability or severity of harm or both.
State of the art, e.g. based on market data and literature, is till needed
But if you have to do as much as possible
For all risks, big or small,
Until state of the art makes it impossible to do more,
Then its not ALARP that has been abolished
Its all ALARP!
The question of
as far as possible vs. ALARP?
Presentation title Date
13
Information of the users influencing
the residual risk:
b) However, the last indent of
Section 2 of Annex I to Directive
93/42/EEC says that users shall be
informed about the residual
risks. This indicates that, according
to annex I to 93/42/EEC and
contrary to the concept of the
standard, the information given to
the users does not reduce the
(residual) risk any further.
c) Accordingly, manufacturers shall
not attribute any additional risk
reduction to the information
given to the users.
If warnings have
reduced risk
scoring (e.g. RPN),
then analysis has to
be redone.
To justify safety of
existing products,
one way is PMS
data analysis.
Probably the most
effective and easy
way.
1. Difference
between
warning and risk
disclosure?
2. Some warnings
are required by
standards
3. Existence of
Instructions
For Use
(prescriptive
description of
tasks) will still
reduce risk!!!
Go through the Content Deviations
- Identify gaps in your documentation.
Some Content Deviations may be fixed with
adding statements to the Risk Mgt. Report.
Some deviations can only be addressed by
statements, not by data (e.g. #6, reducing risk as far
as possible)
You may need to introduce risk benefit analysis.
#7: Most will have to remove warnings from risk
scoring (RPN):
Potentially biggest issue.
3. How manufacturers should adapt
Content deviation 7 usually requires more: Usually
update of Risk Analysis and worse - labelling:
1. Remove warnings as a RCM from the risk scoring (RPN
calculations).
2. Do not remove them from the actual IFU/labelling.
1. May be required by standards or even legislation
2. And maybe they actually do have a risk reducing effect!
3. Re-calculate the risk score (e.g. RPN).
1. Identify any seemingly INTOLERABLE risks.
2. Assuming that PMS process has not indicated safety issues,
are they INTOLERABLE? No.
3. You may therefor do a new risk ESTIMATION the rationale
being that the risk estimates have not been linked as close to
PMS data, as they should have been
3. How manufacturers should adapt
=
All may be used, but
some are more
practical or convincing
than others
If available,
market feed back
data is fastest,
cheapest and most
convincing
Agree your approach
with your Notified Body
before
A review of sources for risk estimates
ISO 14971, 5. NOTE 6
Information or data for estimating risks can be
obtained, for example, from:
a) published standards;
b) scientific technical data;
c) field data from similar medical devices already in use
including published reported incidents;
d) usability tests employing typical users;
e) clinical evidence;
f) results of appropriate investigations;
g) expert opinion; and
h) external quality assessment schemes.
D 3.2.1. Seven approaches are commonly
employed to estimate probabilities:
use of relevant historical data;
prediction of probabilities using analytical or simulation
techniques;
use of experimental data;
reliability estimates;
production data;
post-production information; or
use of expert judgment.
1. A ISO14971 compliant system will have established
links between
Risk, incl. Failure Mode: How a failure is observed
(should be searchable in e.g. a FMECA, but may not be).
- and codes for Complaints
leading again to found Technical Errors
2. Risk Analysis: Do ERRORS happen?
PMS: Complaints indicate presence of ERRORS
3. Risk Analysis: Do ERRORS lead to harm?
With what SEVERITY?
PMS: Adverse-events indicate medical consequences of
ERRORS
PMS: Complaints without Adverse Events may indicate
low severity scenarios
4. In less-than-perfect complaint handling this may
require expert judgment
(i.e. meetings between Risk and PMS people)
Review risk analysis on marketed products
You may end up with 2 -10 risks,
with both complaints and adverse
events.
Users will face the ERROR from
time to time.
And some will experience HARM
You have monitored these risks,
and determined that they are
acceptable.
The remaining risks:
Should as per this analysis, be
lower.
Update your risk analysis
accordingly
You may have done this to
perfection (as you should acc. to
ISO14971), or you may not
Handling the critical risks
Presentation title
Date 19
P5
P4
P3
P2
P1
S1 S2 S3 S4 S5
X
X
X X
For residual risks that are judged acceptable, the
manufacturer shall decide which residual risks to
disclose
and what information is necessary to include in the
accompanying documents (ISO14971, 6.4)
I.e. the critical risks
But may not describe all needed elements:
1. Error: What not to do (warning),
2. Resulting probability
3. Consequence (harm) and
4. Severity.
E.g. Do not press button, as this may lead to burns,
requiring healthcare intervention.
Impact
This old requirement is NOT part of Annex Z
But weaknesses if any, become clear
And may if applicable be the most costly part!
But thats another story
Critical risks in Information For Safety
+ +
Thanks for listening!

Understanding+the+changes+EN ISO14971 2012

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Understanding+the+changes+EN ISO14971 2012

Uploaded by

Copyright:

Available Formats

Understanding the changes to

the risk standard for medical

You might also like