Guest Column | January 27, 2021

Avoiding ISO 14971 Mistakes — What Does "Harm" Really Mean?

By Naveen Agarwal, Ph.D., principal and founder, Creative Analytics Solutions, LLC

Identification of hazards, hazardous situations, and harms is foundational to analyzing the risks associated with a  medical  device. Yet, these terms are often misunderstood and misapplied in the industry. As a result, there is a lot of confusion and inconsistency in the implementation of risk management systems to meet the requirements of ISO 14971.

In the first two parts of this three-part series, we discussed the terms “hazard” and “hazardous situation” in detail. In this third and final part, we will review the term “harm,” provide examples to illustrate how you can define potential harms applicable to your medical device, and explain how you can link them to relevant hazards and hazardous situations.

ISO 14971:20191 defines a harm as injury or damage to the health of people, or damage to property or the environment.

It is important to note that there has been a subtle, but very important, change in the definition of harm in the current revision of ISO 14971. The concept of harm is no longer limited to physical injury to a patient or a user. It also includes other harms such as loss of medical and personally identifiable information due to breaches in data security.

As we discussed in the first two parts, a user must be exposed to one or more hazards in a hazardous situation for harm to occur. Therefore, there is an element of probability involved in the occurrence of harm. A second key aspect of a harm is its severity. As a result, the concept of risk (of harm) is defined in ISO 14971 as a combination of the probability of occurrence of harm and the severity of that harm.

One of the complexities in risk analysis is that any given hazardous situation can lead to one or more harms of different severity levels, and any given harm of a specific severity can occur from one or more different hazardous situations. There is a many-to-many relationship between hazards, hazardous situations, and harms. Identifying all potential combinations and evaluating them can quickly become an overwhelming exercise.

A common point of confusion is when the same harm is assigned different levels of severity depending on the associated hazardous situation. A burn could be a minor, localized, and superficial burn resulting from exposure to an electrical hazard, or it could be more severe and even life-threatening. Using the term “burn” as a harm may lead to a lot of confusion and inconsistency in the assignment of the severity level. Similarly, a headache may be minor, relieved by an over-the-counter pain-relief medication, or a more severe migraine involving multiple symptoms and requiring prescription medications.

Therefore, it is important to use standardized, medically precise terminology to define potential harms applicable to your medical device. A good resource is MedDRA2, the Medical Dictionary for Regulatory Activities. It is an internationally recognized source of medical terms that can be used to create a master harms list for your product portfolio.

A second reason for inconsistent application of severity levels to harms is use of qualitative, non-neutral terms such as negligible, minor, major, critical, and catastrophic to describe different severity levels. Typically, a five-point severity scale is used with these terms, and although considerable effort is spent in creating definitions, there is a lot of inconsistency in application during risk assessments, even by expert medical professionals. An outcome-based, medically focused, classification framework, first proposed by Clavien-Dindo3, is now gaining broad recognition, even from the FDA.

Watch this video to understand these concepts and apply them consistently in your risk management process. Share your questions or comments below.


  1. ISO 14971 – Application of Risk Management to Medical Devices (
  2. MedDRA – Medical Dictionary for Regulatory Activities (
  3. Clavien-Dindo Classification System – A Risk Management Tool for MedTech (

About The Author:

NaveenNaveen Agarwal began his consulting practice in 2017, with the goal of helping medical companies build safe products through quality systems that are not only compliant to regulatory requirements but also focused on the needs of patients and physicians. He has 20 years of industry experience in leadership roles ranging from R&D to product quality and business analytics. As a result, he has a broad and deep expertise in all of the core functions involved in the lifecycle of medical products. His consulting practice focuses on problem-solving in the areas of risk management, quality systems, customer experience, and quality culture. You can view other videos by Agarwal on his YouTube channel, email him at, and connect with him on LinkedIn.