I suspected that Kevin and Dan were just having a semantics issue. It appears in the latest comments that the rate can change according to Dan, which is what Kevin has been asserting all along. It is true that new information may come in when the device is exposed to the general population (as I stated in my previous post, similar to pharma, after the full-scale release) that we learn new things about our device. Since we used estimates prior to release, our POH and Severity are guesses based on limited knowledge. As we get information on actual performance, we can fine tune those into quantitative values of POH based on the new data, which gives us higher confidence in our values. The design-development team does their best, but real world cannot be perfectly modeled, so we have to revise the values as we learn more. So change occurs.
So, yes, the values do change based on new information. And then Marketing wants more sales, so they seek new markets, which may be different models than we used to develop the device, so again the risk changes. It is a continuing lifecycle activity until the last one is removed from the field, and we continue to fine tune based on new information. Of course, we have to consider benefit-risk analysis, so a new data set enters the picture. If the benefit changes, such as through changes to state-of-the-art, that impacts the ability to stay on market without more change to the data set, which requires more analysis of the risk to determine if the acceptability of the risk has changed with this new information. That may lead to Dan's design changes. So the risk may first change, leading to a new design which affects the risk again (to hopefully improve it).
Change is the one constant we find here, nothing remains constant, except for change, including changes to the POH.
Original Message:
Sent: 16-Jul-2021 14:47
From: Dan O'Leary
Subject: Probability of Occurrence of Harm (Risk Analysis)
Kevin,
First distinguish between the number of occurrences and rate of occurrence. The number is what shows up as complaints. The rate could be the number of complaints per use.
My assertion is that, with perfect knowledge, the rate of a certain harm with a specified severity is the rate set at determining the residual risk. It is inherent in the device and, unless something changes it is fixed.
Now consider the case where something changes; the rate could change.
A design improvement applied to the devices in use, could lower the rate to a new fixed level.
An unaddressed wear-out failure could change the rate. Preventive maintenance should prevent it from happening.
A change in use conditions could change the rate.
Post-market surveillance should detect the unintended (not design change) rate changes leading to an investigation and determination of the cause. With this information the manufacturer should work to restore the status quo ante. One method is an ISO 13485:2016 advisory notice explaining the situation.
I have been arguing that the harm rate is implicit in the device which includes intended use, proper maintenance, etc. In other words, the design includes a set of conditions that sets the rate. The conditions don't include, for example, sales volume.
An interesting issue is the EU-MDR Article 88 trend reporting for non-serious incidents. The system requires reporting when there is a statistically significant increase in the rate. In other words, look for changes and, should a change occur, report it to the CA.
The implicit assumption here is that the rate is fixed and were it to change, then the CA requires investigation and reporting.
We can save the trend detection mechanism for another day.
------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States
Original Message:
Sent: 16-Jul-2021 14:15
From: Kevin Randall
Subject: Probability of Occurrence of Harm (Risk Analysis)
Thanks Dan. Hmm, obviously I'm still having a hard time finding a place in my day-to-day (after time-zero / early-stage guessing) risk management toolbelt for the universal 'rate-never-changes' principle. For common practice of risk management, I'm still not seeing how that principle helps me as I operate the risk management system during the meat of a device's (or device-family's) lifetime.
I'm still seeing that if at timepoint 1, a harm happens, say, once per year for a certain install or sales base or model family, but then at timepoint 2 (e.g., due to emerging or new quality problems from manufacturing issues, material aging, new user habits, etc.) a harm starts happening at a higher frequency for that same install base, or sales base or model, then it means to me that the probability (rate) of occurrence has changed for that install base, or sales base or model. Maybe that view isn't the correct view for purposes of mathematical theory, but it has served me well out in the field and also internally with my risk management clients and teammates. In the vernacular of your narrative, yes, it seems to me that the device does literally wake up one morning and start behaving in a way that switches to (results in) a higher rate of harm. In my experience, I've seen that happen time and time again (thus the reason a device/model can be safe from recall or redesign considerations one day, but then subject to recall or redesign the next).
When such changes do happen, then the risk analysis needs to be updated to revise the probability of occurrence of harm to reflect the increased probability (rate) as applicable to the affected units and/or model(s). My experience has been that public health officials (like the FDA and its recall coordinators and OPEQ staff) also share this view. Although proper statistics and quantitation is certainly important, I've found that health officials don't care for when I use clever mathematical gymnastics to characterize the essence of a situation. At the end of the day, risk management is ultimately aimed to benefit people. And people need tangible, actionable concepts and information in order to make important decisions.
Thanks again for helping a learner find the way. I'll keep pondering about the benefits of the universal 'rate-never-changes' principle and its use during medical device risk management.
------------------------------
Kevin Randall, ASQ CQA, RAC (Europe, Canada, U.S.)
Principal Consultant
Ridgway, CO
United States
© Copyright 2021 by ComplianceAcuity, Inc. All rights reserved.
Original Message:
Sent: 16-Jul-2021 12:53
From: Dan O'Leary
Subject: Probability of Occurrence of Harm (Risk Analysis)
Kevin,
I think there is a misunderstanding here. You said, "Many thanks for those clarifications; glad to hear your concurrence that there are various scenarios in which the frequency (probability) of occurrence can change rather than being static."
I didn't concur that the rate changes, only that the rates in your examples are different from each other.
The rate is static. It is, to the best of our knowledge, the rate determined as the residual risk. The rate is an inherent part of the design and changes when the design changes, i.e., different, or additional risk reduction measures. The device does "wake up one morning" and decide to switch from 11 harms in 1,000 uses to 541 harms in 1,000 uses.
During design the rate is the "best guess" of the team. Actual use data may improve the guess, but doesn't change the actual value.
Dan
------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States
Original Message:
Sent: 15-Jul-2021 19:12
From: Kevin Randall
Subject: Probability of Occurrence of Harm (Risk Analysis)
Many thanks for those clarifications; glad to hear your concurrence that there are various scenarios in which the frequency (probability) of occurrence can change rather than being static. I also appreciate the theoretical discussion (but phew, a lot for a caveman like me to unpack there; my apologies for five paragraphs of thoughts below!). My experience has been that real-world practice tends to demand adjustments once we leave the risk management classroom or webinar. I explain further below and would be interested to hear any additional thoughts.
I've found that real-world practice doesn't always accommodate the theory asserting that harm doesn't occur unless the device is being used; nor the theory that the discussion must include the concept of use (presuming that "use" means "use" rather than something else). For example, a common harm for many types of devices comes from not being able to use the device as planned (e.g., from delayed diagnosis, surgery, or other therapy or medical procedure). Accordingly, a procedural mandate forcing probability estimation only from the vantage point of actual device use would often result in an incomplete risk analysis. Instead, a proper risk management program needs to allow for various different probability estimation paradigms [such as ones based on sales volumes, lifetime (see ISO/TR 24971 Table 3), durations, patient populations, etc.] in addition to device usage. I think that's probably why ISO 14971 so clearly emphasizes such liberty.
Thanks also for the illustration of the 'rate-never-changes' principle. That is helpful to see. I'm wondering if you can take it a step further and give us an example or two of a particular risk management task where that principle could be put to use? I ask because of the possibility that the 'rate-never-changes' principle might be of little or no practical value outside the classroom or beyond a time-zero initial guess about probability of occurrence.
Here's what I mean: My experience is that ongoing risk management and regulatory agencies alike are focused on actual, tangible, observable, measurable occurrences rather than theoretical concepts that can't actually be seen. In other words, effective ongoing attention to public health and device quality using the risk management process boils down to properly managing what is observed and/or measured. As I see it, if we can't truly know the actual number of uses, then the 'rate-never-changes principle', while theoretically interesting, seems largely moot for the purposes of practicing meaningful risk management. Instead, it has been my experience that number of actual occurrences compared against a tangible, measurable denominator seems to be the intent of ISO 14971's objectives for considering probability of occurrence and managing device risk accordingly.
As hinted at above, my experience has been that, save perhaps for software devices that log usage data, it's often difficult or impossible to know how many times a device or device model is actually used; be it a home blood pressure monitor, a vital signs monitor, other devices, and even regarding single-use devices. Consequently, even though at time zero premarket we can certainly project how many times we think a device will be used, I've found that in actuality, it's often impossible to know for sure how frequently a device is really used. Indeed, device users often use reusable devices more frequently or less frequently than planned / instructed / indicated / recorded, etc. Likewise, whole batches of single-use devices can easily go from the manufacturer's warehouse to the hospital's storeroom to the garbage bucket having never been used at all. So, if it's not actually possible to consistently know for sure how many times a device is used, then it again seems that reality leaves us in need of adjusting theory-speak by instead employing a different modality(s) for estimating probability of occurrence of harm during real-life risk management. Denominators reflecting lifetime considerations (see ISO/TR 24971 Table 3), sales volumes, and other comparators can be very valuable in such real-world cases.
I continue to believe that the ISO 14971 and ISO/TR 24971 toolbox for probability estimation must contain a dynamic variety of comparators and methods, especially including device lifetime and sales volumes. Forcing denominators based on a 'per use' comparator and the 'rate-never-changes' principle seems like it could easily lead to explanations of the risk profile that are biased, crooked, or baked. None of us would find that acceptable, especially plaintiff lawyers. Looking forward to further exploration of, and learning more about, the 'per use' denominator and 'rate-never-changes' principle to see how they can be used during day-to-day real-life operation of the risk management system.
------------------------------
Kevin Randall, ASQ CQA, RAC (Europe, Canada, U.S.)
Principal Consultant
Ridgway, CO
United States
© Copyright 2021 by ComplianceAcuity, Inc. All rights reserved.
Original Message:
Sent: 14-Jul-2021 13:52
From: Dan O'Leary
Subject: Probability of Occurrence of Harm (Risk Analysis)
Hi Kevin,
Thank you for the examples. I'll address each one in turn.
First however, it is import to clarify the information sought. The question is "Given a harm with a specific severity, how often does that harm occur?" Harm doesn't occur unless the device is being used, so the response must include the concept of use. The typical answer is qualitative (often, hardly ever, seldom, etc.) or qualitative. The qualitative response typically takes one of two forms: a point estimate (once in every 1234 uses) or a range (between once in 100 uses and once in every 1,000 uses). In my response I'll use the point estimate and save issues with the range for another day.
The definition of use depends on the device. Some uses are discrete (the home use blood pressure machine) and some are continuous (the ventilator). The risk management team must define and document the use.
For the vital signs monitor the usage is continuous so time is a method to define use. To be consistent, let's use days. In the first case the harm occurs 365 times in every 365 usages. In the second case the harm occurs 1 time in every 365 days. I concur that the frequency of occurrence (probability) is higher in the first case than in the second.
For the single use device, the usage is discrete; the number of usages is the number sold. I concur that a harm of once per device used (sold) is a higher frequency of occurrence than 0.001 times per device used (sold).
For the lifetime example, things start to fall apart. The lifetime is not the number of uses. With out knowing the number of uses per year, or ten years, one cannot estimate the frequency of occurrence needed for medical device risk management.
For the Table 3 example, it is incorrect because it falls into the lifetime trap. Without understanding usage, the estimate for medical device risk management doesn't apply. This is more like a reliability or availability estimate.
Other than the lifetime examples I concur.
However, these examples don't address the service life or sales volumes questions. Consider a home use blood pressure machine used once per day. The usage is discrete. The usage is not equal to the sales. Let's say that a particular harm/severity combination happens once every 250 uses.
If there is 1 such machines in use, the harm occurs once in every 250 uses.
If there are 1,000 such machines in use, the harm occurs once in every 250 uses.
If there are 5,000 such machines in use, the harm occurs once in every 250 uses.
Notice that the occurrence rate stays the same. This is the estimate needed for medical device risk management.
Also notice that the number of occurrences changes with the number of machines in use. The rate times the number is use is the estimate needed to staff the complaint handling unit.
A similar situation applies to changes in lifetime. The rate stays the same, but the number of occurrences depends on the device life.
------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States
Original Message:
Sent: 13-Jul-2021 12:03
From: Kevin Randall
Subject: Probability of Occurrence of Harm (Risk Analysis)
Hi Dan,
Based on the aforesaid flexibility (see my preceding post) allowed by ISO 14971 (e.g., see the third paragraph of ISO/TR 24971 section 5.5.2) for how to estimate probability of occurrence of harm, one might employ a variety of probability expressions. For example, occurrence of harm per day, occurrence of harm per year, occurrence of harm per unit, occurrence of harm per use, occurrence of harm per patient, occurrence of harm per age group, occurrence of harm during the device lifetime, etc.
To help us illustrate, here are some hypotheticals:
- If a particular harm is estimated to happen once per day with a vital signs monitor model, then the probability would seem to be different (higher) than if that harm is estimated to happen only once per year.
- If a particular harm is estimated to happen once per device (e.g., per use, per unit sold, etc.) for a single-use device, then the probability would seem to be different (higher) than if that harm is estimated to happen only 0.001 times per device (e.g., per use, per unit sold, etc.). For example, one occurrence in 100 units sold = 0.01 occurrences/unit sold, whereas one occurrence in 100,000 units sold is only 0.00001 occurrences/unit sold.
- Or as another example, 100 occurrences over a ten-year lifetime = 10 occurrences / year, whereas 1 occurrence over a ten-year lifetime is only 0.1 occurrences per year.
- Or as a qualitative example: Likely to happen several times during a ten-year device lifetime would be a higher probability than not likely to happen during a ten-year device lifetime (see Table 3 of ISO/TR 24971).
Yet it sounds like you disagree with this logic (I'm referring to your statements that the rate doesn't change based on sales or the size of the installed base, and that the number of devices doesn't change the rate, and that the rate doesn't change based on the life time of the device). Maybe you could give an alternative-logic example or two showing how you would instead estimate the probability of occurrence of harm. Thanks in advance for your insights.
------------------------------
Kevin Randall, ASQ CQA, RAC (Europe, Canada, U.S.)
Principal Consultant
Ridgway, CO
United States
© Copyright 2021 by ComplianceAcuity, Inc. All rights reserved.
Original Message:
Sent: 13-Jul-2021 10:44
From: Dan O'Leary
Subject: Probability of Occurrence of Harm (Risk Analysis)
The probability discussion has many misconceptions.
The probability in ISO 14971:2019 relates to the harm with the stated severity. In other words, how often the harm occurs.
This is not a true probability, in the mathematical sense, but a rate. My understanding is that "probability" is a compromise word because ISO publishes the standards in multiple languages.
It is actually a rate, which requires a numerator and a denominator. The numerator is the number of occurrences of the harm with the stated severity and the denominator is the number of uses. Uses can have multiple measures. For a single use syringe, it is the use. For a home use blood pressure machine, it is taking one reading. For a CPAP machine is could be one sleep cycle or one hour of use. For a knee implant it could be one day. The team needs to agree on and understand the denominator. Include it in the risk management file.
The rate of harm is not the failure rate. A device could harm in normal operation and not harm in a fault condition. (A good design will include fail safe provisions.) In ISO 15971:2019 the analysis is for the hazard not the failure. This is why an FMECA is not the appropriate tool for medical device risk management.
The rate doesn't change based on sales or the size of the installed base. The rate is a characteristic of the device; the number of devices doesn't change the rate. If each harm results in a complaint, then the number of complaints is a function of the installed base size.
The rate doesn't change based on the life time of the device. Because the rate is a characteristic of the device, consider it constant over each year. An exception is harms related to wear out, but servicing addresses that issue. If each harm results in a complaint, then the number of complaints is a function of the life of the device.
------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States
Original Message:
Sent: 13-Jul-2021 08:46
From: Edwin Bills
Subject: Probability of Occurrence of Harm (Risk Analysis)
Kevin has given a more complete and correct response. The answer, of course, is "it depends". It depends on the particular device and its use, e.g. single use devices are different than capital devices, that are used many times during their life. It is something as Kevin states, that the technical committee tackled in the 2000 First Edition, and has repeatedly addressed over the various editions of the ISO 14971 standard and the guidance document, ISO TR 24971. I would recommend you start with Annex C of ISO 14971:2019 for basic concepts on Probability of Harm, but ISO TR 24971:2020 has a much more complete discussion in 5.4 and 5.5, taking into account all the contributions to Probability of Occurrence of Harm.
Your present definition is quite simple and may apply for some devices, but you must have a documented rationale behind the system you chose. It is not a simple decision on how to approach POH, and requires you to spend some time understanding the use of the device in its environment of use, the patient population, and the users as well. While many have discussed this in terms of P1, P2, etc, 24971 shows it is more complex, and breaks down P1 to PA, PB, PC, etc. depending on the device and its use.
I would recommend you get and make use of ISO TR 24971:2020. The technical committee spent a lot of time and effort updating all of the informative guidance (not requirements) in this document to help with questions such as yours.
Good luck as you move forward to update your risk management system. And not this is a new term in 14971, intended to comply with the MDR and others who rightly see that risk management is a system in itself. But it is also a part of an entire quality management system as well. It all fits together and works together, not independently.
------------------------------
Edwin Bills MEd, CQA, RAC, BSc, CQE, ASQ
Principal Consultant
Overland Park KS
United States
elb@edwinbillsconsultant.comPrincipal Consultant
Original Message:
Sent: 12-Jul-2021 14:12
From: Kevin Randall
Subject: Probability of Occurrence of Harm (Risk Analysis)
When tackling the estimation of probability of occurrence of harm during medical device risk management, I think it is important to remember that there is no one-size-fits all approach. Instead, each manufacturer's approach needs to be derived and appropriate based on the nature and complexity of the subject device, as well as on the availability (or lack thereof) of supporting data.
The particular approach can either be quantitative or qualitative (see ISO 14971 and ISO/TR 24971). The probability can be estimated per use, per device, per hour of use, within a population, etc. (ISO/TR 24971). The particular comparator (i.e., per use, per device, per hour of use, within a population, etc.) needs to be chosen based on the nature of the device. For example, some devices' intended use (e.g., reusable devices) will intrinsically make the "per hour of use" comparator more appropriate than per device. In contrast, single-use devices may very well be appropriate for a "per device" comparator. The "per device" comparator is where sales numbers may be utilized. As hinted at above, these are longstanding principles that have been part of the ISO 14971 risk management paradigm for many years.
When using a "per device sold" comparator, various factors (e.g., nature and complexity of the device; marketplace tenure, emergent risks or device problems, etc.) will determine whether it is appropriate to use sales per day, per week, per month, per year, cumulative all-time sales, or some other timeframe. It is up to the manufacturer. Just be sure that the chosen paradigm makes sense by giving meaningful insight toward the ultimate goal of properly managing the subject device's risk profile with regard to public health.
Consideration of device lifetime when estimating probability of occurrence harm is also a longstanding best-practice in risk management. Indeed, seeds for this can be found more than two decades back in the year 2000 version of ISO 14971 and even in EN 1441 (1998) that was a gold standard before modern risk management really got traction via the ISO 14971 series. Moreover, the consideration of device lifetime as part of estimating probability of occurrence harm remains a modern best practice today in the latest versions (see ISO 14971:2019 and ISO/TR 24971:2020), for example where it's stated that device lifetime is an important factor for estimating probability of occurrence of harm. Accordingly, it is wise to figure out what is meant by device "lifetime" in the context of risk management and for the estimation of probability of occurrence of harm.
On that note, my experience has been that there seems to be harmonized general agreement on the meaning of device "lifetime". That said, I haven't found many standardized, statutory, or legislative definitions for this. At the moment, I generally rely on, adapt, and/or expand existing explanations such as:
- FDA's 21 CFR Part 803.3: "…(f) Expected life of a device means the time that a device is expected to remain functional after it is placed into use. Certain implanted devices have specified "end of life" (EOL) dates. Other devices are not labeled as to their respective EOL, but are expected to remain operational through activities such as maintenance, repairs, or upgrades, for an estimated period of time…"
- ISO/TR 24971:2020: "…What determines the lifetime of the medical device?...Factors that should be considered include battery depletion, deterioration of materials and failure of components due to ageing, wear, fatigue or repeated use. The availability of spare parts should be considered as well…" [emphasis added].
- FDA's 2016 3rd Party Servicing Workshop: "…Information about reliability is needed to…understand the expected life of the device…" [emphasis added].
- ISO TC/210: "…the rationale for the determination [of medical device lifetime] should be recorded and can involve consideration of the following…shelf life of the medical device…expiry date for medical devices or components which are subject to degradation over time…number of cycles or periods of use of the medical device, based on life testing of the medical device…anticipated material degradation…stability of packaging material…for implantable devices, the residual risk that results from the entire period of residence of the medical device inside the patient's body…for sterile medical devices, the ability to maintain sterility… organization's ability/willingness or contractual or regulatory obligation…" [emphasis added].
------------------------------
Kevin Randall, ASQ CQA, RAC (Europe, Canada, U.S.)
Principal Consultant
Ridgway, CO
United States
© Copyright 2021 by ComplianceAcuity, Inc. All rights reserved.
Original Message:
Sent: 11-Jul-2021 16:52
From: Anonymous Member
Subject: Probability of Occurrence of Harm (Risk Analysis)
This message was posted by a user wishing to remain anonymous
Hi all,
I wanted to gain clarification regarding risk analysis and the probability of occurrence of harm. Currently, our organization categorizes probability as follows:
1. Frequent: >10 incidents per device over the device lifetime OR > 1 out of 100 devices sold
2. Probable: 6-10 incidents per device over device lifetime OR > 1 out of 1,000 devices sold
3. Occasional: 2-5 incidents per device over device lifetime OR >1 out of 10,000 devices sold
4. Remote: 1 incident per device over device lifetime OR >1 out of 100,000 devices sold
5. Improbable: <1 incident per device over device lifetime OR <1 out of 100,000 devices sold
The questions I would like to ask the community are:
1. What is the definition of the "Device lifetime"? Does that mean how long the device can be used for, as indicated on our IFU OR does that mean how long has the device been in production (since regulatory clearance)?
2. What is the definition of "Devices sold"? Does that mean devices sold within the last year OR devices sold cumulative since the device has been in production (since regulatory clearance)?
3. When do should we apply Device lifetime vs. Devices sold?