Risk Management and the Impact of EN ISO 14971:2012 Annex Z

Transcription

1 Risk Management and the Impact of EN ISO 14971:2012 Annex Z BSI 2014 Medical Device Mini-Roadshow Ibim Tariah Ph.D Technical Director, Healthcare Solutions Copyright 2014 BSI. All rights reserved. 1

2 Risk Management - Impact of Annex Z Overview of ISO 14971:2007 EN ISO 14971:2012 Harmonized Standard Differences from ISO Standard and 2009 version Deviations Presumption of Conformity BSI Audits FAQs Regarding EN ISO 14971:2012* * Included in presentation materials but not discussed Copyright 2014 BSI. All rights reserved. 2

3 ISO 14971:2007 Medical Devices Application of Risk Management to Medical Devices Copyright 2014 BSI. All rights reserved. 3

4 Definitions Risk = Combination of the probability of occurrence of harm and the severity of that harm Harm = Physical injury or damage to the health of people, or damage to property, or the environment Severity Low High No harm Death / Serious Injury Occurrence Improbable Frequent < X% Y Z% (Sometimes factor of occurrence of hazard x % of harm / hazard) Copyright 2014 BSI. All rights reserved. 4

5 ISO Main body (Clauses 1-3) 1 Scope 2 Terms and definitions 3 General requirements for risk management 3.1 Risk management process 3.2 Management responsibilities 3.3 Qualification of personnel 3.4 Risk management plan 3.5 Risk management file Copyright 2014 BSI. All rights reserved. 5

6 ISO Main body (Clauses 4-9) Clause 4: Risk analysis Clause 9: Post-production information Clause 5: Risk evaluation Clause 8: Risk management report Clause 6: Risk control Clause 7: Residual risk evaluation Copyright 2014 BSI. All rights reserved. 6

7 ISO Overview of Annexes Annex A Annex B Annex C Annex D Annex E (informative) Rationale for requirements (informative) Overview of the risk management process for medical devices (informative) Questions that can be used to identify medical device characteristics that could impact on safety (informative) Risk concepts applied to medical devices (informative) Examples of hazards, foreseeable sequences of events and hazardous situations risk control benefit estimation qualitative analysis ALARP probability Copyright 2014 BSI. All rights reserved. 7

8 ISO Overview of Annexes Annex F Annex G Annex H Annex I Annex J (informative) Risk management plan (informative) Information on risk management techniques (informative) Guidance on risk management for in vitro diagnostic (IVD) medical devices (informative) Guidance on risk analysis process for biological hazards (informative) Information for safety and information about residual risk PHA FTA HACCP FMEA HAZOP Copyright 2014 BSI. All rights reserved. 8

9 Risk Management EU Requirements MDD AIMDD IVDD Copyright 2014 BSI. All rights reserved. 9

10 Medical Devices EU Risk Requirements Risks > Benefits Benefits > Risks Risks R B R B Benefits Copyright 2014 BSI. All rights reserved. 10

11 The Directives Where is Risk? Risk MDD 93/42/EEC ERs: , 7.4, 7.5, , , , , 12.5, 12.6, , 13.6 AIMDD 90/385/EEC ERs: IVDD 98/79/EC ERs: A 1 2 B , 2.2, 2.5, , 3.3, , 6.3, , 8.7 Total Copyright 2014 BSI. All rights reserved. 11

12 EN ISO 14971:2012 EU harmonized standard for Risk Management Allows the presumption of conformity to MDD, AIMD, and IVD Published July 2012 & harmonized as of 30 August Copyright 2014 BSI. All rights reserved. 12

13 What is the difference? ISO 14971:2007 The current International Standard EN ISO 14971:2009 The previous version of the European Harmonized Standard Obsolete as of 30 August 2012 EN ISO 14971:2012 The current European Harmonized Standard Changes within Foreword & Annex Zs only No change to requirements (Normative Text) i.e. clauses or requirements of the standard are exactly the same Copyright 2014 BSI. All rights reserved. 13

14 Why was EN ISO 14971:2012 created? A solution to formal objections raised by Swedish Competent Authority & European Commission on the harmonized status of a number of European Standards Revision of Annex Z s was made to provide greater clarity on applicability & alignment of ISO clauses with requirements of AIMDD, MDD & IVDD Copyright 2014 BSI. All rights reserved. 14

15 EN ISO 14971:2012 Z Annexes Example Annex ZA (MDD) Explains to which requirements, under which conditions and to what extent presumption of conformity can be claimed. Copyright 2014 BSI. All rights reserved. 15

16 EN ISO 14971:2009 Z Annexes (Now Obsolete) Compliance with all the requirement clauses in this standard will ensure that general aspects of medical devices related to patient risk and safety have been addressed. For particular medical devices or for particular safety aspects, additional specific requirements may need to be complied with in order to meet the essential requirements. Copyright 2014 BSI. All rights reserved. 16

17 EN ISO 14971:2012 Content Deviations Copyright 2014 BSI. All rights reserved. 17

18 EN ISO 14971:2012 Content Deviations Essential Requirements (ERs) Impacted Deviation MDD AIMDD IVDD 1 Treatment of negligible risks 1, 2, 6, 7.1 1, 5, 9 A.1, A.2, B Discretionary power of mfr as to acceptability of risks 3 Risk reduction as far as possible vs. as low as reasonably practicable 4 Discretion as to whether a riskbenefit analysis needs to take place 5 Discretion as to the risk control options / measures 6 Deviation as to the first risk control option 7 Information of the users influencing the residual risk 1, 2, 6, 7.1 1, 5, 9 A.1, A.2, B.1.1 1, 2, 6, 7.1 1, 5, 6, 9 A.1, A.2, B.1.1 1, 6, & 9 A.1 & B & A.2 & B & A.2 & B & A.2 & B.1.1 Copyright 2014 BSI. All rights reserved. 18

19 Deviation No. 1 MDD (AIMDD) IVDD...all risks, regardless of their dimension, need to be reduced as much as possible (and need to be balanced, together with all other risks, against the benefit of the device). ISO D the manufacturer may discard negligible risks. Copyright 2014 BSI. All rights reserved. 19

20 Were all risks considered for mitigation? Failure Mode Cause of Failure Local Effect System Effect Initial Rating Risk Control Measure(s) Risk Level RPN PRO SEV Hip Stem Surgeon implants a stem that is wrongly sized No tool available to determine needed size Unstable Implant Revision X-ray templates provided for each implant size; implants marked with It is not sufficient just to determine that the risks are acceptable. It is also necessary to determine whether they have been reduced as far as possible. This can be stated line-by-line or categorically as a whole. size; clinical history of safety / performance Acceptable Broadly & Acceptable reduced as far as possible Copyright 2014 BSI. All rights reserved. 20

21 Deviation No. 2 MDD (AIMDD) IVDD...all risks have to be reduced as far as possible (and that all risks combined, regardless of any "acceptability" assessment, need to be balanced, together with all other risks, against the benefit of the device). ISO , 6.4, 6.5 & 7...manufacturers have the freedom to decide upon the threshold for risk acceptability. D.6.1 only nonacceptable risks have to be integrated into the overall riskbenefit analysis. Copyright 2014 BSI. All rights reserved. 21

22 Are all risks reduced as far as possible? Unacceptable Extent of damage Management Review Required - ALARP 10 9 Broadly Acceptable 8 7 Some risks cannot be categorically ignored if risk can be reduced further. All risks must be reduced as far as possible Probability of occurrence Copyright 2014 BSI. All rights reserved. 22

23 Deviation No. 3 MDD AIMD IVD...risks to be reduced "as far as possible" without there being room for economic considerations. ISO & D.8 contains the concept of reducing risks "as low as reasonably practicable. The ALARP concept contains an element of economic consideration. Copyright 2014 BSI. All rights reserved. 23

24 Are all risks reduced as far as possible? Extent of damage There must be another step ALARP concept should not allow economic factors to hinder mitigation, risks must be reduced as far as possible within stateof-the-art Probability of occurrence Copyright 2014 BSI. All rights reserved. 24

25 Were risks reduced as far as possible? Failure Mode Cause of Failure Local Effect System Effect Initial Rating Risk Control Measure(s) Risk Level RPN PRO SEV Hip Stem Surgeon implants a stem that is wrongly sized No tool available to determine needed size Unstable Implant Revision X-ray templates provided for every-other implant size; implants marked with size It is not reasonable in this example not to provide templates for each size. The economic impact of this should not be considered if this can reduce the risk. To make this determination, the state-of-the-art and available technology should be considered. ALARP Copyright 2014 BSI. All rights reserved. 25

26 Deviation No. 4 MDD AIMDD (IVDD)...an overall risk-benefit analysis must take place in any case, regardless of the criteria established in the mgmt plan of the mfr... (and requires undesirable side effects to "constitute an acceptable risk when weighed against the performance intended ). ISO an overall riskbenefit analysis does not need to take place if the overall residual risk is judged acceptable when using the criteria established in the risk mgmt plan. D.6.1 "A risk/benefit analysis is not required by this Int l Std for every risk. Copyright 2014 BSI. All rights reserved. 26

27 The Directives Where is Benefit? Benefit MDD 93/42/EEC ERs: AIMDD 90/385/EEC ERs: 10 IVDD 98/79/EC ERs: A 1 Total Risk MEDDEV Guidelines on Clinical Evaluation Report also discusses Risk / Benefit Analysis Copyright 2014 BSI. All rights reserved. 27

28 Risk / benefit analysis done for all risks? Frequent 2 Conduct Risk v Benefit Probable 6 4 Consider Risk v Benefit Occasional 3 Acceptable Remote 3 Improbable 2 There must be a risk benefit analysis for all risks and an overall risk benefit analysis not just unacceptable risks Copyright 2014 BSI. All rights reserved. 28

29 Documentation of Risk / Benefit Analysis Risk Management File o Combination of risk assessment / risk management report Clinical Evaluation Report (Frequently addressed here) Copyright 2014 BSI. All rights reserved. 29

30 Deviation No. 5 MDD IVDD... to select the most appropriate solutions...by applying cumulatively what has been called "control options or "control mechanisms" in the standard. ISO obliges the mfr to "use one or more of the following risk control options in the priority order listed. 6.4 indicates that further risk control measures do not need to be taken if, after applying one of the options, the risk is judged acceptable according to the criteria of the risk mgmt plan. Copyright 2014 BSI. All rights reserved. 30

31 All appropriate controls utilized? Failure Mode Cause of Failure Local Effect System Effect Initial Rating Risk Control Measure(s) Risk Level RPN PRO SEV Intracranial Pressure Monitor High pressure undetected Monitor does not indicate high pressure situation Brain damage No control measures mentioned about alarms / warnings for high pressure situation. The current mitigation is not considered to be sufficient as preventive measures could mitigate the risk. Death Monitor provides continuous digital display of ICP; operates on AC & for up to 3 hrs on battery ALARP Copyright 2014 BSI. All rights reserved. 31

32 Deviation No. 6 MDD (IVDD)..."eliminate or reduce risks as far as possible (inherently safe design and construction)". ISO obliges the manufacturer to "use one or more of the following risk control options in the priority order listed: (a) inherent safety by design... without determining what is meant by this term. Copyright 2014 BSI. All rights reserved. 32

33 Were risks designed out if possible? Failure Mode Cause of Failure Local Effect System Effect SEV Initial Rating PRO RPN Risk Control Measure(s) Risk Level Mesh Mesh frays and suture pulls out Design of mesh / cutting edge Failed repair Risks must be designed out if possible. All risk control options must be applied until risks have been reduced as much as possible and any additional control option(s) do not improve the safety Revision Warp IFU knit Acceptable mesh instructs & reduced design not to cut as far as prevents mesh and possible fraying not to after place cut; multiple sutures sizes closer available; than 5 suture mm to pullout edge testing Copyright 2014 BSI. All rights reserved. 33

34 Deviation No. 7 MDD (IVDD)...users shall be informed about the residual risks. This indicates that...the information given to the users does not reduce the (residual) risk any further. ISO & 6.4 residual risk is defined as the risk remaining after application of risk control measures. 6.2 regards "information for safety" to be a control option. Copyright 2014 BSI. All rights reserved. 34

35 Residual risks incorrectly reduced? Device Failure Mode Effect Initial Rating Risk Control Updated Rating RPN PRO SEV RPN PRO SEV Implant Emboli Death IFU warning A warning does not reduce the probability of occurrence of an emboli. Copyright 2014 BSI. All rights reserved. 35

36 Residual risks incorrectly reduced? Device Failure Mode Effect Initial Rating Risk Control Updated Rating RPN PRO SEV RPN PRO SEV Mesh with Barrier Membrane Device implanted upsidedown Adhesions 4 3 Instructions on how to use the device properly may mitigate the risk 12 IFU contains pictures / instructions on how to correctly orient device with marked side down Copyright 2014 BSI. All rights reserved. 36

37 BSI Audits Copyright 2014 BSI. All rights reserved. 37

38 Conformity Assessment Quality System n=70 Americas n=50 EMEA n=40 Asia- Pacific External Resource n=as needed Microbiologist n=20 Technical Specialist n=80 Copyright 2014 BSI. All rights reserved. 38

39 BSI Audit Key Questions Are you aware of EN ISO 14971:2012? How are you ensuring you meet the directive requirements? Have you reviewed your existing Risk Management files, if needed? Is there a plan in place to do so? Copyright 2014 BSI. All rights reserved. 39

40 BSI Audit Key Questions Have all risks been reduced as far as possible? Has a risk benefit analysis been conducted for all risks? Have all risks been designed out if possible? Have risks been incorrectly reduced by warnings placed on IFUs or provided in training? Copyright 2014 BSI. All rights reserved. 40

41 Questions Copyright 2014 BSI. All rights reserved. 41

42

43 FAQs Regarding EN ISO 14971: If our procedures were written to comply with ISO 14971:2007, do we have to change them? The normative part of the standard is identical. Most likely. The Z Annexes (ZA, ZB, and ZC) discuss deviations from the standard relative to the ability to comply with the MDD, AIMD, and IVDD. Therefore, additional steps must usually be taken in order to demonstrate compliance with the Essential Requirements (ERs) within the directives. In many cases, changes will need to be made to address the following (at a minimum): ensuring that ALL risks are reduced as far as possible; a risk/benefit analysis was conducted and considers all individual and overall risks; ALL risks have appropriate controls and the risks have been designed out if possible (MDD & IVDD only); risks have not been inappropriately reduced by labeling alone (MDD & IVDD only). Copyright 2014 BSI. All rights reserved. 43

44 FAQs Regarding EN ISO 14971: Isn t the point of risk management to focus on the big risks? It is true that risk management activities have historically focused on identifying and reducing risks that have been unacceptable or were significant. However, the directives do not make distinctions in risk levels and simply refer to reducing ALL risks. Therefore, based on current thinking, in order to comply with the directives, the focus should be on reducing ALL risks. 3. As a manufacturer, how can we not take into account any economic considerations? It is understood that all risks cannot be eliminated and that the manufacturer is bound by the level of current technology and the state-of-the-art. It is also understood that a single device may not be intended for all individuals / applications and could be limited to certain populations. Therefore, the expectation is that if there are means to reduce risks for the intended use by available technologies and the state-of-the-art, that these measures should be taken. As risk management is also an active process that should continue to be evaluated post-production, if new technologies or the state-of-the-art change after the device was released, the question as to whether ALL risks have been reduced as far as possible should continue to be evaluated. Copyright 2014 BSI. All rights reserved. 44

45 FAQs Regarding EN ISO 14971: Our QMS auditor said our RM procedures were effective and met EN ISO 14971:2012. We don t understand why the Technical Reviewer gave us a non-conformity for risk management. The primary responsibility for the QMS auditor is to review the manufacturer s procedures to ensure that they meet ISO and to sample records to ensure that the procedures have been executed appropriately. On the other hand, the primary responsibility for the Technical Reviewer is to review the output of the QMS system (i.e. Technical Documentation) and ensure that the product conforms to the applicable directive. Therefore, it is possible for the procedures and some of the records to have been updated to ensure compliance with EN ISO 14971:2012 but that the file(s) being reviewed by the Technical Reviewer do not demonstrate compliance with the directive. Copyright 2014 BSI. All rights reserved. 45

46 FAQs Regarding EN ISO 14971: Do we have to change all our historical RM files or can we just address new product development and product changes? All files should be reviewed (based on a risk commensurate plan) to ensure that they comply with the directives and updated accordingly. Demonstration of compliance is expected. 6. Does BSI expect a line-by-line risk/benefit analysis? No. The manufacturer is expected to consider all individual risks and the overall risk in a risk / benefit analysis. How that is done is up to the manufacturer. BSI expects that the manufacturer documents (procedurally) how they intend to do this and executes this procedure. Copyright 2014 BSI. All rights reserved. 46

47 FAQs Regarding EN ISO 14971: We have used a no-train, no-sale policy to reduce the risk of issues. Could this be used to reduce the probability of occurrence? Potentially. Deviation 7 only addresses not using information given to the users (i.e. in the IFU or through training) to reduce risks further. Therefore, if the training program is being used to teach the user proper operation of the device, this would most likely not be considered providing information to address residual risk. However, if this is being used as a forum to convey residual risk about the device, this would not be considered an appropriate way to mitigate risk. Copyright 2014 BSI. All rights reserved. 47

48 FAQs Regarding EN ISO 14971: BSI agreed at the last design exam certification review that the RM files were acceptable and met the ERs. The device has not changed. Why is this not still acceptable? Harmonized standards are used as a method to convey state-of-the-art thinking on how compliance with the clauses of the standard confer a presumption of conformity with the associated directive and EFTA regulations. The Z Annexes explain to which requirements, under which conditions, and to what extent presumption of conformity can be claimed. Publishing of EN ISO 14971:2012 changed the state-of-the art view of these conditions. Therefore, while previous submissions may have allowed full presumption of conformity with the directives, this is no longer possible unless additional information is provided to address the deviations. Copyright 2014 BSI. All rights reserved. 48