Risk management for Active MedTech

Written by Luke Sy

In the webinar, Geoff Sizer, the CEO of Genesys Electronics Design along with expert commentator Sue Lynch from MedTech Pathways discussed about the importance of risk management in the development of medical devices. Finally, Kevin Badin from Ora innovations gave a closing remarks for the session.

Why is risk management (ISO 14971) important?

Risk management helps in developing a safe, holistic, and well-managed product (e.g., medical device). Its importance is testified by how it is required by other regulatory standards such as ISO 13485 (Quality management systems), IEC 60601-1 (safety and essential performance test standard), and IEC 62304 (software development standard).

In additional, risk management plays a role in management. Based on the risk assessment, the chief technical officer (CTO) can implement risk control measures to reduce risk and ensure good engineering culture (i.e., design with focus on safety). Risk management will also help the chief executive officer (CEO) to determine which regulatory requirement must be obtained, and to understand product liability.

Risk management implementation

Most standards will have a corresponding technical report. Writing a technical report for a medical device is not mandatory to obtain regulatory compliance. However, regulatory bodies (e.g., Food and Drug Administration or FDA) put a lot of credence to technical reports, and it would be foolish not to follow the path of least resistance.

The life cycle management of risk typically involves design & development, production, storage/distribution, servicing, and decommissioning. Risk management officially starts when project starts formal design control. However, starting earlier (e.g., during hazards brainstorming) is recommended.

Risk is the combination of the probability of harm occurring and the severity of that harm. Determining the probability of occurrence is typically done by educated guess. One starts off with whatever data is available, and considers expert opinions. A pessimistic (i.e., assume that if something can go wrong, it will go wrong) approach can also be taken and is looked favourably by regulatory body. Compliance to standard is a testimony that you have brought risk as low as reasonably practicable (ALARP).

Lastly, risk management for medical devices can difficult, but it doesn’t have to be done alone. Help can be obtained from regulatory/quality/engineering design consultants.