Those engaged in the conceptualization, design, development, manufacturing, and marketing of medical devices face specific risks and challenges. They must manage and certify their products are safe for daily patient care, invasive or non-invasive diagnostic procedures, or scientific research. Identified risks may extend to other patients, operators, external equipment, or the environment on a micro or macro scale.
Mitigating risk for medical devices is becoming more complex, with factors such as a continuously expanding worldwide market, software as a device, telemedicine and home health, and the shrinking or miniaturization of products to meet environmental and usability requirements. These factors are risks and opportunities that must be identified, analyzed, accepted, mitigated, or exploited early in the design process.
There are many benefits to the effective application of risk management within the medical device industry. First, to get U.S. Food and Drug Administration (FDA) or European Medical Device Regulation (MDR) approval for marketing your product, you need to have a documented risk management process in place. There’s also a financial benefit, the sooner risk can be identified in the product life cycle, late-stage, more costly changes can be avoided.
In a perfect world all risk could be avoided through careful assessment and mitigation, management would be approving miniscule risk with complete confidence going forward. The reality is risk management isn’t a one-time event but continues throughout the entire product life cycle. Stakeholder requirements change due to shifting market expectations, company priorities, acquisitions or mergers, black swan events such as a worldwide pandemic, and customer feedback influence design changes. As the distribution footprint expands, compliance requirements for new markets and geographies may force changes. Supply chains influence available materials requiring shifts in product composition. Software solutions replace hardware components with associated savings, expenses, and risks. Adjustments are necessary and pervasive. Risk management documentation must reflect change and, in the case of an audit, be able to report why the adjustments occurred and the resulting controls and mitigations put in place.
Failure mode and effect analysis (FMEA) has become a valuable tool in assessing risk but is only the beginning and one point of data from one often isolated event. Input comes from other sources such as an incident report or a problem report, another point of data in an overall assessment. FMEA data, assessment, and recommendations are often captured in a document or a spreadsheet. But risk assessment is more than a document or spreadsheet, it’s a process generating live content and data. Content and data that need to be related to other content and data being produced in the design process.
FMEA always results in recommendations that involve change that must be tracked as part of an overall change management process. A recommendation can set off a chain reaction of changes that create a spider web of relationships. Test plans and outcomes result in other changes in design, material, packaging, documentation, or manufacturing processes. If the FMEA process data is unrelated to other data in Word, Excel, Access database, or Lotus Notes, it’s very difficult to develop an up-to-date, correct risk management assessment. FMEA is a good tool for analyzing individual, specific cases, but it’s not capable of developing a complete risk management process.
It's critical that risk management content and data exist under a change control system that can establish, trace, and report the impact of identified risks, their assessment, recommendations, and resulting changes to design, product, and processes.
How is risk management accomplished in today’s medical device companies? Unfortunately, many companies are still paper based, with inherent issues of silo-managed data with poor collaboration and aggregation difficulties. Different domains, different processes create content and data resulting from their individual assessments, decisions, and goals. The data exists in Word or Excel files, old Access databases, or home-grown systems. Content and data live in widely dispersed emails, laptops, desktops, and remote servers not under change management or control. Those tasked with creating the actual risk assessment for sign-offs and submittals to governing agencies attempt to collate the current view into a binder comprising the Risk Management File containing the Risk Management Report that reflects current reality.
A modern product lifecycle management (PLM) offering can provide a comprehensive solution for first getting change under control. Secondly, all content created by the risk management process must be connected, not by constant action taken by participants but inherently and automatically by the system. And third, the first two solutions result in traceability, or the ability to look backward and see how you arrived at your current state.
Implementing a PLM-centered risk management system has many benefits. First, by law you need to have a documented risk management process in place. There’s also a financial benefit, the sooner risk can be identified in the product life cycle, the more costly, late-stage changes can be avoided. Ensuring safety for patients, operators, and third parties leads to successful products and financial returns as well as ensures safety for the company in avoiding lawsuits and audits.
Explore the December 2022 Issue
Check out more from this issue and find you next story to read.