未分類

Understanding FMEA in Pharmaceutical and Medical Device Industries

Understanding FMEA in Pharmaceutical and Medical Device Industries

Introduction to Detailed Risk Assessment

The “Guideline for Proper Management of Computerized Systems” issued by the Ministry of Health, Labour and Welfare (MHLW) of Japan, which came into effect on April 1, 2012, states in Section 5.1 “Preparation of Documents Related to Overall Validation Plan” that “when necessary, detailed risk assessments should also be described in the validation plan.” However, the guideline provides no description whatsoever regarding the implementation method for such “detailed risk assessments.”

What exactly constitutes a “detailed risk assessment”? A detailed risk assessment is also known as “Functional Risk Assessment” and involves conducting risk assessments on a function-by-function basis for hardware and software. Typically, detailed risk assessments employ FMEA (Failure Mode and Effects Analysis), which is defined in IEC 60812 (the latest edition being IEC 60812:2018).

FMEA Implementation Process

FMEA is implemented through the following systematic steps:

Step 1: Function Identification Identify functions that may potentially affect product quality, patient safety, or data integrity. This involves a thorough examination of all system functions and their potential impact on critical quality attributes.

Step 2: Failure Event Analysis For each function identified above, examine potential failure events. For example, this might include scenarios such as data entry errors, system malfunctions, or communication failures. The key is to consider all reasonably foreseeable failure modes that could compromise the intended function.

Step 3: Risk Magnitude Evaluation Create a matrix comparing the severity of harm if a defective product reaches the patient against the likelihood of risk occurrence, and determine risk classification (Figure: Left Matrix). This evaluation focuses on the fundamental risk level based on two dimensions: the probability of occurrence and the severity of consequences.

Step 4: Risk Priority Determination Create a matrix comparing risk classification with detection probability to determine risk priority (Figure: Right Matrix). This step introduces the economic consideration of detectability into the risk management process.

Understanding Risk Priority Number (RPN)

Risk is defined as the product of probability of harm occurrence multiplied by severity. In Step 3 (Figure: Left Matrix), we evaluate the “magnitude of risk.” When reviewing this matrix, our natural tendency is to address risks in order of magnitude (red zones before yellow zones).

However, organizational resources are finite—time, cost, and effort are all limited. If we address risks strictly by magnitude starting with the highest (red), we may exhaust our resources before completing the medium-risk (yellow) items. Even medium risks are unacceptable when they reach patients or end users.

Therefore, in FMEA, Step 4 (Figure: Right Matrix) determines the “Risk Priority Number (RPN),” calculated as:

RPN = Probability of Harm Occurrence × Severity × Detectability

This represents an economically-oriented approach to risk management. While it is ideal to avoid or reduce risks through design, such approaches can be costly. By incorporating detectability, if a hazard can be detected when exposed, defective products can be prevented from reaching patients. In the pharmaceutical industry, this results in batch disposal, while in the medical device industry, it leads to rework procedures. As illustrated in the matrix, lower detectability results in higher risk priority.

Using FMEA can reduce the number of risks that must be addressed by approximately half, making risk management more efficient and economically viable.

Critical Distinction: FMEA in Medical Device Design vs. Process Design

FMEA Must NOT Be Used in Medical Device Product Design

Important Regulatory Principle: When designing medical devices, FMEA (specifically the detectability factor) must NOT be used as part of the risk management process.

Rationale: ISO 14971 (the international standard for medical device risk management, with the latest edition being ISO 14971:2019) does not define detectability as a component of risk. According to ISO 14971, risk is defined as the combination of the probability of occurrence of harm and the severity of that harm—detectability is explicitly not included in this definition.

For medical devices, regardless of detectability, any risk that exceeds acceptable levels requires risk control measures. This principle reflects the fundamental safety philosophy that patient safety cannot be compromised based on the assumption that failures will be detected.

Furthermore, RPN is irrelevant to patients and users from a safety perspective. The patient’s safety should not depend on how easily a failure can be detected during manufacturing or quality control. The device must be designed to be inherently safe, not relying on detection mechanisms as a primary risk control strategy.

Appropriate Use of FMEA: Process Design

FMEA, including the use of detectability and RPN, should be applied in process design contexts, such as:

  • Manufacturing process validation
  • Production line risk assessment
  • Quality control procedure development
  • Supply chain risk management

In these applications, detectability is a legitimate factor because:

  1. The design of the device is already finalized and inherently safe
  2. Process controls can effectively prevent defective products from reaching patients
  3. Detection mechanisms (such as in-process testing, final inspection, and quality checks) are part of the overall quality management system
  4. Economic considerations are appropriate when determining where to allocate quality control resources

Comparison Table: Design FMEA vs. Process FMEA

AspectMedical Device DesignProcess Design
Applicable StandardISO 14971:2019IEC 60812:2018, Industry Guidelines
Risk DefinitionProbability × SeverityProbability × Severity × Detectability
Detectability UsageNOT applicableApplicable
RPN UsageNOT appropriateAppropriate for prioritization
Primary FocusInherent device safetyManufacturing and process control
Risk Acceptance CriteriaBased on benefit-risk analysis, independent of detectabilityCan consider detection capability in resource allocation
Regulatory ContextEssential for regulatory approval (FDA 21 CFR 820, EU MDR)Part of quality management system (ISO 13485)
DocumentationRisk Management File required by regulationsProcess validation documentation

Integration with Modern Risk Management Approaches

ISO 14971:2019 Updates

The latest edition of ISO 14971 (published in December 2019) introduced several significant changes:

  • Enhanced focus on benefit-risk analysis throughout the device lifecycle
  • Stronger emphasis on production and post-production information
  • Clearer requirements for risk management file documentation
  • Updated alignment with global regulatory requirements

These updates reinforce the principle that device safety must be ensured through design, not through reliance on post-design detection mechanisms.

Complementary Standards

Medical device manufacturers should also consider:

  • ISO 13485:2016: Quality management systems for medical devices
  • ISO/TR 24971:2020: Guidance on the application of ISO 14971
  • IEC 62304: Software lifecycle processes for medical device software
  • IEC 60812:2018: The latest edition of the FMEA standard, which provides updated guidance on conducting failure modes and effects analysis

Practical Implementation Guidance

For Medical Device Designers

  1. Risk Analysis Phase: Use Functional Hazard Analysis (FHA) as the primary tool, focusing on potential harms and their severity
  2. Risk Evaluation: Assess risks based on probability of occurrence and severity only
  3. Risk Control: Implement design controls that reduce risk to acceptable levels
  4. Verification: Verify that risk controls are effective through design verification and validation
  5. Documentation: Maintain comprehensive risk management files as required by ISO 14971:2019

For Process Engineers

  1. Process FMEA: Apply FMEA with all three factors (severity, occurrence, detectability) to manufacturing processes
  2. Resource Allocation: Use RPN to prioritize where to implement process controls and monitoring
  3. Detection Methods: Establish appropriate in-process testing and final inspection procedures
  4. Continuous Improvement: Monitor process capability and adjust controls as needed

Regulatory Alignment

Japanese Regulations

  • MHLW Guideline for Computerized Systems (2012)
  • Pharmaceutical Affairs Law requirements
  • PMDA (Pharmaceuticals and Medical Devices Agency) guidance documents

International Regulations

  • FDA 21 CFR Part 820 (Quality System Regulation)
  • EU Medical Device Regulation (MDR 2017/745)
  • EU In Vitro Diagnostic Regulation (IVDR 2017/746)
  • ISO 13485:2016 certification requirements

Common Misconceptions and Clarifications

Misconception 1: “FMEA can be used the same way in both design and manufacturing.” Clarification: Design risk management for medical devices must follow ISO 14971, which does not include detectability. Process FMEA may include detectability for manufacturing optimization.

Misconception 2: “A high RPN in device design means the risk is unacceptable.” Clarification: RPN is not a valid risk metric for device design. Risk acceptability should be determined by the combination of probability and severity, evaluated against established criteria.

Misconception 3: “Detection controls can substitute for design controls.” Clarification: Detection is never an acceptable substitute for inherent safety by design. Detection may only supplement design controls in process management, not replace design safety measures.

Conclusion

FMEA is a valuable tool in the medical device and pharmaceutical industries, but its application must be carefully considered based on context. While FMEA with detectability and RPN is appropriate for process design and manufacturing optimization, it is fundamentally incompatible with medical device product design risk management as defined by ISO 14971:2019.

Medical device safety must be built into the design itself, not dependent on detection mechanisms. This principle ensures that patient safety is never compromised, regardless of how effectively failures might be detected during manufacturing or use.

By understanding and respecting these distinctions, manufacturers can implement robust risk management systems that satisfy both regulatory requirements and the ethical imperative to ensure patient safety. The appropriate use of FMEA, combined with comprehensive application of ISO 14971 for device design, creates a strong foundation for bringing safe and effective medical devices to market.

Key Takeaways:

  • Detailed risk assessment (Functional Risk Assessment) typically employs FMEA per IEC 60812:2018
  • FMEA with detectability and RPN is appropriate for process design, not medical device product design
  • ISO 14971:2019 defines risk without detectability: Risk = Probability × Severity
  • Medical device design must not rely on detection as a risk control strategy
  • Patient and user safety must be inherent in device design, independent of detection capabilities
  • Process FMEA can legitimately use RPN for resource allocation in manufacturing quality control
  • Regulatory compliance requires proper distinction between design and process risk management

References:

  • ISO 14971:2019 Medical devices — Application of risk management to medical devices
  • IEC 60812:2018 Failure modes and effects analysis (FMEA and FMECA)
  • ISO/TR 24971:2020 Medical devices — Guidance on the application of ISO 14971
  • ISO 13485:2016 Medical devices — Quality management systems
  • MHLW Guideline for Proper Management of Computerized Systems (2012)
Electronic Signatures in FDA-Regulated Industries Previous post How to Achieve Zero Observations in FDA Inspections Next post

Related post

Comment

There are no comment yet.