Risk management is the hotspot for medical device safety. Therefore, risk management has interfaces with all processes that may have an influence on product safety. One of these interfaces is with clinical evaluation, which is explicitly required by MDR 2017/745 and is to be reviewed by notified bodies. However, this is no surprise. Risk management experts know that this interface existed even before the MDR.
What makes the interface of clinical evaluation and risk management so challenging?
All medical devices have risks. To generate a benefit, risks must be accepted. Product-related risks are covered by risk management, in which they are identified, evaluated, and reduced. This is also where the discussion about the acceptance of risks takes place.
Risks can occur with the medical device based on the intended purpose or reasonably foreseeable misuse in normal and fault condition. The goal of risk management is not to eliminate all risks, but to ensure that the benefits of a medical device outweigh the risks. It will not be possible to eliminate all risks, but at some point in risk management, the saturation point is reached where further measures either cause further risks or adversely affect the benefit. Therefore, the focus cannot be solely on the failures and technology perspective of the product.
Example: Elimination of electrical energy in the defibrillator. This measure eliminates the hazard and makes the product inherently safe, but it also eliminates the benefit, which makes the product useless.Nevertheless, in practice, manufacturers often separate the technology and the application perspective of products, and risk management focuses solely on the perfection of the technical design. This happens because risk management in medical devices industry is relatively new and often FMEA was the common approach in other industries. As a result, the normal condition and the application perspective in risk management are omitted with the argument that the product technically functions as planned. Consequently, risk management analyzes the technical world and clinical evaluation focuses on the clinical application. Since the worlds appear to function autonomously and have established their own processes, it is difficult to connect them retrospectively.
Can the two worlds really function autonomously?
A risk according to ISO 14971 consists of different elements. Sequence of events can result in hazards or hazardous situations, which can lead to harm. Since clinical evaluation also considers harm, a complete separation of these processes is already ruled out at that point. However, since risk management is in many cases focused on failures and technical considerations, only little information for clinical evaluation can be produced, since the overlap lies in the application of the product. Risk management according to ISO 14971 explicitly focuses on exposure due to the hazardous situation, so no risks can occur without application of the medical device. Even a potentially safety-relevant failure does not lead to harm if no one is exposed.
Example: A failure in production has resulted in parts being manufactured with sharp edges. However, if these parts are internal and not touchable, no risk for the patient or the user can occur.The interface to clinical evaluation is not just an additional requirement, but an inherent part of the risk management process. ISO/TR 24971 even lists the clinical expert with clinical evaluation expertise as part of the risk management team. Only through input from the application perspective, risk management can identify risks and provide a complete risk profile that looks at all harms related to the product, including harms in the normal condition.
So what does this interface look like?
There is no concrete answer to this question. Despite the requirement for an explicit interface, there is no regulatory solution. Regulations are providing only a few terms, but these are not defined at all or the definition is insufficient. As a result, each manufacturer must model a working interface for their processes themselves.
At Escentia, we have compared all the relevant regulations and modeled a possible solution to this challenge.
First, a clinical expert must be on every risk management team. Without a clinical expert, risks cannot be analyzed. Even without a process interface, clinical evaluation is already represented by the clinical expert resource in every risk management file.
ISO 14971 risk management considers all device-related risks based on intended use or reasonably foreseeable misuse in both normal and fault condition. Accordingly, all risks that are not device-related are not in the scope of ISO 14971. These are risks that may occur during a procedure but are not caused by the medical device under consideration.
Example: anesthesia complications during the insertion of an implant. The manufacturer has no influence on these risks and therefore they are not considered by the risk management process. They only come into play during the overall residual risk assessment. The procedure-related risks do not refer to the direct interfaces of the medical device. These must be covered by the risk management file.
Example: Risks caused by specific instruments for inserting the implant, which can damage the implant (interaction of the interface with the product under consideration).The foreseeable product-related risks are divided into two groups. In normal use, the product is used in accordance with the product accompanying documentation. Use errors may occur here, otherwise the application without use error is referred to as correct use. An application outside the product documentation is an abnormal use, such as off-label use.
The clinical evaluation considers risks that can occur during the medical procedure. Here, the product-relation has no relevance. In contrast to risk management, clinical evaluation considers the entire medical procedure and addresses the alternative methods/treatments to quantify the benefits of the medical device. For this evaluation, the risks caused during the procedure by other products or by the procedure itself are also needed.
Example: Difficulties in wound healing when using telescopes in a minimally invasive procedure.
Risks that occur in abnormal use are not included in the product-related risks. If these are identified in the clinical data, this needs to be transferred to risk management. Only if repeated misuse is uncovered, this will require its own benefit-risk analysis in the clinical evaluation, and, depending on the outcome, further action.
Another major difference is that clinical evaluation only considers risks during clinical use. Risks in the other phases of the life cycle, such as installation, transport, are analyzed only in risk management.
Example: During installation, the instructions are not followed, and the device attached to the ceiling falls onto the technician.Consequently, all safety-related information flows into risk management. When starting or updating a clinical evaluation, all potential patient harms and their cumulated probability is included in the clinical evaluation plan and may influence literature and database searches. Safety-relevant information identified during the creation of the clinical evaluation also is seen as input for risk management.
In the clinical evaluation, all potential harms to the patients and their respective cumulated probability (included from the risk management or uncovered in the clinical evaluation) are included in the assessment of the benefit/risk ratio. The result is returned to risk management, where the overall residual risk evaluation can be performed. Here, it is confirmed that also all other risks that were evaluated by the clinical evaluation do not outweigh the benefits. The overall residual risk evaluation evaluates the safety of the product over its entire life cycle.
This is one way to design the interface and distribution of risks. It is not the only way, as there is currently no clearly defined interface in the regulations. The actual implementation depends on the company-specific processes. Our focus was to distribute the information to the processes that can handle it and to reduce the overloading of files. The intention is not to omit information. All information has its relevance and must be considered.
Contact us
Get in contact to find out how we can help your team.