From a distance view risk management seems simple and straightforward. For instance if you have a medical device, you evaluate its potential risks, mitigate those risks, monitor them over time, and you’re done. It seems to be easy, right? It happens if only life was so straightforward. The reality is that risk management is one of the more complex aspects of regulatory compliance, simply because risk comes in so many flavors and perceptions of severity. Plus the probability of harm actually occurring can be estimated quite differently. A quality risk management plan is one of the safest, easiest and most affordable ways for a company to mitigate risk. There are plenty of myths that businesses believe regarding risk management, which in turn prevent businesses from operating at their maximum potential. These myths can undermine a company’s risk management program and inflict financial destruction. This article highlights five myths in an effort to sidestep them.
1. Post-market Surveillance and Complaint Handling are Similar
It is understandable scenario that Post Market Surveillance (PMS) is more or less similar to complaint handling. All the medical device companies spendenormous efforts in being compliant with U.S. Food and Drug Administration (FDA) complaint handling requirements. Yet, they fail to understand the distinction and believe that the post-market activities are discretionary.
Post market surveillance thought to be a comprehensive set of activities in monitoring the products performance in marketplace. To follow few of the post-market surveillance sub processes is a good practice to sustain in the market. They are,
- Right data collection and analysis
- Patient safety and product risk assessment
- Global regulatory reporting with corrective and preventive actions as needed
- Communicating and disseminating the information to the stakeholders
Collected data should be from active, and passive surveillance, the level and type of activity depends on the product risk. Risk management plan should include in avoiding post market surveillance issues. Some of them are documentation of decisions based on risk analysis, adequate reactive postmarket surveillance that is appropriate for medical device.
2. Design is not responsible for Use Error, User is Responsible
To mitigate the risk one among the easiest ways are providing safety information to the user in the reading material. When it comes to reality many of the users do not read it, yet it can’t be predicted as the root cause of the risk for user error. Therefore it is difficult to focus on any changes inherent to the design can be made or any protective measures can be implemented. For medical device risk control one cannot rely on the safety information alone.
3. Investigation on Complaint Is Not Needed Unless a Device Is Returned
Some firms believe that they are absolved from investigating on the complaint given, if they are unable to get back the device, but it is not correct. According to FDA Code of Federal Regulations (CFR) 820.198(b), all manufacturers should evaluate and review received complaints to determine whether the investigation is necessary. In case, no investigation was done, manufacturer should maintain a record along with reason for no investigation and also should include the responsible person’s name. In addition, manufacturer should check if similar investigation has already been performed for a similar complaint where another investigation is not required.
If any firm is unable to get back the device or retrieve the information needed to investigate the complaint, it is always good to document those functions. It is a good faith effort to get the patient centric, product information, but most often firms fail to get patient information before, during, and after the malfunction of the device. This information is very much needed for conducting investigation for accurate medical device regulatory reporting.
4. Why to invest in loss prevention, Buy Insurance
Investing on the property without insurance is a moral hazard. Insuring the property with a policy will cushion some of the financial consequences due to loss that can save from the moral hazards attitude of indifference. Best accounts blend their risk management with insurance against financial uncertainty so that the insurance companies grant favorable coverage terms to the risks.
Though insuring the risk is a good thought, there always an alternative methodology is open to be a loss free that’s none other than having no claims. Ofcourse it’s a bit tough task yet can achieve with a team support right from the beginning of device manufacturing. Another way of risk free is having a strong risk management program in the company which helps in preventing defects and malfunctions. Strong risk management also may include legal review of warnings, labels, promotional and marketing materials. It may also surrounded with state-of-the-art manufacturing and design, may reflects the documented history of prompt, appropriate response to FDA concerns. Insuring risk and strong loss control programs are the harmonizing features of sound risk management.
5. FMEA is our risk management file
Failure Mode and Effects Analysis (FMEA) developing would be extremely methodical and very much detailed. FMEA is one of the popular techniques in assessing what can go wrong and understanding its impact on failure. As per the ANSI/AAMI/ISO 14971:2019, risk management process needs to identify hazards, estimate, evaluate & control the risk, and finally monitor the effectiveness of the controls. Thought it looks like FMAE covered many of these elements, still FMAE itself is not a risk management file. One of the reasons why FMAE is not sufficient in identifying the hazards is, some variation of FMAE may express the effects of a failure as a resulting hazardous situation. FMAE cannot explain how hazards may be recognized but Annex E in ANSI/AAMI/ISO 14971:2019 provides some hazard identification guidance. Finally FMAE is just one among the many techniques with advantages and disadvantages, which alone does not sufficient in estimating and evaluating the risk.