For medical devices, the benefits must outweigh the risks, i.e. the risks must be controlled. If a manufacturer provides unacceptable risks at the risk analysis, he must minimise these. The Medical device directive requires that manufacturers, proceed in the following order:
Risks can be minimized at all levels of product development:
Most companies document risk control measures in a table that they call the "FMEA table".
What do you think, is the most frequently cited measure? The title of this entry suggests the answer: Test. Test as a measure for reducing risks. Does that work?
To do this we must look at the definition of risk: A risk is defined according to ISO 14971 as: A combination of the probability of HARM occurring and the SEVERITY of that HARM
Does testing change the probability or the severity? As you don’t change anything when the product is tested, it’s not likely that you will change the probability of harm occurring or the severity, that would stem from a defective product. Tests do not minimize risks! However they may justify the assumption of a certain probability.
In our discussions on the concepts of risk management my Medsoto partner Sven Wittorf has drawn attention to a tragic example of a measure to control risks that induced new risks.
As part of the risk analysis of the Airbus, it was noted that a hazard is created when you accidentally press the thrust reverser in the air. As a measure to control risk, they therefore chose a mechanism that only allows the thrust reverser to function when the aircraft is no longer in the air, which was recognized by the wheelspin. Unfortunately, this led to the wheels touching the ground, but not immediately starting to spin (aquaplaning), because the runway in Warsaw was flooded. The aircraft could no longer break and shot past the the runway and there were fatal consequences.
Today, we no longer evaluate the rotation of the wheels, but the weight on the chassis in order to determine whether the aircraft is on the ground.
In many risk analyses little thought has been put into the risks that can be introduced by risk control measures. Even the risks that are originally identified are rarely evaluated completely and correctly.