Evolution of Risk Management in Medical Devices: The Significance of ISO 14971 Revision

By /

Evolution of Risk Management in Medical Devices: The Significance of ISO 14971 Revision

Introduction

All medical devices inherently carry some level of risk. The ability to estimate and control this risk is critically important. Since risks cannot be tested directly, comprehensive consideration must occur before the design phase begins.

The ISO 14971 Revision: A Pivotal Update

The revised version of ISO 14971 “Application of risk management to medical devices” was officially released in December 2019. Prior to its formal release, the Final Draft International Standard (FDIS) was published in May 2019. ISO 14971 had exceeded its maintenance cycle twice, making this revision the result of twelve years of development since the 2007 version.

The primary reason for the extended timeframe before revision was the concern about the broad impact of significant changes. Over 100 international standards reference ISO 14971, meaning that substantial modifications could affect numerous regulatory frameworks and implementation practices worldwide. This necessitated careful consideration of the compatibility between the revised standard and existing regulatory requirements.

The Strategic Division: ISO 14971:2019 and ISO/TR 24971

In the revised version, the majority of the annexes from ISO 14971:2007 were transferred to ISO/TR 24971. “TR” stands for Technical Report, which provides detailed guidance on the methods (How) for achieving compliance with ISO 14971. ISO/TR 24971 was published in 2020 and has become an essential reference material for practical implementation.

The issuance of a Technical Report carries significant meaning. The ISO 14971 standard body itself contains requirements (What), not explanations of Why or How. If the standard body included detailed implementation methods, companies that deviate from those specific methods could be subject to regulatory scrutiny, even if their alternative approaches are equally valid. By keeping the standard body focused on What while relocating implementation guidance to ISO/TR 24971, the standard maintains flexibility while providing practical direction.

To understand ISO 14971 accurately and appropriately, one must engage with ISO/TR 24971. The complementary relationship between the standard body and the technical report is crucial. Only through understanding this interplay can the true nature of the risk management process become apparent.

Expanded Scope: Adapting to Technological and Environmental Changes

ISO 14971:2019 incorporates updates and additions reflecting new technological domains and changes in medical device usage environments. In today’s networked society, medical devices are increasingly connected to the internet. However, this connectivity brings threats such as cyberattacks and requires strengthened security measures. Cybersecurity considerations now form an integral part of risk management rather than being treated as a peripheral concern.

Furthermore, medical devices are no longer confined to hospitals and laboratory settings. Consider the automated external defibrillator (AED) encountered in a railway station concourse, used for the first time by untrained individuals without reading instructions while surrounded by onlookers. Blood pressure monitors and electrocardiograph systems must function reliably even when subjected to vibrations during emergency transport in ambulances. Pen-type injectors may be used by children in home settings. As the usage environments of medical devices become increasingly diverse and complex, risk evaluation based on actual real-world usage scenarios has become indispensable.

Usability: A Critical Dimension of Risk Management

A pressing concern in contemporary medical device regulation is usability. Many people understand usability simply as “ease of use,” but this conception is incomplete. Making something deliberately difficult to use also constitutes usability engineering. For example, the ignition mechanism on disposable lighters is intentionally made stiff to prevent children from accidentally causing fires. Usability, in the context of medical devices, refers to requirements designed to avoid and mitigate human errors arising from the device interface.

Medical device accidents are understood to occur due to gaps between the designer’s intent (as expressed in instructions for use) and the user’s interpretation and behavior. As medical devices become increasingly diverse and complex, the ability for users to intuitively operate them becomes crucial. Additionally, even when operations are performed incorrectly, fail-safe mechanisms must function to maintain safety.

Regulatory Requirements for Usability

The primary standard addressing usability is IEC 62366-1:2015+A1:2018. In Japan, this standard has been published as JIS Z 13241-1:2021, and the process of establishing it as a regulatory requirement for medical device manufacturers is underway. With the strengthening of Quality Management System (QMS) regulations for medical devices, the implementation of usability engineering has become increasingly critical from a regulatory compliance perspective.

The Challenge of Proper Interpretation

Nevertheless, both ISO 14971 and IEC 62366 present substantial technical complexity. Furthermore, different companies sometimes adopt different interpretations of these standards. What is required is the understanding of the fundamental principles underlying international standards, coupled with proper interpretation adapted to the specific characteristics of each organization’s medical devices, and finally, appropriate implementation of these concepts. Regulatory competence in the medical device field depends on this comprehensive approach to standards-based risk management.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top