risk management
DESCRIPTION
Author: Monitoring Dept., Suyun Medical May 2005TRANSCRIPT
1
Risk Management
FOR MEDICAL DEVICE
Monitoring Dept., Suyun Medical
May 2005
2
What is Risk Management?A process which will:
Identify risksWeigh costs versus benefitsEliminate unnecessary risk
Three rules of risk management:Benefits must exceed CostAccept no unnecessary RiskDecisions must be made at the appropriate Level
3
What is Risk Management for?
For ensuring the safety of
medical devices!
4
Risk Management Worksheet
Required for all operations/training
Completed during planning phase
Reviewed before operations/training
5
Standards for Risk Management
In USA
- “Design Control Guidance for Medical Device Manufacturers”
• March 11, 1996
- “Guidance for the Content of Premarket Submission for Software Contained in Medical Devices” “ODE Guidance”
• May 29, 1998
6
Standards for Risk Management
In China
- YY/T0316-2001
• IDT ISO14971-1:1998
- YY/T0316-2003
• IDT ISO14971:2000
- GB 9706.X-200X
• IDT IEC601-1-4:1996
YY/T0316-2003/ISO14971:2000
Medical devices—Application of risk management to medical devices
医疗器械 风险管理对医疗器械的应用
7
Risk Management Terms
1. Intended Use/Purpose
2. Harm
3. Hazard
4. Risk
5. Residual Risk
6. Risk analysis
7. Risk evaluation
8. Risk assessment
9. Risk control
10. Risk management
8
Risk Management Terms1. Intended Use/PurposeUse of a Product, Process or Service in accordance with the specifications, instructions and information provided by the manufacturer. ANSI/AAMI/ISO 14971:2000, definition 2.5
预期用途/目的
按照制造商提供的规范、说明书和信息,对产品、过程或服务的使用。
9
Risk Management Terms2. HarmPhysical injury or damage to health of people, or damage to property or the environment.ISO/IEC Guide 51:1999, definition 3.3“Guidelines for inclusion of safety aspects in standards.”
损害
对人体健康的实际伤害或侵害,或是对财产或环境的侵害。
10
Risk Management Terms3. HazardPotential source of Harm.ISO/IEC Guide 51:1999, definition 3.5
危害
损害的潜在源。
11
Risk Management Terms4. RiskCombination of the probability of occurrence of harm and the severity of harm.ISO/IEC Guide 51:1999, definition 3.2
风险
损害的发生概率与损害严重程度的结合。
12
Risk Management Terms5. Residual RiskRisk remaining after protective measures have been taken.
ISO/IEC Guide 51:1999, definition 3.9
剩余风险
采取防护措施后余下的风险。
13
Risk Management Terms6. Risk analysisSystematical use of available information to identify hazards and to estimate the risk. ISO/IEC Guide 51:1999, definition 3.10
风险分析
系统运用可得资料,判定危害并估计风险。
14
Risk Management Terms7. Risk evaluationJudgment, on the basis of risk analysis, of whether a risk which is acceptable has been achieved in a given context based on the current values of society.ISO/DIS 14971:1999-07
风险评价
在风险分析的基础上,根据给定的现行社会价值观,对风险是否达到可接受水平的判断。
15
Risk Management Terms8. Risk assessment
Overall process of risk analysis and risk evaluation.ISO/IEC Guide 51:1999, definition 3.12
风险评定
包括风险分析和风险评价的全部过程。
16
9. Risk controlThe process through which decisions are reached and implemented for reducing risks to or maintaining risks within specified levels.ISO/DIS 14971:1999-07
风险控制
作出决策并实施保护措施,以便降低风险或把风险维持在规定水平的过程。
Risk Management Terms
17
10. Risk managementSystematic application of management policies, procedures and practices to the tasks of analyzing, evaluating and controlling risk.ISO/IEC Guide 51:1999
风险管理
用于风险分析、评价和控制工作的管理方针、程序及其实践的系统运用。
Risk Management Terms
18
What Risks Must Be Managed?Risk to safety of
patients, users, handlers
RegulatoryBusiness
Product liability
19
Risk control• Option analysis• Implementation• Residual risk evaluation/Overall risk acceptance
Risk analysis• Intended use/intended purpose identification• Hazard identification• Risk estimation (likelihood x severity)
Risk evaluation• Risk acceptability decisions
Post-production information• Post-production experience• Review of risk management experience
Risk Management Process
Ris
k as
sess
men
t
Ris
k m
anag
emen
t
ISO 14971Figure 1
20
Risk Assessment
Risk Assessment Tools1. Risk Matrix
2. PHA= Preliminary Hazard Analysis
3. FTA = Fault Tree Analysis
4. FME(C)A = Failure Mode Effects (Criticality) Analysis
5. HAZOP = Hazard Operability Analysis
6. HACCP = Hazard Analysis and Critical Control Point
预先危害性分析/生产工艺过程危险分析
故障树分析
失效模式和效应(危险程度)分析
风险矩阵
危害与可操作性/运行分析
危害分析及关键控制点
21
Risk Assessment
1. Design
2. Production
3. Premarket Notifications
4. Complaints
Applications of Risk Analysis5. MDR
6. Change Control
7. Failure Analysis
8. Etc.
22
Risk AssessmentLife Cycle
Concept & Feasibility Development Scale-Up & Transfer Production
System Level Assessment
Customer FeedbackAssessment
Design Assessment
Process Assessment
23
Risk AssessmentDesign Control
Scale-Up & Transfer
DesignControl
RiskAssessment
Requirements Plan SpecificationsTest
Methods &Results
ProductionsMethods
Change Records
RiskManagement
Plan
PreliminaryHazardAnalysis
Detailed Analysis(FMEA, FTA, HACCP, etc.)
RiskManagement
Report
Risk Reviews
ProductionDevelopmentConcept& Feasibility
Planning
24
Risk AssessmentKey Concepts of Risk
--The frequency of the potential harm;
• How often the loss may occur;
--The consequences of that loss;
• How large the loss might be;
--The perception of the loss;
• How seriously the stakeholders view the risk that might affect them.
25
Risk Assessment
Step 1 – Identify Hazards
Hazards Identification
Brainstorming PHA FTA
FMEA
EventsMDRs
Accidents Etc.
Laws Codes
Standards
List of Hazards
Note: Make it simple---Make it COMPLETE
26
Risk Assessment
Step 2 – Assess HazardsDetermine each hazard’s risk level before controls are in place. (Initial risk level)Assess:
The likelihood/probability that an accident will occur because of the hazard.The most likely result of such an accident.The overall risk level of each hazard.The overall operation initial risk level.
27
Risk Assessment
10-4 – 10-6Individual: Probably will not occur in careerAll: Possible but not probable, rare
Improbable非常少发生
< 10-6
10-2 – 10-4
10-1 – 10-2
1 – 10-1
> 1
Individual:Occurs so implausibly as to elicit disbeliefAll: Not plausible or believable
Incredible极少发生
Individual: Seldom chance of occurrenceAll: Expected to occur sometime
Remote很少发生
Individual: Occurs sometime in careerAll: Occurs sporadically or several times
Occasional偶然发生
Individual: Occurs often in careerAll: Occurs frequently
Probable有时发生
Individual: Occurs repeatedly in careerAll: Continuous experienced
Frequent经常发生
based on IEC60601-1-4Risk Likelihood (Frequency Codes)
28
Risk AssessmentRisk Severity (Severity of Consequence Codes)
Death or permanent total disability, system loss,major property damage
Catastrophic灾难的
Permanent partial disability, temporary total disability in excess of 3 months, major systemdamage, significant property damage
Critical致命的
Minor injury, lost workday accident, compensableinjury or illness, minor system damage, minor property damage
Marginal严重的
First aid or minor supportive medical treatment,minor system impairment, minor property damage
Negligible轻度的
based on IEC60601-1-4
29
Risk Assessment
Negligible Marginal Critical Catastrophic
Incredible
Improbable
Remote
Occasional
Probable
FrequentIntolerable
ALARPAs Low As Reasonably
Practicable
Broadly Acceptable
Example based on ISO 14971, Fig E.1Risk Regions
Severity
Like
lihoo
d
30
ALARP CurveIn
crea
sing
Pro
babi
lity
of O
ccur
renc
e
Increasing Severity of Harm
Intolerable Region
Broadly Acceptable Region
ALARPMaximum Tolerable
Risk
Risk Assessment
31
Preliminary Hazard Analysis (PHA)
Typically a screening tool used in the early phases of design and development For some projects it is the only tool neededNot as quantitative as FMEA/FMECA anddoesn’t require detailed product design
32
PHA Steps
Risk Matrix FormSeverity rankingsFrequency codesEstimated risk codesPHA FormOnce established should remain same for similar product classes.
33
Estimation of Risk Codes
H: High I: Intermediate
L: Low
T: Trivial
Risk must be reducedReduced to ALARP-cost a minor factor
Reduce to ALARP-consider cost/benefit
Broadly acceptable
ALARP=As Low As Reasonably Possible
34
Risk Matrix
IILTRemoteHIITOccasionalHHILProbableHHILFrequent
SevereMajorMinorNegligible
SeverityFrequency
35
PHA FormHazards Arising From Product Design
Hazard Investigation/Controls
Sev Freq Imp.
36
PHA
List known potential hazardsLiteraturePrevious projectsReportable eventsComplaints
37
Start with general product type Sterile (aseptic) liquidsApplicable standards
Move to product classContact lens solutions
Specific productDaily contact lens cleaning solution
AddressHabit—tendency to use as alwaysMistake instructionsAbuse
PHA
38
PHA Form
Sev
Hazards Arising From Product Design
Hazard Investigation/Controls
Sev Freq Imp.
Wrong Material SOPs, Crosscheck Rem I
Lack of Stability Stability studies Min Occ I
39
FMEA vs FTA
FMEA
1.Assumes component or part failure
2.Identifies functional failure as a result of part failure
FTA
1.Assumes failure of the functionality of a product
2.Identifies part/module failure as cause of functional failure
40
FMEA3.Done for entire design
4.Systematic way to predict new problems
5.A bottoms-up analysis
6.People expect the same results from FTA which is not true
FTA3.Too difficult to do for entire design
4.Systematic way to predict causes for usually know problems
5.A top down analysis
6.People do not expect the same results from and FMEA
7.Often a fault tree is used for a problem or an accident
FMEA vs FTA
41
FTA
• Assumes fault and analyzes possible causes
• Connection tool for PHA* to subsystems or modules
• Top down
• Deductive
• Evaluate system (or subsystem) failures
• Considered more structured than FMEA
• Graphical presentation--visual picture
* Preliminary Hazard Analysis
42
FTA Limitations
Only as good as inputNeeds FMEA as a complementNeeds input from many experts-can bog downHuman errors may be difficult to predictMany potential fault trees for a system
Some more usefulNeed to evaluate contribution
43
FTA Basic SymbolsBasic Flow
FAULT
AND
OR
Fault in a box indicates that it is a result of subsequent faults
Connects a preceding fault with a subsequent fault that could cause a failure
Connects two or more faults that must occur simultaneously to cause the preceding fault
44
FTA Basic SymbolsEnd Points & Connector
Basic fault (part failure, software error, human error, etc.)
Fault to be further analyzed with more time or information if needed
Transfer-in and transfer-out events
BASIC FAULT
In
45
FTA-Additional Symbols
m
Exclusive OR Gate: Fault occurs if only one of the input faults occurs
Priority AND Gate: Fault occurs if all inputs occur in a certain order
Voting OR Gate: Fault occurs if m or more out of n input faults occurs
46
FTA Conventions
TOP LEVELEVENT(FAULT)
OR GATE;--EITHERINPUT FAULT MAY
RESULT IN ANOUTPUT FAULT
OR
AND GATE-BOTHINPUT FAULTSMUST OCCUR
FOR AN OUTPUTFAULT
TRANSFER TO NEXTPAGE
AND
A
UNDEVELOPEDFAULT/HAZARD
BASIC FAULT
47
FTA Conventions
OR
AND GATE-BOTHINPUT FAULTSMUST OCCUR
FOR AN OUTPUTFAULT
TRANSFER TOANOTHER PAGE
AND
B
UNDEVELOPEDFAULT/HAZARD
BASIC FAULT
A
TRANSFERFROM OTHER
EVENT
48
Constructing a Fault TreeWrite functional requirements in negative
Functional requirement: Package OpensNegative: Package Does NOT Open
Add additional potential failuresSelect one failure to address at a timeDevelop paths of possible causes of failureBranch where necessaryFollow one branch to end
Root causeBasic eventUndeveloped event
Develop action plans
49
Undeveloped Event
Further analysisFTAFMEA
More informationJudged lower priority
50
Evaluate system (or subsystem) failures
FTA
Primary--Due to internal causes that include poor design or use of inappropriate materialsSecondary--Due to failures in the operation that include equipment failureControl--Due to failures in the systems that are in place to protect the quality and safety
e.g. raw material outside specificationfailure of safety switchfailure of test method
51
FTA Example
A
PEN WILLNOT WRITE
FLOWBLOCKED
WRONGVISCOSITY
INK NOTFLOWING
NO INK INRESERVOIR
PARTICLESIN INK
BALL TOOLARGE
BALL POINTNOT
FUNCTIONING
INK DRIED INPEN
INCORRECT MFGOF HOUSING
FILTER INK
EQUIPMENTNOT
MAINTAINED
EQUIP.CANNOT
MEETREQMTS
BALLDIAMETER
ESTABLISH PMPROGRAM
52
FTA During Design
53
FTA Lab Failure
OOS OR
Other
Lab Error OR
Outliers
Systematic
Random
OR
CalibrationError
Interference
Other
54
FTA During Reliability
AND gates are multipliedP(AND)= P(A)*P(B)
OR Gates are additiveP(OR) ≈ P(A)+P(B)
55
FTA During ReliabilityHAZARD
SYSTEMFAILURE
DRIFT>LIMIT
CMPT A FAILS CMPT B FAILS CMPT C DRIFTS REFERENCEDRIFTS
4. x 10-9
4. x 10-91. x 10-16
3. x 10-9 1. x 10 -92. X 10 -85. x 10 -9 x +
+
56
What is FMEA?What is FMECA?
FMEA
- Failure Mode and Effects Analysis
FMECA
- Failure Mode Effects and Criticality Analysis
57
What is FMEA?
Powerful prioritization tool
Inductive
High effective tool for identifying critical quality attributes
High structured
Methodical
Breaks large complex designs into manageable steps
58
FMEA
Bottom up approach
Evaluates specific failures
Detailed analysis tool
- Use in conjunction with PHA and FTA
Complements FTA
- May lead to different failure results
59
Less analyst dependent than FTA
Allows direct criticality assessment of components
Valuable troubleshooting aid
Identifies areas of weak design
Identifies areas of high risk
Prevention planning
Identifies change requirements
Advantages of FMEA
60
Disadvantages of FMEA
Does not consider operator error
Tedious
May not apply to all systems--especially software
May require extensive testing to gain information
May miss some failure modes
Time pressures
Information missing
Disadvantages of FMEA
61
DefinitionsCriticality --Weighting of hazard severity with the probability of failure
Severity--Seriousness of effect through its impact of the system function
Occurrence--Likelihood a specific failure will be caused by a specific cause under current controls
Verification --Ability of the current evaluation technique to detect potential failure during design
Detection --Ability of the current manufacturing controls to detect potential failure before shipping
62
Definitions
Risk Priority Number
(RPN)= (S) x (O) x (D) or (V)
- Severity (S)
- Likelihood of occurrence (O)
- Likelihood of detection (D)
- Likelihood of verification (V)
63
Process FMEA
Identifies potential product-related process failure modes
Assesses the potential customer effects of the failures
Identifies the potential internal and external manufacturing or assembly process causes
Identifies process variables on which to focus controls for
- reducing occurrence, or
- increasing detection of the failure conditions
64
Sources of Process Defects?
Omitted processing
Processing errors
Errors setting up work pieces
Missing parts
Wrong parts
Adjustment error
Processing wrong work piece
Mis-operation
Equipment not set up properly
Tools and fixtures improperly prepared
65
FMEA SummaryPowerful tool for summarizing:
Important modes of failure
Factors causing these failures
Effects of these failures
Risk prioritization
Identifying plan to control and monitor
Cataloging risk reduction activities
66
HAZOP
Hazard and Operability Study
Bottom up analysis
Deviations from design intentions
Systematic brainstorming based on guide words
67
HAZOP
Guide Words
No/Not
More
Less
As well as
Other than
68
Activity Material Destination
Transfer Powder Hopper
HAZOP Model
Design Statement
69
HAZOP
Liquid Wrong powder
Other than
Larger tank Inaccurate gagePump fastMore
Valve closed Hopper fullTank empty
Valve closed Line blocked Pump broken
No
HopperPowderTransfer
70
HAZOP Plan
Interlock
OperatorTrainingPM
Low
Med
Med
ValveclosedLineblocked Pumpbroken
Powder flowNO
WhoActionRiskCausesDeviationGuide
71
HACCP
Risk Management System
Biological Hazards
Chemical Hazards
Physical Hazards
Requires
Prerequisite Quality System Program
Traditionally GMPs
72
HACCP Steps
1. Conduct hazard analysis and identify preventive measures
2. Identify Critical Control Points3. Establish critical limits4. Monitor each critical control point5. Establish corrective action to be taken when
deviation occurs6. Establish verification procedures7. Establish record-keeping system
73
HACCP Decision Tree
74
HACCP Worksheet
BiologicalChemicalPhysical
Is this step a critical control point? (Y/N)
What preventative measures can be applied to prevent the significant hazards?
Justify your decisions for column 3.
Are any potential safety hazards significant? (Y/N)
Identify potential hazards introduced, controlled or enhanced at this step(1)
Material/processing step
654321
Product Description:
Method of Storage and Distribution:
Intended Use and Consumer:
Firm Name:
Firm Address:
75
HACCP Plan
(7)Who
(6)Frequency
(5)How
(4)What
(10)Verification
(9)Records
(8)Corrective Actions
Monitoring
(3)Critical Limits for each Action
(2)Significant Hazards
(1)Critical Control Point
Product Description:
Method of Storage and Distribution:
Intended Use and Consumer:
Firm Name:
Firm Address:
76
Risk Control
Develop Controls, Implement Controls, Assess Residual Risk and Make Risk Decision
Develop specific controls for each hazard.Do not lump controls together for multiple hazards.Be specific – don’t reference other documents.Controls should result in reduction of severity, or probability or bothIf there is no reduction re-look the controls
77
Assign responsibility for implementation of controls.Communicate requirements to all involved.Incorporate into mission documents and briefings.
SOPsOrdersBriefings and back-briefsTrainingRehearsals
Risk ControlDevelop Controls, Implement Controls, Assess Residual Risk and Make Risk Decision
78
Risk Control
Risk acceptance decision must be made at appropriate level based on residual risk.Acceptance authority mandated by ? .Risk acceptance must be documented by appropriate individual signing the RMWS.
Develop Controls, Implement Controls, Assess Residual Risk and Make Risk Decision
79
Risk Control
Extreme risk Commanding General level
High risk Brigade/group commander or appropriate level
Moderate risk Major unit commander or appropriate level
Low risk As determined by major unit commander
80
Post-production information
SurveilAll staffs are responsible for:
Performing to standardExecuting controlsRecognizing unsafe acts and conditions
Leaders are also responsible for enforcement
EvaluateEffectiveness of controls (adjust/update)Feedback
81
**Remember*Remember*Risk Management ProcessRisk Management Process
Develop Controls, ImplementControls & Make
Risk Decisions
AssessHazards
Surveillance & Evaluation
IdentifyHazards
82
CONSIDER:ACCIDENT CAUSE FACTORS
Human Error - 80%
an individual’s actions or performance is different than what is required and results in or contributes to an accident.
83
ACCIDENT CAUSE FACTORS
Materiel Failure/Malfunction - 5%
a fault in the equipment that keeps it from working as designed, therefore causing or contributing to an accident.
84
ACCIDENT CAUSE FACTORS
Environmental Conditions - 15%
any natural or manmade surroundings that negatively affect performance of individuals, equipment or materiel and causes or contributes to an accident.
85
SOURCESof
HUMAN ERRORIndividual - 48%
Staffs knows and is trained to standard but electsnot to follow the standard (self-discipline).
ExampleSoldier knows there is a requirement to be certified on servicing tires and although he isn’t certified, he attempts to service the tire anyway so he won’t have to wait for maintenance personnel.
86
SOURCESof
HUMAN ERROR
Leader - 18%Leader does not enforce known standard.
ExampleLeader sees the unqualified soldier changing the
tire and doesn’t stop him.
87
Training - 18%Staffs not trained to known standard (insufficient, incorrect or no training on task).
ExampleSoldier has never had any training on how to service split rims and didn’t know that a tire cage and air extension is required for inflation.
SOURCESof
HUMAN ERROR
88
SOURCESof
HUMAN ERRORStandards - 8%
Standards/procedures not clear or practical, or do not exist.
ExampleThe unit SOP requires the use of a tire cage, however it does not require the use of a twelve foot air gage extension.
89
SOURCESof
HUMAN ERRORSupport - 8%
Equipment/material improperly designed resources/not provided.
ExampleThe unit tire cage was not properly constructed and the unit does not have a twelve foot extension for the air gage.
90
Individual 48%
Leader 18%
Training 18%
Standards 8%
Support 8%
= Total 100%
Stop Worrying...It Does Add Up