Whether risk mitigation through information is permitted regularly leads to discussions. The answer to this question is important because it determines the conformity and non-conformity of medical devices.
This article provides the answer and thus resolves a "historical misunderstanding."
All manufacturers are obliged to minimize the risks posed by their medical devices. In relation to the benefit of the device, the residual risks must be acceptable.
To minimize the risks, there are several types of measures. Laws such as MDR and IVDR and the risk management standard ISO 14971 specify these types and the order in which they must be applied (see Fig. 1).
Thus, there is no general prohibition of risk control or risk mitigation through information.
To answer the question of whether risk mitigation through information is permitted, an overview of the different types helps:
When harmonizing ISO 14971:2012, the harmonization service provider lawyers wrote in Annex Z:
… manufacturers shall not attribute additional risk reduction to the information given to the users…
Annex Z of ISO 14971
In doing so, the lawyers, unfortunately, lumped together two types of information:
The list of residual risks is ...
Instructions for action for the users ...
Team-NB also shared this assessment in a consensus paper in 2014.
With every electrically operated medical device, there is a risk of electric shock. This (residual) risk exists even if the manufacturer complies with all measures prescribed by IEC 60601-1 (e.g., on clearance and creepage distances). The manufacturer must enter and publish this risk in the list of residual risks.
The user can consider this information when making a risk-based decision for or against the use of the device. He cannot prevent the electric shock itself (e.g., in the event of a product defect). Accordingly, providing this information to the user is not a risk-minimizing measure.
If, on the other hand, the manufacturer specifies in the instructions for use that the technician must disconnect the mains plug before carrying out repairs and before opening the enclosure, then this is a clear instruction for action that, if fulfilled, minimizes the risk, namely, the risk of getting an electric shock when coming into contact with electrical components inside the device.
Risk mitigation through information is, therefore, perfectly permissible. A distinction must be made between:
The manufacturers must prove the implementation and effectiveness of risk-minimizing measures. Usability tests usually review risk-minimizing measures by information.
Training documents and instructions for use are part of the user interface and are, therefore, subject to the regulatory requirements for usability and within the scope of IEC 62366-1.
Do you still have questions about risk management? Then benefit from
This will ensure that there are no problems with audits and inspections of your technical documentation and no delays in the approval of your devices.