This is an interesting discussion, thank you for sharing it! I think a major mistake is to assume that one is only looking for extreme and catastrophic risks and therefore overlooking smaller less out there and harmful risks which are also equally important in the long run. Another mistake that is overlooked is the lifecycle process of risk management. Most companies, as expressed in the article, only work with this portion during product development. However, it is important to also look at the risk during post-market evaluation and see that the product is functioning as anticipated. Also, taking into account any complaints or concerns and further integrate into the risk management plan is equally important. To ensure a product is safe and with no flaws it is best for a company to make sure the product goes through a full cycle of analysis, especially smaller companies who depend on and target a small demographic.
I came across an article online that highlights 4 reasons why a company's risk management approach may be wrong. It was an interesting read and indicates the following as major errors:
1. Risk management and design controls are separate processes - Risk management and design controls both aim to ensure that medical devices are safe and effective. Companies should be able to demonstrate how risk controls lead to an improvement in product design, which results in design verification and validation.
2. Risk management is a "checkbox" activity - Instead of looking as risk management as an errand that can be done later, it should be looked at as an opportunity to improve product design. The ISO 14971 can be used as a guideline to figure out the steps of risk management and what should be documented.
3. FMEA is being used as risk management - Companies are trying to use FMEA to satisfy ISO 14971 Risk Management. While FMEA is about device failures, risk management is a holistic approach that analyzes risks involved with device usage and failures.
4. Risk management is not a lifecycle process - Many companies only perform risk management during product development but do not continue once production begins. Instead, the risk management file should be treated as a living document. Processes should be able to be updated according to complaints, feedback, CAPAs, and other events that occur after the product is out on the market.
What are your thoughts on these major mistakes that medical device companies make and are there others that you would like to add on?
http://blog.greenlight.guru/why-your-risk-management-approach-is-wrong
This was a good read. A lot of the improper risk management mistakes stem from the fourth highlight, and that is the fact that a lot of company or project managers only use risk management through one part of the product or project lifecycle and not the entire life cycle. Risk management is essential for the development phases of a product, but it has to continue to be used throughout the lifecycle and even after the lifecycle "ends". Also I think a common mistake is spreading those who are responsible for risk management to thin or sparsely, when they should be working as a team within a team.
This thread is loaded with some of the most common mistakes in risk management. Here are the top five that I have been able to find:
*A lack of security & business alignment
*Limited visibility
*Putting frameworks first
*Giving equal weight to every threat
*Failing to consider time elements
It is understandable that certain companies are not using the risk management processes correctly. Each part of the risk management process plays an import role for proper execution. The risk management process can requires a team outside the project management one in order to carry out all of the tasks. The risk management process includes analysis, evaluation, management, and measurement. Each phase comes with a process to overlook the product’s effectiveness. Combining design controls and the management process would cut corners and not be effective towards the project.
Each of these major mistakes can lead to the downfall of the device before or while on the market. Improper assessment data can lead to malfunctions, early release, and potentially death. Mishandled devices can cause irritation and complaint from the customers. It is best to follow all guidelines separately for the success of the product on the market and longevity for the users.
Looking throughout the thread to identify common risk management errors is a good idea. These mistakes are major and impact how long the product will be on the market. Each of these major mistakes can lead to the downfall of the device before or while on the market. Improper assessment data can lead to malfunctions, early release, and potentially death. Mishandled devices can cause irritation and complaint from the customers. It is best to follow all guidelines separately for the success of the product on the market and longevity for the users.
@jej7 I agree, lack of resources can lead to failures in risk assessment. I like the example that was given, with a poorly managed complaints department at a medical device company. This can be even further looked at from the point not even accepting complaints or feedback. If things aren’t up to date or considered at all, you can’t make a good ( or the BEST) decision on risk assessment for the product.
Some of the biggest mistakes and medical device companies make include but are not limited to designing the wrong product. Sometimes the market isn't big enough and in some cases there is no market to begin with. This happens when the focus is strictly on the technology without asking the more important questions or doing research on the market demand in and of itself. From risk management perspective you need to ensure that you are designing a product as opposed to a piece of technology or device. It needs to be a product that will make an impact on patients, physicians, technicians etc. Another mistake you can make is ignoring the reimbursement strategy or ignoring regulatory strategies altogether. Often medical devices are tied to regulation and the intended use of a device needs to be indicated and part of the essential design. This often results in not looking at the big picture and thinking about risk. Conversations with investors should not be that your beta testing device trying to solve tech issues because often that can result in someone getting hurt or killed in the process. You must understand the scope of the undertaking and not overpromise investors. Part of mitigating risk means testing the device in all different ways both clinically human performance and market-based factors. Another common mistake in risk management is committing to production too early. Until you're absolutely certain that your product is built to last and worth consideration and meets regulatory guidelines then it should not be mass produced until you have done all those things.
The prototype system is being exploited in product development since it does not consider important risk factors. I learned about this risk management blunder at the organization where I work, and I'm concentrating on the prototype issue here. The product is being built to learn about the escalating concerns with the outcome and to come up with practical remedies. The purpose of prototyping is to define the consumer requirements, not to make iterations of prototypes and try them out to refine them; the purpose of prototyping is to define the consumer requirements, and the risk analysis should be used to stage the development process to highlight frail components and set limits. During the development process, the firm recognizes what is beneficial to the development, while risk management identifies what might be detrimental to the development. To manage risks, the product should fulfill higher and lower limits in the process control development mode. When a customer is happy with the outcome, the upper limit is set, but the lower limit is unknown. The lowest limit varies based on the developers' and users' respective perspectives. The risk should be used to highlight all options, investigate the problem, and then accurately quantify the increased danger.
I'm quite surprised that there is no follow-through after production. This would be the main area that needs surveillance because even when a product makes it to mass production there are still risks and unplanned issues that will arise. Through my research I've found that risks management teams are not focusing on the upstream quality of their products, using disjointed software to organize their data, overlooking compliance, and underestimating the amount of work of FDA requirements. Failure to address these issues can lead to prolonged project times and possibly failure.
Some mistakes of risk management are ignoring opportunities. Project managers are human. Like most other humans, they often associate risk with bad things. Even highly trained managers ignore the possibility that an opportunity can come from a risk event. Successful project managers do not just aim to mitigate risk. Instead, they analyze it and see what moves to make to turn the risk into an opportunity. For example, if a major risk threatens resources to a more promising.
The mistakes that medical device companies have been making have been unfortunate to see. I believe these issues concerning risk management seem to be a pattern among companies. I have to agree with most of the posts above, analyzing the risk in production does not stop and all areas should be observed with equal amount of attention. Prior to this discussion I had little understanding of full cycle evaluations and its benefits, now I do believe full cycle evaluations will limit risk issues in medical device companies.
Hello,
The points highlighted in the article represent critical aspects of risk management in the context of medical device development, and they align with best practices in the industry. The first point about integrating risk management and design controls is particularly important. Connecting these processes ensures a cohesive approach, where risk mitigation strategies directly influence product design and contribute to the overall safety and effectiveness of the medical device. This integration is essential for meeting regulatory requirements and creating a more streamlined and efficient development process.
The second point addresses the common misconception of treating risk management as a mere checkbox activity. Instead, viewing it as an opportunity for continuous improvement aligns with a proactive and comprehensive approach to product development. Adhering to standards such as ISO 14971 provides a structured framework for risk management, guiding companies through the necessary steps and emphasizing the importance of thorough documentation.
The third point raises a key distinction between FMEA and holistic risk management. While FMEA is valuable for identifying potential failures in a device, risk management extends beyond failure modes to analyze the broader risks associated with device usage and its impact on patients, healthcare providers, and other stakeholders. Understanding this distinction is crucial for developing a comprehensive risk management strategy.
Finally, the fourth point emphasizes the importance of treating risk management as a lifecycle process. Many companies focus on risk management during the product development phase but neglect to continue these efforts once the product is on the market. Treating the risk management file as a living document allows for ongoing updates based on post-market events, customer feedback, complaints, corrective and preventive actions (CAPAs), and other relevant information.
In addition to these points, another common mistake is underestimating the significance of communication and collaboration across different departments within a company. Effective risk management requires input from various stakeholders, including engineers, regulatory affairs, quality assurance, and marketing teams. Ensuring open lines of communication and collaboration can prevent silos of information and contribute to a more comprehensive risk management strategy.
