There is more to hazard analysis than FMEA
Feb 21, 2023ISO 14971 requires identification and documentation of hazards and hazardous situations as part of risk analysis. If you are using an FMEA as the only way to document applicable hazards and hazardous situations, you are likely facing some challenges in demonstrating completeness of your risk analysis activities.
FMEA is not hazard analysis
Use of the Failure Modes and Effects Analysis (FMEA) is common in the medical device for risk analysis. Although and FMEA can be tailored for different purposes, such as design, process, and software, it is not sufficient to identify and analyze hazards and hazardous situations for ISO 14971 compliance.
This is because an FMEA is primarily a failure analysis tool applicable for single fault analysis. Device failure modes do not represent a hazardous situation, although they may initiate a sequence of events that may lead to one or more hazardous situation. Further, a hazardous situation may occur even when a device is operating in the normal mode and there are no failures.
So, what is hazard analysis?
ISO/TR 24971:2020, the guidance on application of ISO 14971 describes hazard analysis as following:
"A preliminary hazard analysis (PHA) is an inductive method of analysis with the objective of identifying the hazards, hazardous situations and events that can cause harm for a given activity, facility or system."
Notice that this description does not mention failure modes. That is why hazard analysis is distinctly different technique from FMEA.
Clifton Ericson provides additional details about hazard analysis in his Hazard Analysis Primer book:
"HA (Hazard Analysis) is the act of performing a special analysis for the identification and evaluation of hazards".
Although, Ericson defines the term hazard differently than ISO 14971, his approach to HA is very similar to what is expected from risk analysis for ISO 14971 compliance.
Why does it matter if we use an FMEA for hazard analysis?
If you use an FMEA to link each failure mode to a hazardous situation through a specific sequence or combination of events, you may confuse the probability of occurrence of a failure mode with the probability of occurrence of a hazardous situation (P1). As we discussed in this blog, these two are not the same. This error can lead to inaccuracies in your risk estimation.
Second, additional failure modes may be involved in the sequence or combination of events initiated by a single failure mode. Generally speaking, it is not possible to analyze and document inter-related failure modes using a single fault analysis technique such as an FMEA.
Additionally, your analysis will not be complete because you are not able to identify hazards and hazardous situations that may arise when the device is operating normally and there are no device failures.
Using a top-down and a bottom-up approach for hazard analysis
As we discuss in our Hazard Analysis Made Easy webinar, there are two approaches to developing a link between hazard, hazardous situation and harms as part of your hazard analysis activity.
In the top-down approach shown in this figure below, you start with the end-effect, generally a harm experienced by the patient or the user. Using deductive reasoning, you can then build a sequence (or combination of events) all the way down to the initial/trigger event. As a reminder, the initial or trigger event does not have to be a device failure.
In this example, we are analyzing the situation where a patient is experiencing vision issues after receiving an intraocular lens.
It is recommended that you include your medical/clinical experts in this analysis to identify the most likely sequence of events that may have led to the top event. As much as possible, avoid guess work and rely more on actual field experience related to the specific medical procedure involving the medical device.
The bottom-up approach, on the other hand, starts with an initial/trigger event and builds up the sequence of events leading to a hazardous situation and harm(s).
As shown in the figure below, we are starting with the initial event where the balloon catheter fails to deflate. Note that there may be more than one failure mode, including use-error, that may have led to this initial event. Now, we can build up one of the sequence of events where the surgeon continues to pull the catheter back, which leads to the catheter tip separating and blocking the blood vessel. This may lead to one or more harms such as heart attack, stroke or death.
Again, it is highly recommended to include your medical/clinical experts to build the sequence of events and to identify the correct harms.
Finally, keep in mind that this exercise needs to be done in an iterative manner throughout the product lifecycle. As more information becomes available, you can refine your hazard, hazardous situation and harm relationship using these two approaches iteratively.
In conclusion
- Hazard Analysis is a part of risk analysis for ISO 14971 compliance.
- Hazard analysis involves identification of hazards and hazardous situation through the development of a sequence or combination of events starting from an initial or trigger event.
- Note that the initial or trigger event may not be a device failure.
- FMEA is not sufficient for hazard analysis.
- You can apply a top-down and a bottom-up approach in an iterative manner to build and update your hazard analysis throughout the product lifecycle.
If you want to learn more about Hazard Analysis, request a free copy of the Hazard Analysis Primer book by clicking on the image below.