Anda di halaman 1dari 21

Presentation title

Date

1

Understanding the changes to the risk standard for medical devices: EN/ISO 14971:2012

Peter Bøge Informa Post Market Surveillance and Vigilance conference Amsterdam, 24. -26. February 2014

Presentation title Date Understanding the changes to the risk standard for medical devices: EN/ISO 14971:2012 Peter

Presentation title

Date

2

Background

Peter Bøge

• >20 years working with development processes within medical devices

>15 years working in ISO and IEC with

ISO14971 Risk Management,

IEC6366 Usability

IEC60601-1 Safety of electrical medical devices

Presentation title Date Background • Peter Bøge • >20 years working with development processes within medical

Presentation title

Date

3

A gruesome story, with a happy end, starring the PMS-hero

1. Why the risk standard has been amended

  • 2. Examining the content deviations in Annex ZA, ZB and ZC and how this will impact medical device and IVD manufacturers

  • 3. Clarifying how medical device manufacturers should adapt to meet the requirements of the standard

  • 4. Some open questions

Presentation title Date A gruesome story, with a happy end, starring the PMS-hero 1. Why the
Presentation title Date A gruesome story, with a happy end, starring the PMS-hero 1. Why the

Presentation title

Date

4

1. Why the standard has been amended: History

In the MDD from 1993 Essential Requirements were phrased ambiguously regarding risk mgt. However consensus until the EU Commission in 2011 raised a warning to deharmonise ISO14971.

CEN communicated with the EU Commission, initially aiming at convincing the Commission,

Having failed in that, CEN wrote Annex Z explaining, where the Commissions saw it not meeting the Essential requirements of the MDD, spelled out as 7 “Content deviations”.

Resulting in the European EN14971:2012, with Annex Z being the only difference to ISO14971:2007.

The ISO “JWG 1” for ISO14971 has continually been following the talks with the Commission and given scientific advice to CEN. But has no formal role.

Presentation title Date 1. Why the standard has been amended: History • In the MDD from
Presentation title Date 1. Why the standard has been amended: History • In the MDD from
Presentation title Date 1. Why the standard has been amended: History • In the MDD from

Presentation title

Date

5

1. Why the standard has been amended:

The resulting EN14971

EN ISO14971:2012 is one of a kind:

An Annex is not normative - but this Annex Z contains normative requirements,

The “content deviations” are stated to be from the

original 1993 MDD - but for most readers, they are new requirements. Standards usually become mandatory after e.g. 3

years - this became mandatory 19 years ago (!) Let’s hope it will remain a one of a kind.

Some of the deviations are raising the bar/ “adding to requirements”, some seem to conflict with the risk mgt principles of ISO14971, the industry and risk mgt. science.

Presentation title Date 1. Why the standard has been amended: The resulting EN14971 • EN ISO14971:2012
Presentation title Date 1. Why the standard has been amended: The resulting EN14971 • EN ISO14971:2012

Presentation title

Date

6

The question of the Essential Requirements 1-4

The existing ER do not seem to express the requirements in Annex Z well. The proposed new ones have ben fitted to do that

So now it’s a bit more clear

But are they the right ones?

Presentation title Date The question of the Essential Requirements 1-4 The existing ER do not seem

Presentation title

Date

7

1. Why…Differences between US and EU

FDA (U.S.A.) and EU

• New requirements are also coming from FDA • Unlike EU they target using internationally recognized standards more, not less • Unlike EU FDA is actively involved in standardization

E.g. ISO14971 & IEC62366.

• Unlike EU FDA seems more committed to discussing practical issues in industry regarding new requirements.

Part of the standardization process

• FDA seems more interested in raising the bar for data (related to e.g. risk mgt.) than “principles”.

Principles are part of the standardization process

Presentation title Date 1. Why…Differences between US and EU • FDA (U.S.A.) and EU • New
Presentation title Date 1. Why…Differences between US and EU • FDA (U.S.A.) and EU • New
Presentation title Date 1. Why…Differences between US and EU • FDA (U.S.A.) and EU • New

Presentation title

Date

8

2. The impact of content deviations in Annex Zx

Content deviation

Impact.

Issues?

1.

   

“Treatment of negligible risks:

A statement in

- i.e. also the

manufacturer must take all risks into account when assessing Sections 1 and 2 of Annex I … of the directive.”

the Risk Mgt Report may be sufficient

acceptable/small ones. How to demonstrate that you have identified all risks?

2.

   

“Discretionary power of manufacturers as to the acceptability of risks: all risks have to be reduced as far as

Update of RM Report may be sufficient

How to demonstrate that you have reduced all, potentially many small, risks?

possible and that all risks combined, regardless of any "acceptability" assessment, need to be balanced,

What does “combined” mean?: “Add”? - “Fault Tree”?

together with all other risks, against the benefit of the device.”

Is this the right focus?

Presentation title Date 2. The impact of content deviations in Annex Zx Content deviation Impact. Issues?
Presentation title Date 2. The impact of content deviations in Annex Zx Content deviation Impact. Issues?
Presentation title Date 2. The impact of content deviations in Annex Zx Content deviation Impact. Issues?

Presentation title

Date

9

The question of harmonized standards

Do the content deviations also apply to risks that have been addressed by meeting a standard?

• E.g. IEC60601-1 series or ISO10993 series.

If yes, what then is the point in having harmonized standards?

If not, is the concept of “risk” in MDD different from that in ISO14971? Suggestion:

• “14971- Risk” can be reduced to an acceptable level, but not to zero .. • “MDD –Risk” cannot be reduced to acceptable level, but may be “eliminated” by meeting a harmonized standard.

Presentation title Date The question of harmonized standards • Do the content deviations also apply to

Presentation title

Date

10

2. The impact of content deviations in Annex Zx

Content deviation Impact. Issues? 3. 1. “Risk reduction "as far as possible" versus "as low as
Content deviation
Impact.
Issues?
3.
1.
“Risk reduction "as far as
possible" versus "as low as
reasonably practicable":
manufacturers
and Notified Bodies [!] may not
apply the ALARP concept with
regard to economic considerations.”
Update of
RM Report
may be
sufficient
If disregarding that “As Far As
Possible” usually is reserved
nuclear plants-safety (i.e. issue
with the science of RM),
2.
And disregarding the economic
considerations of society (who is
the ultimate payer), then:
3.
You can still apply ALARP on
technical considerations (State of
the Art).

Presentation title

Date

11

2. The impact of content deviations in Annex Zx

Content deviation

Impact.

Issues?

4.

   

Discretion as to whether a risk-benefit analysis needs to take place: the manufacturer must undertake the risk- benefit analysis for the individual risk and the overall risk-benefit analysis (weighing all risks combined against the benefit) in all cases.

Update of RM Report may be sufficient

If the Clinical Evaluation report is used. Makes sense for injection devices. Makes less sense for devices used in complex medical procedures: Then it is truly a new requirement.

Presentation title Date 2. The impact of content deviations in Annex Zx Content deviation Impact. Issues?
Presentation title Date 2. The impact of content deviations in Annex Zx Content deviation Impact. Issues?

2. The impact of content deviations in Annex Zx

ISO 14971, 6.2:

The manufacturer shall use one or

more of the following risk control options in the priority order listed:

a)

inherent safety

by design;

b)

protective

measures in the medical device itself or in the

manufacturing

process;

c)

information for

safety.

Content deviation

Impact.

6.

 

“Deviation as to the first risk control option:

Update of RM Report

Eliminate or reduce risks as far as possible (inherently safe design and construction)"

may be sufficient

5.

 

“Discretion as to the risk control

Update of

options / measures: the

RM Report

manufacturer must apply all the "control options" and may not stop his endeavours if the first or the second control option has reduced the risk to an "acceptable level" (unless the additional control option(s)

may be sufficient

do(es) not improve the safety).”

Issues?

Some think it’s a new requirement. How to demonstrate that you’ve done “all”?

Some think it’s a new requirement. How to demonstrate that you’ve done “all”?

2. The impact of content deviations in Annex Zx ISO 14971, 6.2: The manufacturer shall use

The question of “as far as possible” vs. ALARP?

Presentation title

Date

13

At some point tests will not demonstrate any effect of additional risk control measures

• Shall the manufacturer still do all possible that MAY reduce risk?

Difficult to see happening in the real world

• Or only all possible that demonstrably reduces risk?

I.e. if data from e.g. test demonstrates a lower probability or severity of harm or both.

“State of the art”, e.g. based on market data and literature, is till needed

But if you have to do as much “as possible”

For all risks, big or small,

• Until state of the art makes it impossible to do more, • Then it’s not ALARP that has been abolished

It’s all ALARP!

The question of “as far as possible” vs. ALARP? Presentation title Date 13 • At some

2. The impact of content deviations in Annex Zx

2. The impact of content deviations in Annex Zx Content deviation Impact. Issues? Information of the
2. The impact of content deviations in Annex Zx Content deviation Impact. Issues? Information of the
Content deviation Impact. Issues? Information of the users influencing the residual risk: “b) However, the last
Content deviation
Impact.
Issues?
Information of the users influencing
the residual risk:
“b) However, the last indent of
Section 2 of Annex I to Directive
93/42/EEC says that users shall be
informed about the residual
risks. This indicates that, according
to annex I to 93/42/EEC and
contrary to the concept of the
standard, the information given to
the users does not reduce the
(residual) risk any further.
c) Accordingly, manufacturers shall
not attribute any additional risk
reduction to the information
given to the users.”
If warnings have
reduced risk
scoring (e.g. RPN),
then analysis has to
be redone.
1.
Difference
between
warning and risk
disclosure?
2.
To justify safety of
existing products,
one way is PMS
data analysis.
Probably the most
effective and easy
way.
Some warnings
are required by
standards
3.
Existence of
Instructions
For Use
(prescriptive
description of
tasks) will still
reduce risk!!!

Presentation title

Date

15

3. How manufacturers should adapt

Presentation title Date 3. How manufacturers should adapt • Go through the “Content Deviations” - Identify

Go through the “Content Deviations” - Identify gaps in your documentation.

Some Content Deviations may be fixed with adding statements to the Risk Mgt. Report.

• Some deviations can only be addressed by statements, not by data (e.g. #6, reducing risk as far as possible)

You may need to introduce risk benefit analysis.

#7: Most will have to remove warnings from risk scoring (“RPN”):

Potentially biggest issue.

Presentation title Date 3. How manufacturers should adapt • Go through the “Content Deviations” - Identify

Presentation title

Date

16

3. How manufacturers should adapt

Content deviation 7 usually requires more: Usually update of Risk Analysis and – worse - labelling:

  • 1. Remove warnings as a RCM from the risk scoring (RPN calculations).

  • 2. Do not remove them from the actual IFU/labelling.

    • 1. May be required by standards or even legislation

    • 2. And maybe they actually do have a risk reducing effect!

  • 3. Re-calculate the risk score (e.g. RPN).

  • Presentation title Date 3. How manufacturers should adapt • Content deviation 7 usually requires more: Usually

    ÷

    Presentation title Date 3. How manufacturers should adapt • Content deviation 7 usually requires more: Usually
    • 1. Identify any seemingly INTOLERABLE risks.

    • 2. Assuming that PMS process has not indicated safety issues, – are they INTOLERABLE? No.

    =

    • 3. You may therefor do a new risk ESTIMATION – the rationale being that the risk estimates have not been linked as close to PMS data, as they should have been

    Presentation title Date 3. How manufacturers should adapt • Content deviation 7 usually requires more: Usually
    Presentation title Date 3. How manufacturers should adapt • Content deviation 7 usually requires more: Usually

    Presentation title

    Date

    17

    A review of sources for risk estimates

    • ISO 14971, 5. “NOTE 6 • Information or data for estimating risks can be obtained,
    • ISO 14971, 5. “NOTE 6
    • Information or data for estimating risks can be
    obtained, for example, from:
    • a) published standards;
    • b) scientific technical data;
    • c) field data from similar medical devices already in use
    including published reported incidents;
    • d) usability tests employing typical users;
    • e) clinical evidence;
    • f) results of appropriate investigations;
    • g) expert opinion; and
    • h) external quality assessment schemes.”
    • D 3.2.1. “Seven approaches are commonly
    employed to estimate probabilities:
    • use of relevant historical data;
    • prediction of probabilities using analytical or simulation
    techniques;
    • use of experimental data;
    • reliability estimates;
    • production data;
    • post-production information; or
    • use of expert judgment.”

    All may be used, but some are more practical or convincing than others

    If available, market feed back data is fastest, cheapest and most convincing

    Agree your approach with your Notified Body before

    Presentation title Date A review of sources for risk estimates • ISO 14971, 5. “NOTE 6

    Presentation title

    Date

    18

    Review risk analysis on marketed products

    • 1. A ISO14971 compliant system will have established links between

    Risk, incl. Failure Mode: How a failure is observed (should be searchable in e.g. a FMECA, but may not be).

    - and codes for Complaints

    – leading again to found Technical Errors

    • 2. Risk Analysis: Do ERRORS happen?

    PMS: Complaints indicate presence of ERRORS

    • 3. Risk Analysis: Do ERRORS lead to harm? With what SEVERITY?

    PMS: Adverse-events indicate medical consequences of ERRORS

    PMS: Complaints without Adverse Events may indicate low severity scenarios

    • 4. In less-than-perfect complaint handling this may require expert judgment (i.e. meetings between Risk and PMS people)

    Presentation title Date Review risk analysis on marketed products 1. A ISO14971 compliant system will have
    Presentation title Date Review risk analysis on marketed products 1. A ISO14971 compliant system will have
    Presentation title Date Review risk analysis on marketed products 1. A ISO14971 compliant system will have
    Presentation title Date Review risk analysis on marketed products 1. A ISO14971 compliant system will have

    Presentation title

    Handling the critical risks

    You may end up with 2 -10 risks, with both complaints and adverse events.

    • Users will face the ERROR from time to time.

    • And some will experience HARM • You have monitored these risks, and determined that they are acceptable.

    The remaining risks:

    Should as per this analysis, be lower.

    Update your risk analysis accordingly

    You may have done this to perfection (as you should acc. to ISO14971), or you may not

     

    Date

    19

    P5

             

    P4

             

    P3

       

    X

       

    P2

         

    X

     

    P1

       

    X

    X

     
     

    S1

    S2

    S3

    S4

    S5

    Presentation title Handling the critical risks • You may end up with 2 -10 risks, with

    Presentation title

    Date

    20

    Critical risks in Information For Safety

    For residual risks that are judged acceptable, the manufacturer shall decide which residual risks to disclose

     

    and what information is necessary to include in the accompanying documents (ISO14971, 6.4)

    I.e. the “critical” risks

    But may not describe all needed elements:

    • But may not describe all needed elements:
    • 1. Error: What not to do (warning),

    • 2. Resulting probability

    • 3. Consequence (harm) and

    • 4. Severity.

    E.g. “Do not press button, as this may lead to burns, requiring healthcare intervention.

    Impact

     

    This old requirement is NOT part of Annex Z

    But weaknesses if any, become clear

    And may – if applicable – be the most costly part! But that’s another story…

    +

    Presentation title Date Critical risks in Information For Safety • “ For residual risks that are
    Presentation title Date Critical risks in Information For Safety • “ For residual risks that are
    +
    +
    Presentation title Date Critical risks in Information For Safety • “ For residual risks that are

    Presentation title

    Date

    21

    Thanks for listening!

    Presentation title Date Thanks for listening!
    Presentation title Date Thanks for listening!