ISO 14971: Harnessing Preliminary Hazard Analysis (PHA) To Develop Safer Medical Devices
By Naveen Agarwal, Ph.D., principal and founder, Creative Analytics Solutions, LLC
Risk analysis is a key requirement of ISO 14971:2019, the recently revised International Standard for Risk Management of Medical Devices.1 The main purpose of this analysis is to identify all applicable hazards and to estimate risks associated with a particular medical device.
In practice, this exercise often proves to be challenging, especially during the early phase of design and development, as the link between hazards and potential harms is generally not well understood. Risk is a combination of the probability of a harm (POH) and severity of that harm (S). Therefore, in order to estimate risk, we need to assign the values of POH and S to each of the potential harms associated with a particular medical device. However, this information is generally not available during early development.
Engineers tend to focus on device failures and failure modes, and their causes and effects, in order to make sure the device “works” reliably. But device failures and failure modes don’t necessarily lead to hazardous situations and harms, and harms can occur even when there is no device malfunction. This is where a preliminary hazard analysis (PHA) can help. A PHA is a method of analysis to identify hazards and link them to hazardous situations that may lead to harm. It is more of a top-down approach, which helps to build a link between events, whether triggered by a device malfunction or not, and the resulting hazardous situations that may potentially lead to one or more harms. The focus here is not on “what can go wrong?” but rather on “what is the relationship between likely hazards and potential harms?”.
In this article, I will address the What, the Why, and the How of a PHA to help you develop and deploy this powerful tool in your product development process. When done right, a PHA is a highly effective way to not only focus your design and development process on safety but also to provide a means to evaluate post-market information in terms of underlying hazards and currently implemented risk measures.
What Is A PHA?
According to ISO/TR 24971:2020, the guidance on the application of ISO 14971, a PHA is an “inductive method of analysis with the objective of identifying the hazards, hazardous situations and events that can cause harm for a given activity, facility or system.”2
Notice the term “inductive”; it means that this analysis relies upon currently available information, including prior field experience with similar devices. In that sense, the analysis considers “association,” rather than “causation.” As an example, it is generally known that localized or systemic infection (harm) may result from exposure to one or more sources of biological contamination (hazard). Now, different scenarios (sequences of events) can be outlined that specifically relate to a medical device and its use environment that may lead to such exposure (hazardous situation). Keep in mind that one hazard can result in more than one harm and more than one sequence of events can give rise to a hazardous situation. In other words, there are many-to-many relationships between hazards and harms. Annex C in ISO 14971:2019 provides additional examples of the relationships between hazards, sequence of events, hazardous situations, and harms.
A PHA is a list of hazards, hazardous situations, and harms, formulated by considering materials of construction, components used and their interfaces, use environment, operating principle (chemical, electrical, mechanical, electromagnetic etc.), and other relevant factors. It may also include an early identification of the POH and S values, whether quantitative or qualitative, to each of the hazard-hazardous situation-harm relationships and a list of potential risk control measures. In this way, a PHA can provide the initial framework for risk assessments to cover both risk analysis and risk evaluation.
Why Use A PHA?
Although ISO 14971:2019 does not explicitly require that a PHA be used for risk analysis, it is a highly effective method to comply with the requirements of the standard. There are other analytical tools available, such as failure mode effects analysis (FMEA), fault tree analysis (FTA), hazard and operability study (HAZOP), and hazard analysis and critical control points (HACCP). Most of these other methods are suitable for engineering risk analysis to improve product and/or process reliability. They address different failures and failure modes in a linear fashion, one at a time. Since the mapping of hazards, hazardous situations, and harms involves many-to-many relationships, these linear methods often are difficult to implement within the context of ISO 14971. It should be noted, however, that more than one method of analysis may be deployed to achieve the overall objective of risk analysis.
In my experience, it has been quite efficient to use a FMEA and a PHA in a hierarchical manner. The PHA is a higher-level document than the FMEA. A separate FMEA may be used for design, process, and use scenarios, and each of them can be linked to the higher-level PHA through hazard mapping.
When a PHA is deployed in this manner, an added advantage is realized during analysis of post-market information. As an example, if there is an increase in the frequency of a certain harm, such as bacterial infection, the mapping of harms, hazardous situations, and hazards in a PHA can easily facilitate an assessment of all applicable risk control measures relevant to the specific situation. At the same time, if a new hazard, hazardous situation, or harm is identified through post-market information, the PHA can be easily updated. There is no need to go line by line in a long FMEA document to figure out which specific failure mode(s) may need to be reviewed and updated as a result of this information. The PHA drives the higher-level updates, while the underlying FMEA documents may not always require an update in every situation. In this way, each tool is deployed appropriately, but they are all linked to deliver the overall objective.
How To Build A PHA
In addition to listing hazards, hazardous situations, and potential harms related to a particular medical device a PHA may also include an initial assignment of POH and S values for each hazard, hazardous situation, and harm combination. A list of potential risk controls may be included and prioritized in the early phase of development and updated as the device design evolves through the process.
The process starts with a clear definition of the intended use and misuses and characteristics related to safety. There is additional guidance on how to address these topics in ISO/TR 24971:2020. Here I will focus on the relationship between hazards, hazardous situations, and harm, the key elements of a PHA.
Although these are basic concepts, it is my experience that they are poorly understood in the industry and often incorrectly applied. The following figure illustrates these terms and provides an example:
For example, microbiological contamination such as a bacteria or virus is a hazard, the action of shaking hands with someone infected leads to a hazardous situation, which may cause a harm such as a common cold, flu, or a more serious COVID-19. In a PHA, we will need to outline these relationships and all potential outcomes. Typically, a trigger event, which may or may not be due to a device failure, leads to a cascade of events, which in turn lead to a hazardous situation, which may or may not result in a harm.
There are two ways to define this relationship. You can start with a top-down approach by starting with a harm (example: COVID-19), then consider a hazardous situation (example: exposure to the SARS-CoV-2 coronavirus), then to sequence of events (example: time spent in close proximity, no mask, no social distancing), then to a trigger event (example: exposure to an infected person), and then to a hazard (example: biological).
Alternately, you can start with a bottoms-up approach by starting with a trigger event (example: false negative result for COVID-19), then to sequence of events (example: infected person meets other people, no mask, no social distancing), then to a hazardous situation and harm.
This exercise continues for all applicable hazards, trigger events, sequences of events, hazardous situations, and harms. The following figure illustrates an example of a single line item in a PHA for a disposable face mask used as a device for source control of an infection.
It is not uncommon to have over a hundred such line items in a PHA for a complex medical device. Therefore, it is important to use a systematic approach using all available information and to work collaboratively with a cross-functional team. At a minimum, you need to include expertise in medical safety, engineering, human factors, complaints handling, and risk management. Depending on the organizational structure, these areas of expertise may be in one or more departments or functions. It is also useful to work with a skilled facilitator or project manager to ensure a careful consideration of all viewpoints.
In addition, it is important to appreciate that this is not a one-and-done activity. At first, you may have very limited information to complete the analysis. You may not have a complete map of all risks; however, it may be useful to create a structure and a framework for the analysis to evolve throughout the development process as well as during the post-market phase.
Finally, remember that this is an inductive method of analysis. It should be based on available information and experience, including from a similar medical device. Therefore, it is not productive to speculate about sequences of events and hazardous situations.
It is perfectly fine to use publicly available information on a competitive device if you don’t already have your own device in the market. A useful source is the FDA’s Manufacturer and User Facility Device Experience (MAUDE) database. Although this database is not useful to estimate the rate of occurrence, it can be used to identify adverse events such as malfunctions and serious injuries associated with a similar device. If the particular medical device under development is a breakthrough innovation, it may be useful to conduct focus group discussions with key opinion leaders with experience in the target therapeutic area for the medical device.
A PHA is a method of analysis to define hazards and hazardous situations that may lead to potential harms for a particular medical device in different use scenarios. It is particularly useful in the early phase of product development, where it can provide key inputs from the safety point of view. It can be linked to underlying risk analysis tools such as an FMEA, which are particularly useful for analyzing risk of device failures and implementing appropriate controls. When implemented in this way, a PHA helps to not only comply with the requirements of ISO 14971 but also provides an effective mechanism to analyze post-market information related to safety and take appropriate action.
- ISO 14971:2019 – Medical devices – Application of risk management to medical devices
- ISO/TR 24971:2020 – Medical devices – Guidance on the application of ISO 14971
About The Author:
Naveen Agarwal began his consulting practice in 2017, with the goal of helping medical companies build safe products through quality systems that are not only compliant to regulatory requirements but also focused on the needs of patients and physicians. He has 20 years of industry experience in leadership roles ranging from R&D to product quality and business analytics. As a result, he has a broad and deep expertise in all of the core functions involved in the lifecycle of medical products. His consulting practice focuses on problem-solving in the areas of risk management, quality systems, customer experience, and quality culture. You can contact him at Naveen.Agarwal@ExeedQM.com and connect with him on LinkedIn. Agarwal also runs a hands-on, virtual workshop on ISO 14971: Creating and Implementing a PHA.