Many medical device manufacturers are working with FMEA. The concern is, does FMEA meet the regulatory requirements as to mark? Is FMEA the same as risk analysis? Or even risk management according to ISO 14971?
This video is an extract from the online course Risk Management for Medical Devices and ISO 14971:2019.
What is FMEA?
FMEA stands for Failure Modes and Effects Analysis. Did you know that there is a standard for FMEA? It is called IEC 60812. When I refer to FMEA, I mean FMEA as it is defined in the IEC 60812 standard. And, why do I do that? The advantage of using the standards’ terms and concepts are that someone else has done the work for you on defining it. In fact, it is not only “someone” but a group of international experts that have done so.
Design-FMEA
This is what FMEA could look like. In this example, you can see a Design-FMEA or D-FMEA. The D-FMEA looks at components and what failure of such components would lead to. In this example, you can see how design choices or design failures leads to a breakdown of system performance. The risk is measured using an RPN number, which is short for risk priority number.
Process-FMEA
Here is another example, in this case, it is a Process-FMEA or P-FMEA. Instead of looking at how parts of the design could fail, you look at how the production process could fail. Please note the Pd, which is an abbreviation of the probability of detection or detectability. This is a measure of how easy it is to detect the failure and prevent it from being released and then actually having an impact on the reliability of the product. The more likely the failure is to be detected, the lower the Pd score, meaning the risk would receive lower priority on the RPN scale if you are likely to detect the failure.
How do you perform FMEA?
Having looked at these examples, you may have noticed that FMEA starts with details or components. You would be looking at how specific components or process steps could fail. And there was no mention of harm in these FMEAs, were there? And since you have only looked at failure, risks relating to normal use have not been included. FMEA…:
- starts with details / components
- looks only at how they fail
- does not include harm, and
- does not include risks in normal use
Let’s compare this with ISO 14971 risk management.
The 4 major differences between FMEA and ISO 14971:2019
1. Normal and fault conditions
Risk management according to ISO 14971 includes risks both from normal use, reasonably foreseeable misuse and fault conditions. Whereas FMEA only looks at risks relating to failure. This means that ISO 14971 would include for example the risk of infection when using a urinary catheter. As you may know, you could get such an infection even if the catheter was used exactly as prescribed, nothing was broken and the device was sterile when opening the packaging. You can still get an infection. This means that you get the infection during normal use, and it is a risk that should be addressed.
It may not mean that we can reduce it, but what we can do is to inform the users of this residual risk, so that they can make an informed decision on whether they want to use the product or not. This risk would never be captured when using FMEA.
2. Risk analysis starting with hazards
Below is an example of a hazard traceability matrix or risk analysis. Please note what you should start with on the left-hand side.
Risk analysis starts with hazards on the left-hand side of the table.
Hazards are potential sources of harm. The good thing about starting your risk management work with hazards is that in most cases you can identify the most important risks without doing any detailed design whatsoever.
In fact, you are likely to be able to come up with quite a few important risks already in the conceptual stage of product development.
Examples of potential sources of harm or hazards:
- Viruses
- Bacteria,
- Electricity
- Sharp edges
- Toxic residues from production.
And these hazards can be identified at a very early stage. And finding risks at an early stage usually saves a lot of money compared to finding them and having to mitigate them later on in a product development project. Or even worse, mitigating them after you have released your product.
On the other hand, if you are going to be looking at components or process steps in production, it requires that the design or process, in general, is quite mature. And this, by definition, will happen late in your product development, resulting in a late start in risk management.
3. Severity should be based on harm
Another major difference between ISO 14971 risk management and FMEA is that the severities are rated differently.
ISO 14971 will be looking at the severity based on the harm to people. Whereas FMEA looks at severity from a system performance point of view. Meaning that a small loss of function would be a low severity and a total breakdown of system performance is a high severity. Even if the partial loss of function kills a few patients, it is still low severity, because FMEA does normally not look at harm. And if you identify risks that kill people, they should have the highest severity in risk management when done according to regulatory requirements and ISO 14971.
4. Managing all risks?
The last major difference that I would like to bring up is that ISO 14971 risk management is a very comprehensive approach that will address and manage all risks related to a medical device. There are some minor exceptions to this, so using the word all is a very strong expression, but as a rule of thumb, it does hold water.
FMEA, on the other hand, is a reliability tool. Which by definition does not include all risks. BUT, if the safety of your system is dependent on reliability, for example as in the case of a life supporting medical device, using FMEA may be a good idea to achieve reliability and thereby also safety.
Summary
So, now you’ve seen the major differences between ISO 14971 risk management and FMEA according to the IEC 60812 standard. It is important to remember that if you only use FMEA, you do not meet the requirements of the ISO 14971 standard.
And this in turn usually means that you do not meet the requirements of the medical device regulation, nor are you likely to meet FDA’s expectations on risk management in the US.
If the product you are working with has essential performance, i. e. it has to function to be safe. If the product needs to function to be safe, the reliability is important, thus the FMEA should be considered. Even so, the FMEA will only be part of the overall risk management process and primarily focus on parts of the system that are essential to the performance.
If you perform only FMEA as defined in IEC 60812, you will not comply with the requirements of ISO 14971.
Would you like to learn more about Risk Management?
Get instant access to our online Risk Management for Medical Devices and ISO 14971:2019 course right here. In 6 hours, you can learn more about how to develop new medical devices and maintain them in organisations where design control requirements apply. This course is taken by quality assurance, project management, design engineering or those involved in R&D and product development teams.
Peter Sebelius
Peter Sebelius is a highly esteemed trainer, consultant and entrepreneur in the medical device industry. He is a member of the Joint Working Group that is revising the ISO 13485 and ISO 14971 standards.
He has vast ‘hands on’ experience, having developed, amongst other things, a mechanical chest compression device and an ex vivo perfusion machine for lungs. He has received numerous awards including the Great Design Award and the title “This year’s specialist” by Veckans affärer.
Hi there, is there a document uses to record the “Normal Condition Hazards’ required by ISO 13485, similar to the ones used for FMEA? Would it be sufficient to use our existing FMEA to document the NCH?
Hi Eddy,
If I read your question right, you are asking if hazards that are related to normal use can be documented in what I refer to as Hazard traceability matrix? If so, yes. FMEA would normally not include any hazards at all, just failure modes. And failure modes are rarely hazards. Let me know if I understood you correctly.
/Peter
Hi Peter. What if I don’t do FMEA at all? Is there a standard or regulation that requires that I perform process FMEA, design FMEA, etc? You have great information here and you present it very well. I will be looking into purchasing your courses.
Hi,
No regulation requires FMEA, but all require risk management (all is a strong word, but I believe it is true without having checked every country in the world). FMEA is just one tool that you may be working with to identify risks. It is also noteworthy that FMEA, as it is defined in IEC 60812 does not meet the requirements in ISO 14971, so risk management according to ISO 14971 should ideally be the starting point, then FMEA can be added to that when/if needed. I hope this helps?!
/Peter
Hi,
When considering hazards of stages where the device is not in use, for example manufacturing or transportation, is it only risks at point of use that should be considered, or should risks to those involved in the manufacture and transport processes also be captured?
Thanks
Hi Matthew,
There is nothing preventing you from considering the risk to production personnel when performing risk analysis, but it is very unusual and my recommendation would be to address risk to production personnel in your work environment procedures instead. I have yet never come across any regulatory body asking for risk analysis including production personnel.
Hope this helps!?
Peter
Hi Peter,
Yes this is very helpful, thank you.
Hi,
Regarding the question of Mr Burden , the standard requires us to manage the risks associated with hazards and hazardous situations during the life cycle of the medical device.
The manufacturing and the tranportation must also be considered in my understanding.
Thanks.
Hi,
Sure, you are right, risks from all lifecycle phases must be considered, but Mr Burden’s question was relating to production personnel (and those shipping the product). And at least for the production personnel, it is very rarely included in risk analysis. But of course, risks to people that are the result of events in production must of course be included.
Hope this helps to clarify it!?
/Peter
Hi,
Thank you for your feedback Peter.
It’s clear.
Hi Peter, the reference to individual risk analysis methods was transfered from ISO 14971 to ISO/TR 24971 where in B.5 the FMEA technique is referenced as a tool to be used for dealing with risks associated with medical devices. Also, there is a note suggesting IEC 60812 for further information on FMEA.
Also, I believe that “failure” can be replaced by potential hazard with associated severity, occurrence and detectability which makes it a powerful risk analysis tool. Obviously, we do not need to the ranking from 1 to 10, rather to 5 or 7 to make it more practical.
Hi Mark,
In this case it is very important be very accurate in terms of what words we use and what they mean. B.5 does not specify that FMEA can be used to “dealing with risks”. It describes FMEA as a method. FMEA, as it is defined in the IEC 60812 and various automotive standards and guides is merely a risk analysis tool that can aid in the identification of some types of risk. FMEA would for example not identify any risks from normal use. It is also restricted to single-fault failures and would therefore miss out on risks relating to what the ISO 14971 refers to as “combinations of events”.
Also, “failure” is fundamentally different from “hazards”, thus those terms should not be used interchangeably.
Not using ISO 14971 as the basis for risk management, but only resorting to FMEA has not been ok from the perspective of the medical device directive, nor is it with reference to the MDR or the IVDR. And a lot of companies are receiving a lot of remarks from notified bodies in conjunction with MDR submissions when they either use only FMEA or when they are using FMEA AND ISO 14971 risk management but has failed to connect the dots between the two. It is particularly difficult to make the Pd work with Po. And with emphasis on establishing thresholds for risk and benefit in the MDR, which implies working with risks numerically, the FMEA and the use of Pd becomes even more problematic.
Therefore, my strong recommendation is that if you are only working with FMEA, do implement a risk management process that meets the requirements of ISO 14971. If you are using both an ISO 14971 risk management process and FMEA, make sure that the two processes are connected, thus you can explain how P x S x Pd is connected to Po x S. Or use a bottom to top approach in your risk analysis as part of your ISO 14971 process.
The above assumes FMEA is performed in accordance with IEC 60812 or any of the guidance documents out there on FMEA. Some companies are working 100% according to ISO 14971 and just call it “FMEA”. Then it is a different story of course.
Cheers,
Peter
Hi Peter,
many thanks for the prompt response.
In my view, the term “failure” is not limited to mechanical failure such as failure of an X-ray stand caused by a fatigue crack. I understand under failure any effect of a hazard. That means failure to achieve the intended purpose of an MD through a given hazard, e.g. failure to achieve the correct dose of radiation (too high or too low), failure to retrieve the correct patient data from the PACS SW, a failure to deliver the MD undamaged to the customer, etc. And in my view, it is still FMEA.
Maybe I am a little biased towards FMEA since this tool was developed at NASA and I worked for NASA in 1967 / 1968.
I appreciate our discussion.
Have a nice day.
Mark
Hi Peter,
Risk is typically defined as the combination of the probability of occurrence of harm and the severity of that harm.
However, in our study, one of the risks for the patient corresponds to the underdose. This harm can be detected or not by the user and we wondered if it was wise to have 2 different levels of severity between these cases?
My second question, when we talk about detection here, is it the same as the one used in FMEA? If yes, how to approach this point because in our risk analysis 14971, we judge only sevrity and occurence.
I hope to be clear enough and thank you in advance for your feedback.
Best regard,
Hi,
I would like to know how risk analysis according to ISO 14971 and D-FMEA or P-FMEA are linked?
In one side I identify hazard and hazardous situations which can lead to patient safety and in other hands I evaluate potential failure mode and effect on the device performances.
At the end, I don’t see how to connect the 2 studies
Hi,
Well, it is a good question. But I am afraid the answer is not that simple. It is simply difficult to link FMEA to ISO 14971. It is of course not that difficult if you use the FMEA as a risk identification technique and stop at the “system end effect” and bring that over to the risk analysis according to ISO 14971. But as soon as you start doing risk evaluation and risk control in the FMEA and in the ISO 14971 for the same risks, it becomes problematic and very challenging to explain or manage. There are a few different ways to do it, but I am afraid I can’t give a simple answer to it here, because it depends on how you do the FMEA and what tools you have to support the “linking”.
I am looking at including more in-depth information about this area in the upcoming advanced risk management course.
The simplest way to “link” the two is to remove the FMEA and put in the detailed analysis in a hazard traceability matrix similar to the one on this course and then use the FMEA fields in the “Reasonably foreseeable sequence of combination of events” column.
Hope this helps?!
Cheers,
Peter
One approach I have always taken is to consider the ISO 14971 risk analysis (let’s call it a “hazard analysis” for shorthand) as the top-down risk assessment tool, and the FMEA as the bottom-up tool. The FMEA identifies the failure modes and their effects on the quality of the product. That effect can be considered to be a hazard, a potential source of harm (e.g. if a piece of tubing fails, it could cause a leak; a leak could be a hazard depending on what leaks and where). This hazard can then be ported to the hazard analysis and the risk analyzed per the 14971 requirements (along with all the normal-use or non-failure-related hazards). Note that in this scenario, you may have multiple failure modes that eventually lead to the same hazard/hazardous situation, or one effect of failure that leads to multiple hazardous situations. This is explicitly promoted in Annex C of 14971:2019., and thus I find it a robust method of tracing failure modes to their related harms and risk.
Note that this approach requires that all the patient safety risks be analyzed in the hazard analysis, and the FMEA analysis stops with the quality effect of the failure on the product. “Severity” in the FMEA must focus on the performance of the product and not the harm that could befall the patient. It also requires the discipline to keep both sets of documents up to date, or use a database system to track how failure mode effects are ported to the related hazards. But it’s not impossible, and has the added benefit of separating probabilities of failure for failure modes from probabilities of occurrence of harm, which are almost never the same thing.
Hi Jeff,
Thanks for adding to the discussion.
There isn’t any mention of FMEA in the ISO 14971:2019; you can, however, find it in the ISO/TR 24971:2020 Annex B, where it is mentioned as a “technique that can be used to support a risk analysis.” But I think you might have been referring to the concept of of using multiple techniques for risk analysis?
I would also see the linking between the ISO 14971 and FMEA a bit differently. I think that the failure modes are rarely the same as the hazards. The failure mode is more likely to be part of the sequence or combination of events. I am being picky here, but it is important to understand these differences when applying the risk control options. FMEA has a tendency to take the design as “given”, because a lot of FMEAs would start with the BOM. And this can prevent the application of “inherent safety by design”.
Other than that, I completely agree with you. And the method that you describe (and the challenges) is one way that the two can be combined. Another challenge is to make people understand the differences between the two when and if they attend workshops for both ISO 14971 risk management and FMEA.
Cheers,
Peter