This page contains a Flash digital edition of a book.
electronica 2012 ELECTRONICS DESIGN


Dealing with risk in medical electronics design


New standards incorporate the concept of risk management into the design of devices. Jean-Louis Evans considers what impact this will have not only on manufacturers but throughout the entire supply chain


T


he transition period for the Third Edition of the Medical Electrical Equipment Standard (EN 60601-1:2006) came to an end on 1 June 2012. It now incorporates the concept and application of risk management in the design and production of devices. This not only has implications for the end-product manufacturer, but also component providers, cascading through the entire supply chain.


While the medical equipment world might view this as more red tape, the updates have been made to ensure that safety legislation keeps apace with the rapid changes in technology development. Part of this is that the Third Edition requires that a detailed risk management File (RMF) is kept - one of the most significant changes in approach. To meet the requirements of the Third Edition one must have a process in place that complies with ISO 14971 ‘Application of Risk Management to Medical Devices’ and many of the tests that are required to demonstrate compliance with the Standard make reference to the RMF. The Third Edition also has 153 direct links to risk management and requires that the RMF is updated, meaning that it is a ‘live’ document that must be updated to match any changes in manufacturing processes or the materials used.


The RMF allows for the required testing


process to be modified depending on how the device must comply with some aspects of the Standard. Whereas in the past there was a simple ‘pass’ or ‘fail’ against test criteria, now if a device does not meet some of the Standard’s test criteria (often because it is a new technology that is not covered by the Standard), a manufacturer can mitigate that risk within the RMF. They do this by providing a researched rationale of the associated risk and why the product is still safe to use. In theory if a manufacturer can show ‘equivalent safety’, they can substitute or deviate from any test-based requirement by using the RMF. While the risk management process allows both designers and manufacturers more flexibility, the RMF should not be viewed as a ‘catch all’ that can be used to ignore test


20 CIE electronica 2012


failures. They are still expected to demonstrate that the risk assessment takes into account applicable regulations and standards, stakeholder concerns and state-of-the-art processes, and that acceptable risks are rationally based and measurable. Assessing risk


But, how do you assess risk? Risk is a combination of the probability of occurrence of harm and the severity of that harm. A number is usually worked out for each and they are multiplied to reveal the risk level. However, it is important to remember that this combination does not necessarily mean ‘multiplication’, as multiplying the numbers is not always reliable and a certain amount of common sense should also be used. It is therefore important not to just accept the final risk level, but to review how likely this is to occur as part of the risk management process and mitigate for it if necessary. The risk


management process must be used throughout the design process to determine whether a particular requirement is applicable or not, whether an alternative requirement can be substituted, and whether it can be satisfied with alternative test criteria or testing procedures. It is essential that for any new product that


risk is first assessed and then any tests to meet the Standard completed. This means thinking about the RMF at the beginning of and at each stage of product development. If you do not do this, but look at risks retrospectively, and if further down the line a failure is identified, it could be a costly exercise to correct it. It therefore pays to assess if a new risk has been introduced at every phase of product development. For existing products, use historical user data as part of the risk management process, such as failures and accident rates. Also, look at customer complaints and warranty returns. If it is a new product with similar ones already on the market, it is also possible to benchmark against those and use their data. End-user misuse


For the first time, the Third Edition has


introduced the term ‘essential performance’. This means that the scope of the standard is now expanded beyond basic safety requirements to ensure that the product does the job from the end-user's perspective. This also brings in the issue of including possible misuse within the


TÜV SÜD Product Service | www.tuvps.co.uk


Jean-Louis Evans, Managing Director at TÜV SÜD Product Service, a global product testing and certification organisation


The difference between the Second and Third Editions is that risk management should be the driver to make the product safe, but not an excuse for designers and manufacturers to prove that they considered a risk, but didn’t do anything about it. From product concept to end of lifetime you must now consider the risk management chain. When first considering the changes brought in by the Third Edition, many may see only added product development time, a lag in time to market and costs, rather than product improvement opportunities. The RMF should actually be viewed as a useful tool that helps to reduce risk at all stages of the process, making a genuine contribution to product development by helping to improve the final medical device that is eventually sold to the end-user.


RMF and ensuring that recommendations relating to this are included within the user manual.


While there is no finite answer on how far you have to go with this, best advice would be to ‘go as far as society’s values and common sense suggest’. The RMF is the proof that you have considered misuse as far as practicable and mitigated against any possible risk to the best of your ability.


The Medical Devices Directive and the CB Scheme state that the risk management process must be verified by an auditor and part of this process will be to review the RMF. It is also logical that any certifying organisation will want to assess the manufacturer’s risk management process as part of the certification process. No reputable certifier would just accept the manufacturer’s file.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68