Johner-Institute arrowRisk Management & ISO 14971arrowRisk mitigation through information?

Risk mitigation through information?

Whether risk mitigation through information is permitted regularly leads to discussions. The answer to this question is important because it determines the conformity and non-conformity of medical devices.

This article provides the answer and thus resolves a "historical misunderstanding."

1. Regulatory framework

All manufacturers are obliged to minimize the risks posed by their medical devices. In relation to the benefit of the device, the residual risks must be acceptable.

To minimize the risks, there are several types of measures. Laws such as MDR and IVDR and the risk management standard ISO 14971 specify these types and the order in which they must be applied (see Fig. 1).

Fig. 1: Manufacturers must first strive for the inherent safety of the devices. If this is not possible, they must take means of protection. If these are not sufficient, they must inform about the residual risks and strive for (further) risk control or risk mitigation through information (click to enlarge).

Thus, there is no general prohibition of risk control or risk mitigation through information.

2. Types of information

To answer the question of whether risk mitigation through information is permitted, an overview of the different types helps:

  • Warnings on the device, e.g., labels or pop-ups on software interfaces
  • Information in instructions for use and other accompanying materials about the correct use of the device
  • Information in instructions for use about residual risks
  • Training of users

3. Trigger of the confusion

When harmonizing ISO 14971:2012, the harmonization service provider lawyers wrote in Annex Z:

… manufacturers shall not attribute additional risk reduction to the information given to the users…

Annex Z of ISO 14971

In doing so, the lawyers, unfortunately, lumped together two types of information:

  • Information that "only" lists any residual risks. This is a requirement of the MDR Annex I, Section 4 ("Manufacturers shall inform users of any residual risks.").
  • Information that presents concrete and specific measures to minimize risks. These contain specific instructions for persons to take action when handling the device.

4. The resolution

The list of residual risks is ...

  • comparable to the package insert with the side effects of drugs,
  • is a regulatory requirement and
  • no (!) risk minimizing measure.

Instructions for action for the users ...

  • are regulatory required, if risks can be minimized with it,
  • then count as risk-minimizing measures and
  • are also allowed as such.

Team-NB also shared this assessment in a consensus paper in 2014.

Example

With every electrically operated medical device, there is a risk of electric shock. This (residual) risk exists even if the manufacturer complies with all measures prescribed by IEC 60601-1 (e.g., on clearance and creepage distances). The manufacturer must enter and publish this risk in the list of residual risks.

The user can consider this information when making a risk-based decision for or against the use of the device. He cannot prevent the electric shock itself (e.g., in the event of a product defect). Accordingly, providing this information to the user is not a risk-minimizing measure.

If, on the other hand, the manufacturer specifies in the instructions for use that the technician must disconnect the mains plug before carrying out repairs and before opening the enclosure, then this is a clear instruction for action that, if fulfilled, minimizes the risk, namely, the risk of getting an electric shock when coming into contact with electrical components inside the device.

5. Conclusion

Risk mitigation through information is, therefore, perfectly permissible. A distinction must be made between:

  • Information listing all residual risks
    Publication of the list of residual risks is required by regulation and is not a risk mitigation measure.
  • Instructions for users
    They are required by regulation if they can be used to minimize risks. They are permitted as a risk-minimizing measure.

Attention

The manufacturers must prove the implementation and effectiveness of risk-minimizing measures. Usability tests usually review risk-minimizing measures by information.

Training documents and instructions for use are part of the user interface and are, therefore, subject to the regulatory requirements for usability and within the scope of IEC 62366-1.

Do you still have questions about risk management? Then benefit from

This will ensure that there are no problems with audits and inspections of your technical documentation and no delays in the approval of your devices.

Further information

Read more about risk mitigation and more about risk management in general.

Christian Rosenzweig

Author:

Christian Rosenzweig

Find out what Johner Institute can do for you
Starter-Kit_rot_dunkel

A quick overview: Our

Starter-Kit

Learn More Pfeil_weiß
blog_rot_dunkel

Always up to date: Our

Newsletter

Learn More Pfeil_grau
back-to-top

Back To Top

X

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.

I accept

Individual Cookie Settings

Privacy Notes Imprint

X

Privacy settings

Here is an overview of all cookies use

Required Cookies

These cookies are needed to let the basic page functionallity work correctly.

Show Cookie Informationen

Hide Cookie Information

SERVERID

Provide load balancing functionality.

Provider : SERVERID
Cookiename : SERVERID

PHPSESSID

Provides functions across pages.

Provider : PHPSESSID
Cookiename : PHPSESSID

Hubspot Forms

Used for the google recaptcha verification for online forms.

Provider : Hubspot
Cookiename : _GRECAPTCHA
Runtime : 183
Privacy source url : https://policies.google.com/privacy?hl=en&fg=1
Host : js.hsforms.net

Cookies for Statistics

Statistic cookies anonymize your data and use it. These information will help us to learn, how the users are using our website.

Show Cookie Informationen

Hide Cookie Information

Google Analytics

Tracking and analys of traffic on our websites.

Provider : Google Inc.
Cookiename : ga_*, gi_*, gat_gtag_*
Runtime : 365
Privacy source url : https://policies.google.com/privacy
Host : google.com

Matomo

Tracking and analys of traffic on our websites.

Provider : Matomo
Cookiename : pk_ses*, pk_id*
Privacy source url : https://matomo.org/privacy-policy/

Cookies for Marketing

Marketing cookies from thrid parties will be used to show personal advertisment. They use them to track users outside of their own web page.

Show Cookie Informationen

Hide Cookie Information

Hubspot

Keeping track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts. It contains an opaque GUID to represent the current visitor. It also introduces cookies from linked in for marketing reasons.

Provider : Hubspot
Cookiename : hubspotutk, __hssrc, test_cookie, lidc, li_gc, lang, lang, bscookie, bcookie, _gcl_au, __hstc, __hssrc, __hssc ,__cf_bm, UserMatchHistory, AnalyticsSyncHistory
Runtime : 730
Privacy source url : https://legal.hubspot.com/privacy-policy
Host : .hubspot.com

LinedIn

LinkedIn conversion tracking.

Provider : LinedIn
Cookiename : li_fat_id, li_giant, VID
Runtime : 365
Privacy source url : https://www.linkedin.com/legal/privacy-policy?trk=content_footer-privacy-policy
Host : .linkedin.com

Cookies for external Content

Content for Videoplatforms und Social Media Platforms will be disabled automaticly. To see content from external sources, you need to enable it in the cookie settings.

Show Cookie Informationen

Hide Cookie Information

Google Maps

Used to display google maps on our Websites. Google uses cookies to identify and track users.

Provider : Google inc
Cookiename : NID
Runtime : 183
Privacy source url : https://policies.google.com/privacy?hl=en&fg=1
Host : google.com

I accept

Save

Back

Privacy Notes Imprint