TGFR Consulting LLC Risk analysis based upon the clinical use of the device must be performed prior to concept elaboration (the development of design inputs). Risk Analysis establishes essential requirements, the requirements associated with safety. These essential requirements will be blended with the concept realization to form the basis of the final design inputs.
The following table describes the inputs and outputs of the Risk Analysis Process
Risk Analysis SIPOC
| Inputs | Key Activities | Outputs |
|---|---|---|
| Clinical Use The clinical use of the device Clinical Use Error Data Data on the use errors and rates associated with the data Clinical Hazards and Harms The clinical hazards and harms associated with the therapy | Hazard/Harm Identification Linking the clinical hazards and harms and assigning probabilities Phases and Function Identification Identification of the phases and the associated functions associated with the delivery of a single therapy or exam Hazardous Situation Development Identifying the sequence of events and the hazardous situations Mitigation Development The development of the essential requirements, the requirements that mitigate risks | Essential Requirements The mitigations associated with the inherent risks of the therapy |
Risk analysis identifies the essential requirements, that is, the actions or mitigations that ensure the inherent safety of the therapy or procedure. These essential requirements represent key inputs for concept elaboration and the development of the overall design inputs. The workflow for risk analysis follows the workflow noted in ISO 14971 Annex E (ISO, 2012). The following figure details that workflow
Risk Analysis Workflow
The following table details the definitions associated with risk analysis
Risk Definitions
| Item | Definition |
|---|---|
| Harm | Physical injury or damage to the health of people, or dam-age to property or the environment. Harm is established by the Medical team and directly relates to the possible consequences of hazards associated with the therapy or procedure |
| Severity | The quantification/scaling of the effects of the harm |
| Hazard | A potential Source of Harm |
| Failure Mode | A failure, either of the device or the user, that leads to a hazard |
| Sequence of Events | The failure, and subsequent actions/activities that lead to a hazardous situation |
| Hazardous Situation | Circumstance in which people, property, or the environment are exposed to one or more hazard(s). A hazardous situation is a composite concept, combining a specific hazard failure mode and sequence of events. |
| Risk | The probability of occurrence of harm and the consequences of that harm |
| Residual Risk | The risk remaining after the application of risk control measures |
| Risk Evaluation | The determination of the acceptability of the residual risk |
Most previous approaches to implementing the concepts of ISO 14971 Annex E have taken a device centric approach relative to the identification of hazardous situations and harms. But as shown in the following figure, the device centric approach does not address the full range of possible hazardous situations associated with the therapy or procedure
Device Centric versus Therapy/Procedure Centric Analysis
The therapy or procedure centric approach aligns well with the safety case approaches put forth by the FDA in recent years. The FDA (Chapman, 2012) defines a safety case as the following
A structured argument, supported by a body of evidence, that provides a compelling, comprehensible and valid case that a system is safe for a given application in a given environment
Safety cases focus on whether or not the therapy or procedure is safe, and that the device performs as a part of the overall therapy or procedure. In addition, the FDA (FDA, 2014) stress that the safety claims associated with the safety case analysis should focus upon the mitigation of the following types of hazardous situations
- User interface and human factors related
- Software-related
- Electrical
- Mechanical
- Operational
- Environmental,
- Biological
- Chemical,
Clearly, a device centric approach cannot address the full scope of mitigations associated with safety case analysis.
In addition to developing an approach that meets the needs of safety case analysis, the approach to risk analysis requires addressing an increased focus on usability and use errors. Standards such as IEC 62366-1:2015 (IEC, 2015) stress an approach that analyzes the clinical application to identify situations of misuse. These foreseeable misuse situations must be addressed by the design.
The therapy centric risk process detailed in the following sections derives from what has been come to be known as criticality analysis (IEC, 2006). Criticality analysis, in keeping with its linkage to military actions, focuses on steps needed to execute a “mission” and the failures that can impact the execution. As defined in criticality analysis, a failure is linked to the impact upon the overall “mission”. The same failure can have different criticality based upon what mission activity or operational phase is associated with the failure. This establishes the following linkage.
Failure -> Mission Activity -> Mission Impact
In a therapy centric approach to risk analysis, the “mission” is the delivery of a single therapy or execution of a single procedure. Mission impact is the harm to which the patient may be exposed. In the context of ISO 14971 definitions, criticality analysis systematically maps failures to hazards, hazardous situations and the overall therapy. The basic flow follows that of the ISO 14971 workflow, specifically
- Identify the Hazards and Harms for the device
- Identify all of the hazardous situations using the concept of operational phases
- Assign risk to each hazardous situation based upon the operational phase
- Identify mitigations when necessary
In subsequent posts each of these activities will be examined in detail.