risk management for medical devices - asq raleigh：医疗器械的风险管理——asq罗利

Risk Management for Medical Devices,Safe and Effective ProductsPaul McDanielASQ CQM/OEExecutive VP Operations and QASicel Technologies,Overview,Product Life Cycle Model RoleProcess HintsIn-depth discussion of a Risk Management Analytical Tool: FMEA,Risk Management Defined(a practitioners definition),Risk: probability of harm occurring AND the severity of harmRisk Management: Use of relevant information to identify possible harmful events, to assess the events acceptability in the eyes of the at risk population (probability*severity), and exert effective controls of the risk,Risk Analysis-Intended use andId of Char related to safetyof the device-Id hazards-Est risk for eachhazardous situation,Risk evaluation,Risk Control-Option analysis-Implement controls-Residual risk evaluation-Risk/benefit analysis-Risks arising from controlmeasures-Completeness of risk control,Risk Assessment,Evaluation of overallresidual riskacceptability,Risk ManagementReport,Production andpost-productioninformation,Risk Management,Adapted from ISO 14971:2007 Figure 1,Product Life Cycle Model Role,Understand the Regulatory ModelA product life cycle has many phasesInformation/Products/Design at the start of a phase is input; possibly input requirementsInformation/Products/Design at the end of each phase is outputOutputs must be verified against inputsThe model assumes verification at each phase end,Product Life Cycle Model Role,The Current State of the Risk Management Standard Assumes the Regulatory modelYou may follow the described process and be confused unless you recognize the phase boundariesHow can I determine the answer to “is risk acceptable” if Im just defining design inputsThe planned mitigation is acceptable, detail design may introduce new information, stay alert in the next phase!,Risk Management by Phase,Design Input (Hazard Analysis/Fault Tree)Focus on generating product “shall not do” or “shall comply with standard.” type of specification requirementsDetailed Design (Fault Tree/FMEA)Look to your product architecture and add architecture interface risks to your analysesFurther on, examine higher risk areas and product failure risks in detail,Risk Management by Phase,Design Verification/ValidationWatch for occurrence of anticipated but “intended to be” mitigated risksRisk Control failureAssess impact of V&V findings for new risks needing analysesWe didnt imagine that would happen: Risk?Listen to any customer feedback for risk acceptability“Those safety lock outs are too confusing to work with, can we disable them?”,Risk Management by Phase,Commercial Distribution/DisposalVigilance Reporting is a Risk Analysis Update OpportunityNEW for 2007!Production feedback into the Risk AnalysisAm I seeing higher rates of occurrence?Are new failure modes presenting themselves that we havent analyzed?Are we having control failures or excessive cause failures,Risk Analysis in Production,Non-conforming material and Material Review Board Processes?Can they effectively consider risks on each occurrence?Control charts, acceptance dataAre risk controls part of acceptance testing?Frequency of occurrence suggesting anything“Risk of failure was ranked as remote yet weve had three catastrophic hot-pot test failures this month!”,Risk Analysis in Production,Comment period,Process Considerations,Define the scope of your analysisWhat systems, what interfaces, who as user.The records produced will be subject to second guessing if harm occurs: dont allow hindsight to change the rulesDocument your information sources!When you made your risk acceptability decision, what information was available and used?We can only be diligent, not psychic,Analysis Scope,Intended Use: Use for which the product, process or service is intended according to the specifications, instructions, and information supplied by the manufacturerEssential Performance: Performance necessary to achieve freedom from unacceptable riskNote: is most easily understood by considering whether its absence or degradation would result in an unacceptable riskYou must have these two clearly in front of the analysis team.,Process Considerations,Use a Risk Source List as a ReminderISO 14971 has such listsAdd your Industrys ExperienceIf a harmful event has been reported, it has higher mitigation priority than hypothetical risksflag real occurrences in your analysesRely on accepted standardsIf there is a “test” standard, understand the underlying reason for the tests,Process Considerations,Sources of harm should suggest actionelectricity is not harmful, electrocution isA hazard existsA sequence of events leads to a hazardous situation (normal or fault conditions)The hazardous situation has a probability (P1)Harm occurs from the situationA probability of harm exists (P2)A severity of outcome can be assigned (S)Risk = S, P1 x P2,Process Considerations,While defining the system inputs, what harmful things can occur:Very early on, a “Preliminary Hazard Analysis” can screen out higher risk approachesWhat are the harmful things that the system can do considering:user, patient, environment or property (a subject),Process Considerations,Typically, the Device Design Requirements Are Broken Down Into Smaller Pieces During Detailed Designfocus on interfaces, signal and data path integritytrace system requirements to sub-systemUse Fault Tree Analysis (top down)Consider Using Failure Modes and Effects Analysis (bottoms up),Process Considerations,Observe Verification/Validation findings for unanticipated device behaviorthe best design analysts miss thingsInitiate a process for V&V findings classificationdid harm occur?, or if the behavior re-occurs, could harm occur?if I cant recreate the behavior, I still may have to mitigate it,Risk Management Process Tools,System Hazard Analysis(design input),Draw boundaries between the system and the at risk subject and define harmful eventsEnergy sent across a boundaryLook for potential to kinetic energy transitiondid you control the transitionChanges in state may be potentially harmfulYour seed list may leave you with many “deferred answers”,Probability and Severity Estimates,Risk management relies on expert judgment so dont let novices work alone!Focus on one device, one device lifetimeSet Quantitative or Qualitative criteriahigh probability is.several times in a device lifetime?, 1 per million usesmoderate injury is.medical attention to return to pre-risk exposure state,Probability and Severity(use graphical techniques),Increasing Severity,Increasing probability,unacceptable,okay,Increasing Severity,Increasing probability,no risk or too great a risk is easy, what about moderate risks?,Split up the quadrants to refinethe estimates in stages of analysis,Detailed Risk Analyses,One of the more popular design evaluation tools is the Failure Modes and Effects Analysis (FMEA)IEC 60812, Analysis techniques for system reliability - Procedure for failure modes and effects analysisFMEA is used more for design evaluation than for design developmentWorks for manufacturing processes too!,Detailed Risk Analyses,Definitions:FMEA: a structured analytical technique which determines relationships between basic element failure characteristics and the system failuresFailure mode is how a failure manifests itself (system shuts down)Failure mechanism is why a failure occurs (defect in the transistor silicon),Process Needs for a FMEA,Prior risk analysis work to build on if availableSystem level harmful events will be analyzed to see how component/assemblies may contribute to the harm causeSystem failure and degraded modes definitionsfunctional block diagrams may be needed for each operating/failure mode,FMEA Process Needs,a design solution, down to the component level