Risk Management

5,881 views
5,612 views

Published on

Author:
Monitoring Dept., Suyun Medical
May 2005

Published in: Business, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,881
On SlideShare
0
From Embeds
0
Number of Embeds
31
Actions
Shares
0
Downloads
543
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Risk Management

  1. 1. FOR MEDICAL DEVICE Risk Management Monitoring Dept., Suyun Medical May 2005 1
  2. 2. What is Risk Management? A process which will: Identify risks Weigh costs versus benefits Eliminate unnecessary risk Three rules of risk management: Benefits must exceed Cost Accept no unnecessary Risk Decisions must be made at the appropriate Level 2
  3. 3. What is Risk Management for? For ensuring the safety of medical devices! 3
  4. 4. Risk Management Worksheet Required for all operations/training Completed during planning phase Reviewed before operations/training 4
  5. 5. Standards for Risk Management In USA - “Design Control Guidance for Medical Device Manufacturers” • March 11, 1996 - “Guidance for the Content of Premarket Submission for Software Contained in Medical Devices” “ODE Guidance” • May 29, 1998 5
  6. 6. Standards for Risk Management In China YY/T0316-2003/ISO14971:2000 - YY/T0316-2001 Medical devices—Application of risk management to medical devices • IDT ISO14971-1:1998 医疗器械 风险管理对医疗器械的应用 - YY/T0316-2003 • IDT ISO14971:2000 - GB 9706.X-200X • IDT IEC601-1-4:1996 6
  7. 7. Risk Management Terms 1. Intended Use/Purpose 6. Risk analysis 2. Harm 7. Risk evaluation 3. Hazard 8. Risk assessment 4. Risk 9. Risk control 5. Residual Risk 10. Risk management 7
  8. 8. Risk Management Terms 1. Intended Use/Purpose Use of a Product, Process or Service in accordance with the specifications, instructions and information provided by the manufacturer. ANSI/AAMI/ISO 14971:2000, definition 2.5 预期用途/目的 按照制造商提供的规范、说明书和信息,对产品、过程或服务的使 用。 8
  9. 9. Risk Management Terms 2. Harm Physical injury or damage to health of people, or damage to property or the environment. ISO/IEC Guide 51:1999, definition 3.3“Guidelines for inclusion of safety aspects in standards.” 损害 对人体健康的实际伤害或侵害,或是对财产或环境的侵 害。 9
  10. 10. Risk Management Terms 3. Hazard Potential source of Harm. ISO/IEC Guide 51:1999, definition 3.5 危害 损害的潜在 源。 10
  11. 11. Risk Management Terms 4. Risk Combination of the probability of occurrence of harm and the severity of harm. ISO/IEC Guide 51:1999, definition 3.2 风险 损害的发生概率与损害严重程度的结 合。 11
  12. 12. Risk Management Terms 5. Residual Risk Risk remaining after protective measures have been taken. ISO/IEC Guide 51:1999, definition 3.9 剩余风险 采取防护措施后余下的风 险。 12
  13. 13. Risk Management Terms 6. Risk analysis Systematical use of available information to identify hazards and to estimate the risk. ISO/IEC Guide 51:1999, definition 3.10 风险分析 系统运用可得资料,判定危害并估计风 险。 13
  14. 14. Risk Management Terms 7. Risk evaluation Judgment, on the basis of risk analysis, of whether a risk which is acceptable has been achieved in a given context based on the current values of society. ISO/DIS 14971:1999-07 风险评价 在风险分析的基础上,根据给定的现行社会价值观,对风险是否达到可接 受水平的判断。 14
  15. 15. Risk Management Terms 8. Risk assessment Overall process of risk analysis and risk evaluation. ISO/IEC Guide 51:1999, definition 3.12 风险评定 包括风险分析和风险评价的全部过 程。 15
  16. 16. Risk Management Terms 9. Risk control The process through which decisions are reached and implemented for reducing risks to or maintaining risks within specified levels. ISO/DIS 14971:1999-07 风险控制 作出决策并实施保护措施,以便降低风险或把风险维持在规定水平的过 程。 16
  17. 17. Risk Management Terms 10. Risk management Systematic application of management policies, procedures and practices to the tasks of analyzing, evaluating and controlling risk. ISO/IEC Guide 51:1999 风险管理 用于风险分析、评价和控制工作的管理方针、程序及其实践的系统运 用。 17
  18. 18. What Risks Must Be Managed? Risk to safety of patients, users, handlers Business Regulatory Product liability 18
  19. 19. Risk Management Process Risk assessment Risk analysis • Intended use/intended purpose identification • Hazard identification • Risk estimation (likelihood x severity) Risk management Risk evaluation • Risk acceptability decisions ISO 14971 Figure 1 Risk control • Option analysis • Implementation • Residual risk evaluation/Overall risk acceptance Post-production information • Post-production experience • Review of risk management experience 19
  20. 20. Risk Assessment Risk Assessment Tools 1. Risk Matrix 风险矩阵 预先危害性分析/生产 2. PHA= Preliminary Hazard Analysis 工艺过程危险分析 3. FTA = Fault Tree Analysis 故障树分析 4. FME(C)A = Failure Mode Effects (Criticality) Analysis 失效模式和效应(危险程度)分析 5. HAZOP = Hazard Operability Analysis 危害与可操作性/运行分析 6. HACCP = Hazard Analysis and Critical Control Point 危害分析及关键控制点 20
  21. 21. Risk Assessment Applications of Risk Analysis 1. Design 5. MDR 2. Production 6. Change Control 3. Premarket Notifications 7. Failure Analysis 4. Complaints 8. Etc. 21
  22. 22. Risk Assessment Life Cycle Concept & Feasibility Development Scale-Up & Transfer Production System Level Assessment Design Assessment Process Assessment Customer Feedback Assessment 22
  23. 23. Risk Assessment Design Control Concept Planning Development Scale-Up & Transfer Production & Feasibility Test Design Requirements Plan Specifications Methods & Productions Change Control Results Methods Records Risk Preliminary Risk Risk Detailed Analysis Risk Assessment Hazard Management Management (FMEA, FTA, HACCP, etc.) Reviews Analysis Plan Report 23
  24. 24. Risk Assessment Key Concepts of Risk --The frequency of the potential harm; • How often the loss may occur; --The consequences of that loss; • How large the loss might be; --The perception of the loss; • How seriously the stakeholders view the risk that might affect them. 24
  25. 25. Risk Assessment Step 1 – Identify Hazards Laws Codes Standards Events Hazards MDRs List of Identification Accidents Hazards Etc. Brainstorming PHA FTA FMEA Note: Make it simple---Make it COMPLETE 25
  26. 26. Risk Assessment Step 2 – Assess Hazards Determine each hazard’s risk level before controls are in place. (Initial risk level) Assess: The likelihood/probability that an accident will occur because of the hazard. The most likely result of such an accident. The overall risk level of each hazard. The overall operation initial risk level. 26
  27. 27. Risk Assessment Risk Likelihood (Frequency Codes) based on IEC60601-1-4 Frequent Individual: Occurs repeatedly in career >1 经常发生 All: Continuous experienced Probable Individual: Occurs often in career 1 – 10-1 有时发生 All: Occurs frequently Occasional Individual: Occurs sometime in career 10-1 – 10-2 偶然发生 All: Occurs sporadically or several times Remote Individual: Seldom chance of occurrence 10-2 – 10-4 很少发生 All: Expected to occur sometime Improbable Individual: Probably will not occur in career 10-4 – 10-6 非常少发生 All: Possible but not probable, rare Incredible Individual:Occurs so implausibly as to elicit disbelief < 10-6 极少发生 All: Not plausible or believable 27
  28. 28. Risk Assessment Risk Severity (Severity of Consequence Codes) based on IEC60601-1-4 Negligible First aid or minor supportive medical treatment, 轻度的 minor system impairment, minor property damage Minor injury, lost workday accident, compensable Marginal injury or illness, minor system damage, minor 严重的 property damage Permanent partial disability, temporary total Critical disability in excess of 3 months, major system 致命的 damage, significant property damage Catastrophic Death or permanent total disability, system loss, 灾难的 major property damage 28
  29. 29. Risk Assessment Risk Regions Example based on ISO 14971, Fig E.1 Frequent Intolerable Probable Likelihood Occasional ALARP As Low As Reasonably Remote Practicable Improbable Broadly Acceptable Incredible Negligible Marginal Critical Catastrophic Severity 29
  30. 30. Risk Assessment ALARP Curve Increasing Probability of Occurrence Intolerable Region ALARP Maximum Broadly Tolerable Acceptable Risk Region Increasing Severity of Harm 30
  31. 31. Preliminary Hazard Analysis (PHA) Typically a screening tool used in the early phases of design and development For some projects it is the only tool needed Not as quantitative as FMEA/FMECA and doesn’t require detailed product design 31
  32. 32. PHA Steps Risk Matrix Form Severity rankings Frequency codes Estimated risk codes PHA Form Once established should remain same for similar product classes. 32
  33. 33. Estimation of Risk Codes H: High Risk must be reduced I: Intermediate Reduced to ALARP-cost a minor factor L: Low Reduce to ALARP-consider cost/benefit T: Trivial Broadly acceptable ALARP=As Low As Reasonably Possible 33
  34. 34. Risk Matrix Frequency Severity Negligible Minor Major Severe Frequent L I H H Probable L I H H Occasional T I I H Remote T L I I 34
  35. 35. PHA Form Hazards Arising From Product Design Hazard Investigation/ Sev Freq Imp. Controls 35
  36. 36. PHA List known potential hazards Literature Previous projects Reportable events Complaints 36
  37. 37. PHA Start with general product type Sterile (aseptic) liquids Applicable standards Move to product class Contact lens solutions Specific product Daily contact lens cleaning solution Address Habit—tendency to use as always Mistake instructions Abuse 37
  38. 38. PHA Form Hazards Arising From Product Design Hazard Investigation/ Sev Freq Imp. Controls Wrong Material SOPs, Crosscheck Sev Rem I Lack of Stability Stability studies Min Occ I 38
  39. 39. FMEA vs FTA FMEA FTA 1.Assumes 1.Assumes failure of component or part the functionality of a failure product 2.Identifies 2.Identifies functional failure part/module failure as a result of part as cause of failure functional failure 39
  40. 40. FMEA vs FTA FMEA FTA 3.Done for entire design 3.Too difficult to do for entire design 4.Systematic way to predict 4.Systematic way to predict causes new problems for usually know problems 5.A bottoms-up analysis 5.A top down analysis 6.People expect the same 6.People do not expect the same results from FTA which is results from and FMEA not true 7.Often a fault tree is used for a problem or an accident 40
  41. 41. FTA • Assumes fault and analyzes possible causes • Connection tool for PHA* to subsystems or modules • Top down • Deductive • Evaluate system (or subsystem) failures • Considered more structured than FMEA • Graphical presentation--visual picture * Preliminary Hazard Analysis 41
  42. 42. FTA Limitations Only as good as input Needs FMEA as a complement Needs input from many experts-can bog down Human errors may be difficult to predict Many potential fault trees for a system Some more useful Need to evaluate contribution 42
  43. 43. FTA Basic Symbols Basic Flow FAULT Fault in a box indicates that it is a result of subsequent faults OR Connects a preceding fault with a subsequent fault that could cause a failure AND Connects two or more faults that must occur simultaneously to cause the preceding fault 43
  44. 44. FTA Basic Symbols End Points & Connector BASIC FAULT Basic fault (part failure, software error, human error, etc.) Fault to be further analyzed with more time or information if needed In Transfer-in and transfer-out events 44
  45. 45. FTA-Additional Symbols Exclusive OR Gate: Fault occurs if only one of the input faults occurs Priority AND Gate: Fault occurs if all inputs occur in a certain order m Voting OR Gate: Fault occurs if m or more out of n input faults occurs 45
  46. 46. FTA Conventions TRANSFER TO NEXT A PAGE TOP LEVEL EVENT(FAULT) OR GATE;--EITHER OR BASIC FAULT INPUT FAULT MAY RESULT IN AN AND GATE-BOTH OUTPUT FAULT INPUT FAULTS MUST OCCUR AND FOR AN OUTPUT FAULT UNDEVELOPED FAULT/HAZARD 46
  47. 47. FTA Conventions TRANSFER TO B ANOTHER PAGE TRANSFER FROM OTHER OR BASIC FAULT EVENT AND GATE-BOTH INPUT FAULTS MUST OCCUR AND FOR AN OUTPUT FAULT UNDEVELOPED A FAULT/HAZARD 47
  48. 48. Constructing a Fault Tree Write functional requirements in negative Functional requirement: Package Opens Negative: Package Does NOT Open Add additional potential failures Select one failure to address at a time Develop paths of possible causes of failure Branch where necessary Follow one branch to end Root cause Basic event Undeveloped event Develop action plans 48
  49. 49. Undeveloped Event Further analysis FTA FMEA More information Judged lower priority 49
  50. 50. FTA Evaluate system (or subsystem) failures Primary--Due to internal causes that include poor design or use of inappropriate materials Secondary--Due to failures in the operation that include equipment failure Control--Due to failures in the systems that are in place to protect the quality and safety e.g. raw material outside specification failure of safety switch failure of test method 50
  51. 51. FTA Example BALL TOO BALL LARGE DIAMETER BALL POINT EQUIPMENT ESTABLISH PM NOT NOT PROGRAM FUNCTIONING MAINTAINED INCORRECT MFG OF HOUSING EQUIP. CANNOT MEET PEN WILL REQMTS NOT WRITE WRONG VISCOSITY INK NOT FLOWING PARTICLES FILTER INK IN INK FLOW BLOCKED INK DRIED IN PEN NO INK IN A RESERVOIR 51
  52. 52. FTA During Design 52
  53. 53. FTA Lab Failure Other Outliers Calibration OOS OR Error Lab Error OR Systematic OR Interference Other Random 53
  54. 54. FTA During Reliability AND gates are multiplied P(AND)= P(A)*P(B) OR Gates are additive P(OR) ≈ P(A)+P(B) 54
  55. 55. FTA During Reliability HAZARD 4. x 10-9 SYSTEM DRIFT> FAILURE LIMIT 1. x 10-16 + 4. x 10-9 REFERENCE CMPT A FAILS CMPT B FAILS CMPT C DRIFTS DRIFTS 5. x 10 -9 x 2. X 10 -8 3. x 10-9 + 1. x 10 -9 55
  56. 56. What is FMEA?What is FMECA? FMEA - Failure Mode and Effects Analysis FMECA - Failure Mode Effects and Criticality Analysis 56
  57. 57. What is FMEA? Powerful prioritization tool Inductive High effective tool for identifying critical quality attributes High structured Methodical Breaks large complex designs into manageable steps 57
  58. 58. FMEA Bottom up approach Evaluates specific failures Detailed analysis tool - Use in conjunction with PHA and FTA Complements FTA - May lead to different failure results 58
  59. 59. Advantages of FMEA Less analyst dependent than FTA Allows direct criticality assessment of components Valuable troubleshooting aid Identifies areas of weak design Identifies areas of high risk Prevention planning Identifies change requirements 59
  60. 60. Disadvantages of FMEA Disadvantages of FMEA Does not consider operator error Tedious May not apply to all systems--especially software May require extensive testing to gain information May miss some failure modes Time pressures Information missing 60
  61. 61. Definitions Criticality --Weighting of hazard severity with the probability of failure Severity--Seriousness of effect through its impact of the system function Occurrence--Likelihood a specific failure will be caused by a specific cause under current controls Verification --Ability of the current evaluation technique to detect potential failure during design Detection --Ability of the current manufacturing controls to detect potential failure before shipping 61
  62. 62. Definitions Risk Priority Number (RPN)= (S) x (O) x (D) or (V) - Severity (S) - Likelihood of occurrence (O) - Likelihood of detection (D) - Likelihood of verification (V) 62
  63. 63. Process FMEA Identifies potential product-related process failure modes Assesses the potential customer effects of the failures Identifies the potential internal and external manufacturing or assembly process causes Identifies process variables on which to focus controls for - reducing occurrence, or - increasing detection of the failure conditions 63
  64. 64. Sources of Process Defects? Omitted processing Adjustment error Processing errors Processing wrong work piece Errors setting up Mis-operation work pieces Equipment not set up Missing parts properly Wrong parts Tools and fixtures improperly prepared 64
  65. 65. FMEA Summary Powerful tool for summarizing: Important modes of failure Factors causing these failures Effects of these failures Risk prioritization Identifying plan to control and monitor Cataloging risk reduction activities 65
  66. 66. HAZOP Hazard and Operability Study Bottom up analysis Deviations from design intentions Systematic brainstorming based on guide words 66
  67. 67. HAZOP Guide Words No/Not More Less As well as Other than 67
  68. 68. HAZOP Model Design Statement Activity Material Destination Transfer Powder Hopper 68
  69. 69. HAZOP Transfer Powder Hopper Valve closed Valve closed No Line blocked Tank empty Hopper full Pump broken Larger tank More Pump fast Inaccurate gage Other Liquid Wrong than powder 69
  70. 70. HAZOP Plan Guide Deviation Causes Risk Action Who NO Powder flow Valve Low Interlock closed Line Med Operator blocked Training Pump Med PM broken 70
  71. 71. HACCP Risk Management System Biological Hazards Chemical Hazards Physical Hazards Requires Prerequisite Quality System Program Traditionally GMPs 71
  72. 72. HACCP Steps 1. Conduct hazard analysis and identify preventive measures 2. Identify Critical Control Points 3. Establish critical limits 4. Monitor each critical control point 5. Establish corrective action to be taken when deviation occurs 6. Establish verification procedures 7. Establish record-keeping system 72
  73. 73. HACCP Decision Tree 73
  74. 74. HACCP Worksheet Firm Name: Product Description: Firm Address: Method of Storage and Distribution: Intended Use and Consumer: 1 2 3 4 5 6 Material/pro Identify potential Are any potential Justify your What preventative Is this step a cessing step hazards introduced, safety hazards decisions for measures can be critical controlled or significant? (Y/N) column 3. applied to prevent control point? enhanced at this the significant (Y/N) step(1) hazards? Biological Chemical Physical 74
  75. 75. HACCP Plan Firm Name: Product Description: Firm Address: Method of Storage and Distribution: Intended Use and Consumer: (1) (2) (3) (8) (9) (10) Critical Significant Critical Monitoring Corrective Records Verification Control Hazards Limits for Actions Point each Action (4) (5) (6) (7) What How Frequency Who 75
  76. 76. Risk Control Develop Controls, Implement Controls, Assess Residual Risk and Make Risk Decision Develop specific controls for each hazard. Do not lump controls together for multiple hazards. Be specific – don’t reference other documents. Controls should result in reduction of severity, or probability or both If there is no reduction re-look the controls 76
  77. 77. Risk Control Develop Controls, Implement Controls, Assess Residual Risk and Make Risk Decision Assign responsibility for implementation of controls. Communicate requirements to all involved. Incorporate into mission documents and briefings. SOPs Orders Briefings and back-briefs Training Rehearsals 77
  78. 78. Risk Control Develop Controls, Implement Controls, Assess Residual Risk and Make Risk Decision Risk acceptance decision must be made at appropriate level based on residual risk. Acceptance authority mandated by ? . Risk acceptance must be documented by appropriate individual signing the RMWS. 78
  79. 79. Risk Control Extreme risk Commanding General level High risk Brigade/group commander or appropriate level Moderate risk Major unit commander or appropriate level Low risk As determined by major unit commander 79
  80. 80. Post-production information Surveil All staffs are responsible for: Performing to standard Executing controls Recognizing unsafe acts and conditions Leaders are also responsible for enforcement Evaluate Effectiveness of controls (adjust/update) Feedback 80
  81. 81. *Remember* Risk Management Process Assess Hazards Develop Identify Controls, Implement Hazards Controls & Make Risk Decisions Surveillance & Evaluation 81
  82. 82. CONSIDER: ACCIDENT CAUSE FACTORS Human Error - 80% an individual’s actions or performance is different than what is required and results in or contributes to an accident. 82
  83. 83. ACCIDENT CAUSE FACTORS Materiel Failure/Malfunction - 5% a fault in the equipment that keeps it from working as designed, therefore causing or contributing to an accident. 83
  84. 84. ACCIDENT CAUSE FACTORS Environmental Conditions - 15% any natural or manmade surroundings that negatively affect performance of individuals, equipment or materiel and causes or contributes to an accident. 84
  85. 85. SOURCES of HUMAN ERROR Individual - 48% Staffs knows and is trained to standard but elects not to follow the standard (self-discipline). Example Soldier knows there is a requirement to be certified on servicing tires and although he isn’t certified, he attempts to service the tire anyway so he won’t have to wait for maintenance personnel. 85
  86. 86. SOURCES of HUMAN ERROR Leader - 18% Leader does not enforce known standard. Example Leader sees the unqualified soldier changing the tire and doesn’t stop him. 86
  87. 87. SOURCES of HUMAN ERROR Training - 18% Staffs not trained to known standard (insufficient, incorrect or no training on task). Example Soldier has never had any training on how to service split rims and didn’t know that a tire cage and air extension is required for inflation. 87
  88. 88. SOURCES of HUMAN ERROR Standards - 8% Standards/procedures not clear or practical, or do not exist. Example The unit SOP requires the use of a tire cage, however it does not require the use of a twelve foot air gage extension. 88
  89. 89. SOURCES of HUMAN ERROR Support - 8% Equipment/material improperly designed resources/not provided. Example The unit tire cage was not properly constructed and the unit does not have a twelve foot extension for the air gage. 89
  90. 90. Stop Worrying...It Does Add Up Individual 48% Leader 18% Training 18% Standards 8% Support 8% = Total 100% 90

×