By Jayet Moon, author of the book Foundations of Quality Risk Management
In the context of ISO 14971:20191 and risk management for medical devices, manufacturers and designers are often confused about the implementation of hazard analyses and FMEAs (failure modes and effects analyses), especially since this standard takes a hazard-based approach. The question whether FMEAs have a place in this hazard-based approach is often raised, and some make the mistake of assuming that FMEAs are excluded from the hazards-based approach of risk management. This is far from true, as illustrated in Figure 1 below. The truth is that this approach, as championed by the 2019 version of the standard, encompasses rather than excludes the FMEA-based approach.
The sequence of events between a hazard and a hazardous situation and the failure mode are more closely related than one would think. The sequence of events refers to the chain of events that can occur from a hazard to a hazardous situation. The failure mode, on the other hand, represents the specific way in which a medical device can fail or malfunction, leading to a hazardous situation. Previous versions of ISO 14971 (2007) have identified failure modes as “initiating events and circumstances.” ISO 14971:2019 does not directly identify failure modes.
Figure 1: FMEA and hazard-based risk management
The failure mode can be considered as either the initiating event in the sequence of events or the initiating event for the hazard itself. ISO 14971 seems to implicitly state that a failure mode can create hazards that need to be analyzed. The standard is purposefully not explicit, as this can be a tricky thing to parse, especially in the case of complex devices.
Failure mode represents the specific event or condition that can lead to the occurrence of a hazardous situation, which in turn can lead to harm to the patient or user. For example, if the sharp edge on a surgical scalpel is a hazard, the failure mode may be the blade becoming dull, discontinuous, or chipped (loss of sharpness), leading to a hazardous situation where the blade can cause cuts or lacerations to the user. Likewise, the chipping of the blade itself can be viewed as a trigger event for a hazard, with its contact with skin as a hazardous situation. Both approaches can be correct, but they will lead to vastly different organization of risk files and occurrence calculations therein. The key is the identification of “sequence of events” and how that makes sense for your device.
In the context of usability engineering for medical devices, the sequence of events and failure mode can be related to use errors, which are errors or mistakes made by users during the operation of or interaction with a medical device.
The failure mode in this case can be considered as the specific way in which the medical device can fail or malfunction due to user interaction or operation. For example, a failure mode could be a user pressing the wrong button, entering incorrect data, or misinterpreting the display or instructions.
The sequence of events, on the other hand, may encompass the progression of events from the failure mode to the hazardous situation, and finally to the occurrence of harm. For example, a user entering incorrect dosage information into a medication infusion pump could lead to a hazardous situation where the patient receives the wrong dosage, resulting in harm.
Understanding the relationship between the failure mode and the sequence of events in the context of use errors is crucial in identifying and managing usability risks associated with a medical device.
By identifying the failure modes that can arise due to use errors and understanding how they can lead to hazardous situations and harm, appropriate usability design measures can be implemented to prevent or mitigate potential harm to patients or users. This may include improving the design of user interfaces, improving reliability, providing clear and intuitive instructions, incorporating error prevention mechanisms, and conducting usability testing with actual users to identify and address potential use errors and their associated sequence of events.
The largest advantage FMEAs have over hazard analyses is the overt focus on reliability. Especially in the case of complex electrical devices with various subcomponents and assemblies, FMEAs and criticality analysis allow for good reliability risk management. The hazardous situation does not lend itself that well to reliability risk evaluation; however, it brings in the most important focus on patient risk. Thus, in a way, the “probability of harm” is deciding the criticality of whatever failure modes lie on the hazard-hazardous situation spectrum.
It must be kept in mind that the device does not have to fail to lead to a hazard or a hazardous situation. Hazard analysis need not necessarily limit itself to the reliability of the device but rather focuses on its overall safety instead. Only FMEA may fail to cover all safety risks, even though it may cover all reliability risks. Thus, hazards analyses are necessary to fully assess the risk profile of any medical device. Medical device manufacturers must aim to best harmonize safety and reliability risk management to produce safe and effective medical devices.
- ISO. Application of Risk Management to Medical Devices. 14971:2019. 2019. https://www.iso.org/standard/72704.html. Geneva, Switzerland.
About The Author:
Jayet Moon earned a master’s degree in biomedical engineering from Drexel University in Philadelphia and is a Project Management Institute (PMI)-Certified Risk Management Professional (PMI-RMP). Jayet is also a Chartered Quality Professional in the UK (CQP-MCQI). He is also an Enterprise Risk Management Certified Professional (ERMCP) and a Risk Management Society (RIMS)-Certified Risk Management Professional (RIMS-CRMP). He is a Fellow of the International Institute of Risk & Safety Management. His new book, Foundations of Quality Risk Management, was recently released by ASQ Quality Press. He holds ASQ CQE, CQSP, and CQIA certifications.