Your entry into the risk management of medical devices

What does risk management have to do with medical devices?

Medical devices should help patients, they should bring a benefit. But how do they do that? In short: In a mainly physical way. This is clear from the definition of a medical device.

So if you look at a device that is supposed to provide a benefit through a physical action, that device must affect the human body in some way. However, any kind of influence not only has the possibility of a benefit, but also risks.

It is precisely these risks that must be analysed and controlled within the framework of risk management (RM) - so that the benefits outweigh the risks and thus medical devices guarantee a high level of safety.

What exactly is a risk?

A risk is the combination of the probability of occurrence of damage and the severity of that damage [ISO 14971].

At this point it can be seen that statistical probabilities have a great influence on risks. Here, the actual, objective risk often differs enormously from the subjectively perceived risk.

Here is a small example:

You play the lottery regularly and hope to win. You know that the chance is small - but maybe you are lucky.

You smoke regularly and are sure that you will not get lung cancer. You are sure that you will not get it.

So the chance of winning the lottery is small, but possible. You also estimate the probability of lung cancer as low but negligible. Both perceptions are very subjective. What do the objective numbers say? Your chance of winning the lottery is 1 in 140 million. Your chance of getting lung cancer is about 95,000 in 140 million.

In short: In order to make meaningful statements about risks, the corresponding probabilities of occurrence must be taken into account just as much as the severity of the disease.

Why is risk management so important?

We all want safe medical devices. Medical devices vary enormously in their complexity. So how is it to demonstrate in a comprehensible way that a device has been designed safely? Or how is it to be ensured during development that the product is designed safely?

This is where ISO 14971 comes in. It provides a systematic framework that forces manufacturers to deal intensively with the risks of their products. Especially in the case of complex or high-risk products, a risk management process enables risks to be identified, analyzed and reduced.

In other words, risk management is so important because it is the basis for safe medical products.

When do you have to manage risk?

Many people think that you create the risk management files in development and then you're done. However, ISO 14971 requires that the process takes place during the entire product life cycle. That means until the disposal of the product.

New risks are often only identified after the product is placed on the market as part of post-market surveillance. Such risks must be fed into the RM process afterwards in order to derive any necessary measures.

Does risk management really make my device safer?

Yes. Regardless of the application of ISO 14971, everyone manages risk to some extent.

Another example: You develop a scalpel and think you know the product is safe. So you do not need RM measures. You have designed the scalpel so that only the cutting edge is sharp and the handle fits well in the hand. You have just looked at the usability of the product in addition to risk management.

Our recommendation

Would you like to learn more about this topic? We invite you to read our blog regularly. In the following articles we will not only present the risk management for medical devices but also show you where the risk-based approach is particularly applied in quality management.