Risk management is commonly defined as the systematic application of management practices, policies and procedures for identifying, analyzing, controlling and monitoring risk. Application of risk management to medical devices is expected by medical device regulatory bodies. The FDA also expects risk management to be integrated with device control activities, as made clear in the quality system regulation.
Risk management involves a three-step procedure: hazard identification, risk assessment, and risk mitigation in case of unacceptable risk levels.
Understanding the regulations and applying the methodologies can be a daunting task. Libra Medical has a staff of trained professionals with ‘real life’ experience in this area ready to help you.
Risk management principals should be applied throughout the life cycle of medical devices and used to identify and address safety issues. In general, risk management can be characterized by phases of activities.
The first phase can be the determination of levels of risk that would be acceptable in the device. Manufacturers should have a procedure or policy to determine risk acceptability criteria. These risk acceptability cirri may come from an analysis of the manufacturer’s own experience with similar medical devices or research on what appears to be currently accepted risk levels by regulators, users, or patients, give the benefits derived from diagnosis or treatment with the device. Risk acceptability criteria generally should be reflective of state-of-the-art in controlling risks.
The second phase can be risk analysis. This phase starts with identifying hazards that may occur due to characteristics or properties of the device during normal use or foreseeable misuse. After hazards are identified, risks are estimated for each of the identified hazards, using available information.
In the third phase, the estimated risks are compared to the risk acceptability criteria. This comparison will determine an appropriate level of risk reduction, if necessary. This is called risk evaluation. The combination of risk analysis and risk evaluation is called risk assessment.
The fourth phase can be composed of risk control and monitoring activities. The manufacturer establishes actions, i.e. risk control measures, intended to eliminate or reduce each risk to meet the previously determined risk acceptability criteria. Within the limits of feasibility, one or more risk control measures may be incorporated in order to achieve this end. Risk control activities may begin as early as design input and continue through the design and development process, manufacturing distribution, installation, servicing and throughout the medical device life cycle.
After release of the device to market, risk management activities should be linked to quality management processes, for example, production and process controls, corrective and preventative actions (CAPA), servicing and customer feedback.