Making improvements to the medical devices standard on risk management

Widely viewed as the de facto risk management standard in medical devices, BS EN ISO 14971 has just been revised. This blog post looks at risk in respect of medical devices and asks what’s new.

Medical devices are, broadly speaking, any article, instrument, apparatus or machine used for health purposes in or on the human body. The term covers everything from a simple wooden tongue depressor to a programmable implanted heart pacemaker. These devices are used in medical procedures, for prevention, for diagnosis, for treatment and for rehabilitation; and can be used by clinicians, relatives and carers, or by the patient themselves. The World Health Organization estimates there are around 10,000 types of medical devices [1]. Meanwhile the global medical devices market is huge. It was worth an estimated nearly $521.2 billion in 2017, and is forecast to reach $674.5 billion by 2022 [2].

Risk and reward

Each and every medical device carries with it a degree of risk, so manufacturers need to make judgements relating to the safety of the devices they produce and to reduce the risk of harm. To help them do so, ISO has recently published BS EN ISO 14971:2019 Medical devices. Application of risk management to medical devices – a revised international standard which deals with the processes for managing the risks associated with medical devices.

It’s generally accepted that the concept of risk has two components: the probability of occurrence of harm and the consequences, or the impact, of that harm. Stakeholders need to understand that even after the risks have been reduced, there is still an inherent residual degree of risk which remains when any medical device is used. The harm that medical devices can cause includes injury or damage, primarily to the patient, but also to the operator or other people; as well as harm to data, property, other equipment and the environment.

Manufacturers need to reduce the risks and make judgements relating to the safety of a medical device, including the acceptability of residual risk. The standard specifies a process through which the manufacturer can identify hazards associated with the device, estimate and evaluate the risks associated with these hazards, control these risks and monitor the effectiveness of the controls throughout the life of the device.

How the standard has changed

This new standard, is the third edition, and replaces the second. The document has undergone a technical revision. The eye-catching changes are:

• Defined terms have been updated and a definition of benefit has been introduced, plus more attention is given to the benefits expected from the use of the medical device. The term benefit-risk analysis is aligned with terminology used in some regulations.
• The revised standard explains that the process described can be used for managing all types of risks associated with medical devices, including those related to data and systems security.
• The method for evaluating the overall residual risk and the criteria for its acceptability must now be defined in the risk management plan. The method can include gathering and reviewing data and literature for the medical device and similar devices on the market. The criteria for the acceptability of the overall residual risk can be different from the criteria for acceptability of individual risks.
• The requirements to disclose residual risks are merged into one requirement after the overall residual risk has been evaluated and judged acceptable.
• The review before commercial distribution of the medical device concerns the execution of the risk management plan. The results of the review are documented as the risk management report. The manufacturer must determine when subsequent reviews and updates of the risk management report are needed.
• The clause on production and post-production information is clarified and restructured. More detail is given on the information to be collected and the actions to take when the information is determined to be relevant to safety.

It’s hoped that with these improvements, the standard will remain a key document for all organizations dealing with the design, development, production, installation or servicing of medical equipment, devices and technology. Also that that the standard will continue to play a central role in reducing risk for the benefit of all stakeholders.