Quick Tip: A hazard is more than just a potential source of harm
The term hazard causes a lot of confusion. Ericson's Hazard Analysis Primer can help practitioners develop a better understanding for risk analysis.
The term hazard is generally defined as a “source of danger”, or a “potential source of harm”. In practice, these definitions cause a lot of confusion, especially when Failure Modes and Effects Analysis (FMEA) is used as the only technique for risk analysis. As an example, an FMEA is not useful to identify hazards in the normal mode of operation. Certainly, there is more to hazard analysis than FMEA!
We can learn from best practices developed in other industries where safety is more critical. In particular, the knowledge of system safety is more mature in defense, aerospace and automotive industries, which has led to significant gains in overall safety.
The Hazard Analysis Primer by Clifton A. Ericson II is a good starting point for understanding concepts and techniques of hazard analysis and applying them to medical devices.
Check out this book review to learn more and request a free copy (available for shipping only in the USA at this time)
Ericson attempts to resolve this confusion by providing a more precise definition of a hazard comprising three essential components:
Hazard Source (HS): a basic source of danger
Initiating Mechanisms (IM): initiating/causal events that transition a hazard from its dormant state to an active state (leading to a mishap)
Target-Threat-Outcome (TTO): consequences resulting from a mishap event.
These 3 elements of a hazard form the so called “hazard triangle”, which can be used to unambiguously define an individual risk.
In the medical device industry, an individual risk (of harm) is associated with a specific hazardous situation where a specific hazard is active as a result of a sequence or combination of events. In this context, the term hazard used in the medical industry can be viewed as the hazard source (HS), the sequence of events as the initiating/causal mechanisms (IM) and the hazardous situation as the overall hazard itself. The harm resulting from a hazardous situation can be viewed as the target-threat-outcome (TTO) in Ericson’s model.
The main point is to recognize the need to define the hazard-sequence of events-hazardous situation combination for each individual risk in an unambiguous way so that the causal linkages are clear. Here, it is important to realize that a hazardous situation, and therefore an individual risk, can occur even when the device is operating normally as intended. This level of clarity is needed to accurately estimate each risk and to ensure completeness of risk analysis.