Authorities ask Legal Manufacturers to perform a Risk Analysis for their Medical Devices according to ISO 14971. However, the expectation is that Legal Manufacturers also perform Failure Mode and Effects Analyses (FMEAs) regarding design, usability, software, and processes. The purpose of these FMEAs is to help identify failure modes that may lead to risks for patients, users, or the environment, and as such, they feed into the overall Risk Analysis.
A Risk Analysis and an FMEA differ in what they analyse – the former examines risks whereas the latter examines failure modes. Consequently, they also differ in the applied method. Yet these differences are often not considered by manufacturers, which can lead to inefficient and ineffective risk analysis processes.
In this article, our Head of Quality Dr Dirk Hüber emphasises the differences between Risk Analysis and Failure Mode and Effects Analysis (FMEA) and outlines how taking their key differences into account can facilitate a more efficient and effective risk management process.
A risk, according to ISO 14971, is defined as a hazardous situation that may lead to a harm to the patient, user, or the environment. The hazardous situation may also be called a failure mode, and it is triggered by a failure cause.
The risk is assessed by the severity of the harm and the probability of the harm happening:
The severity assigned to a harm needs to be defined by a person with the expertise to judge the effect on a patient; usually this is a medical doctor or medical officer.
Once your high-risk products are in the field, the occurrence of the harm is your complaint rate. For lower risk products, your complaint rate may correspond more to the occurrence of the hazardous situation. In this case, it is advisable to split the occurrence of the harm into two circumstances:
The probability of the harm to occur then becomes the product of these two probabilities. Again, in this case the occurrence of the harm if the hazardous situation has happened needs to be defined by a person with the expertise to judge this probability (a medical doctor or medical officer).
It is an erroneous assumption that FMEAs identify and assess risks – they do not. As the method name states, FMEAs identify and assess failure modes and their effects. The effect of a failure mode is not a risk, and furthermore not a harm to a patient.
Instead, depending on the type of FMEA, the effect of a failure mode may involve implications for:
Consequently, FMEAs do not require medical expertise – they can be performed by engineers.
An FMEA identifies and assesses failures rather than risks. Accordingly, a failure is defined and assessed differently to a risk. There are similarities though, which can often lead to confusion if the differences are not properly understood.
In an FMEA, the effect also has a severity, but the “occurrence” is the occurrence of the failure mode with respect to a specific failure cause, and not the occurrence of the effect.
Detectability is also assessed in an FMEA. This is the probability of detecting the failure mode before the effect has set in, so that the effect can be prevented.
Sometimes, the occurrence and detectability of the failure mode are combined into a likelihood, which then represents the likelihood of the effect to occur:
This likelihood, however, is not the probability of the effect to occur, it only correlates to the occurrence of the effect, i.e., the higher the likelihood, the higher the probability of the effect to occur, and vice versa. The exact relation between likelihood and occurrence depends on the probability of the effect to occur if the failure mode happens and is not detected; this probability is not considered in an FMEA.
Whilst detectability is sometimes assessed within a Risk Analysis, given the above introduction of the likelihood in FMEAs, it becomes clear why it should in fact be omitted.
Since the occurrence in a Risk Analysis is the probability that the harm happens, this probability already includes the probability that the hazardous situation is detected, and the harm is prevented. In other words, if the hazardous situation is detected the harm doesn’t occur, and a high detectability will reduce the occurrence of the harm – analogous to the likelihood that already incorporates the detectability.
Of course, a design, usability or software failure may lead to a risk for a patient. Similarly, a process failure may result in a design failure that in turn may lead to a risk for a patient. Thus, the risk arising from, for example, a design failure, must be assessed in the risk analysis.
On the other hand, for a known risk, the design failure leading to that risk should be analysed in the Design-FMEA. Similarly, for a process failure leading to a design failure, that design failure must also be analysed in the Design-FMEA. Furthermore, for a design failure caused by a process failure, the process failure should be analysed in the Process-FMEA. Put simply, the risk analysis and the different FMEA types do not and should not exist in isolation – they are inherently connected to each other.
When FMEA and Risk Analysis are completed in harmony, with their key differences, attributes and interconnected relationship considered, your risk management process stands to benefit in terms of efficiency and effectiveness, saving you both time and resources in the long run.
For further reading on risk management, take a look at our informative follow-up article on How to connect failure modes and risks in a risk management file. And should you have a challenge relating to Risk Management, our Quality team is ready and happy to help. Simply get in touch to start the conversation.