Best practices for using FMEAs for medical devices
Insights from a Let's Talk Risk! conversation with Roger Hill
Note: this article highlights a few insights from a conversation with Roger Hill as part of the Let’s Talk Risk! with Dr. Naveen Agarwal series on LinkedIn. Listen to the full recording of the discussion below.
Engineers in the medical device industry commonly use an FMEA1 to identify different failure modes, their causes and effects on the product or process. When used correctly, it is highly effective in identifying and implementing appropriate control measures to improve product quality and reliability.
However, industry practice has evolved to generally rely on the FMEA as the only tool for risk analysis2. The main problem with this approach is that system level hazards and hazardous situations cannot be easily linked to individual failure modes identified in an FMEA. Further, harm can occur even when a medical device is operating in the normal mode.
A side effect of this practice is confusion between risks of failure and risks of harm to the patients or users. Excessive use of an FMEA to the point of excluding other more appropriate techniques turns this into mostly a paper exercise!
There is much more to hazard analysis3 than FMEA!
When the only tool you have is a hammer, every problem seems to be a nail.
In our conversation, Roger shared many real-life challenges in the current industry practice of using FMEAs for risk analysis:
Engineers are under a lot of pressure from the business to speed up the development and product launch. FMEA simply becomes a deliverable for the risk management file that needs to be completed prior to launch.
There is a lot of guess work in going from a failure mode to harm. It is common to see team members imagining and speculating the worst possible outcome for the patient starting from a single failure mode.
Each member of the team has a different level of training and experience. FMEA working sessions tend to be long and exhausting. The first hour is generally spent in aligning the team members on the process. Going line by line, building up the sequence of events for each failure mode tends to drag on for hours. Sometimes it takes months to work through a single FMEA. People are less willing to participate over time and it becomes difficult to complete the analysis.
There is a lot of confusion about detection. Risk of failure in an FMEA is estimated as a combination of severity (S), occurrence (O) and detection (D). There is a lot of discussion and confusion about how to characterize detectability, especially in a design FMEA. Is it detection for the design, or by the patient?
It is common to use work on different FMEAs for different types of risk analysis. There is a design-FMEA for product design, a process-FMEA for the manufacturing process, a software-FMEA for software and sometimes a use-FMEA for different use scenarios. It is not easy to link these different FMEAs to the risk of harm at the patient and user level.
Sometimes it takes months to complete the process! People are less and less willing to participate.
Here are a few ideas and best practices that emerged from our discussion:
Training: everyone in the design team to be formally trained in the FMEA method. Clearly understanding the scope of the FMEA and not confusing it with hazard analysis is important.
Planning: define the boundary of an FMEA, whether at the system, sub-system or component level. Plan ahead to outline a hierarchy and your approach to linking different FMEAs.
Right tool for the right job at the right time: do not mix failure analysis with hazard analysis. Select the most appropriate type of technique at different stages of the design and development cycle. A high level preliminary hazard analysis (PHA) may be sufficient at an early stage. More sophisticated techniques such as Fault Tree Analysis (FTA) and Event Tree Analysis ETA) should be used at a later stage. Linking each failure mode to one or more potential hazards is a good way to build a connection among different techniques.
Process: establish a documented and validated process for risk analysis. This process provide guidance for using the right tool for the right job at the right time.
Communication: educate your management. There will always be pressure to move fast. Find a way to clearly communicate trade-offs and consequences of your decisions. It is safer to go little slow and do it right.
About Roger Hill
Roger Hill is is a Mechanical Engineer with extensive experience in design, development, manufacturing and ongoing sustainability of medical devices. He started his career in the defense industry and later moved to the medical device industry in the early 1990s. His expertise includes design controls, verification and validation of hardware, manufacturing operations and process validation. He also mentors and teaches classes for biomedical and mechanical engineering students at the University of Texas at Dallas. .
About Let’s Talk Risk with Dr. Naveen Agarwal
Let’s Talk Risk with Dr. Naveen Agarwal is a weekly live audio event on LinkedIn, where we talk about risk management related topics in a casual, informal way. Join us at 11:00 am EST every Friday on LinkedIn.
Disclaimer
Information and insights presented in this article are for educational purposes only. Views expressed by all speakers are their own and do not reflect those of their respective organizations.
IEC 60812:2018: Failure Modes and Effects Analysis (FMEA) is a systematic method of evaluating an item or process to identify the ways in which it might potentially fail, and the effects of the mode of failure upon the performance of the item or process and on the surrounding environment and personnel.
ISO 14971:209: Risk analysis involves systematic use of available information to identify hazards and to estimate the risk. In the context of medical device safety, risk is defined as the combination of the probability of occurrence of harm and the severity of that harm.
In his book Hazard Analysis Techniques for System Safety, Clifton Ericson presents 33 different techniques organized in 7 different types. According to the International System Safety Society (ISSS), there are over 100 different techniques suitable for hazard analysis.
Some good points made by Roger Hill. Lack of training and overcomplicating the process are often the main reasons for delayed or improper risk assessments.