Understanding reasonably foreseeable sequence of events for ISO 14971 risk analysis
Feb 13, 2023A clear understanding of reasonably foreseeable sequence or combinations of events leading to hazardous situations is critical for identifying risks associated with the use of a medical device. In practice, this exercise becomes very difficult, especially if you are using an FMEA as the only tool for risk analysis in your process.
As we have discussed in a previous blog, Failure Mode Effects Analysis (FMEA) technique is best suited for failure analysis with the goal of improving product reliability. FMEA, by itself, is not sufficient for risk analysis in the context of ISO 14971 because it does not address risk of harm when the device is operating normally.
ISO 14971 requires consideration of reasonably foreseeable sequence or combinations of events that can result in a hazardous situation
As part of the identification of hazards and hazardous situations in clause 5.4. manufacturers are required to consider the reasonably foreseeable sequence or combinations of events that can result in a hazardous situation.
This exercise requires a deeper understanding of the term hazard, and how it can become "activated" following an initial event, that triggers a sequence or combination of other events leading to a hazardous situation where the patient or user is exposed to that hazard.
An individual failure mode identified in an FMEA may be an initial event, or it may be involved in a sequence of event triggered by another initial event. However, it is not a hazard or a hazardous situation in itself; rather it may facilitate the activation of a hazard as part of the sequence or combination of events.
This fundamental understanding is needed to appreciate why relying on an FMEA as the only tool for risk analysis in the context of ISO 14971 is problematic.
Let us first look at the link between an initial/trigger event and sequence of events that can result in a hazardous situation and harm.
A key insight is that the link from a trigger event to hazardous situation is not always linear. After a foreseeable sequence of events lead to a hazardous situation, further intervention may itself lead to additional sequence of events a new hazardous situation. As a result, identifying and outlining a sequence or combination of events becomes quite challenging in a linear analysis tool such as an FMEA.
Consider the following example from ISO/TR 24971:2020, which analyzes the situation of a line voltage (220V) of an insulated wire beneath a cover of a medical device. One specific sequence of events leading to the exposure to line voltage may include the following events:
- Insulation material is damaged by cracks
- Insulation material falls off the wire
- User connects and turns on the device
- User remove the cover
- User touches the wire
Here, only the first event is the effect of a specific failure mode, which may itself be due to one or more causes. Cracks in the insulation may be due to inadequate material selection, or deterioration in material properties due to environmental conditions outside the design specifications. We will generally identify a specific failure mode and all potential causes in separate lines within an FMEA.
We cannot directly link the subsequent events in this sequence of events to the specific failure mode in an FMEA. That is why, FMEA is not the right tool to outline the many different sequence or combination of events that may lead to hazardous situations.
Anatomy of reasonably foreseeable sequence or combination of events
Let us now understand the concept of reasonably foreseeable sequence or combination of events in more detail. First, we will look into each term to clearly understand how it may be defined and/or understood according to the Merriam-Webster dictionary.
Reasonable: being in accordance with reason; not extreme or excessive; moderate, fair; inexpensive; having the faculty of reason; possessing sound judgment.
Foreseeable: being such as may be reasonably anticipated; lying within the range for which forecasts are possible.
Sequence: a continuous or connected series; order of succession; a consequence, result; continuity of progression.
Combination: a result or product of combining; an ordered sequence; a subset of a set considered without regard to order within the subset; the act or process of combining.
Event: something that happens; an adverse or damaging medical occurrence; a postulated outcome, condition or eventuality; a subset of the possible outcomes of an experiment.
Clearly, there is a lot to the notion of "reasonably foreseeable sequence or combination of events" and it is open to interpretation. It is not as simple as a cause and effect that you identify in an FMEA.
There is an element of judgment involved in defining a reasonably foreseeable sequence or combination of events
What is reasonable to one person may not be reasonable to another. It depends on the context and generally accepted norms.
Foresight may vary from one person to another based on their experience level with the specific device and its use. Further, foresight will evolve over time as new information becomes available from the post-market phase of the device lifecycle.
As we have seen in the figure above, linking the initial event to hazardous situation is not necessarily sequential or linear. Each individual event in a sequence may have branches leading to other events in another sequence.
As a result, you need a different analytical technique which can support a non-linear analysis to do this right. You also need a cross functional team with a broad range of experience, skills and critical thinking. You should not be guessing and thinking about imaginary or hypothetical scenarios. FMEAs are the domain of engineers, but they are not always good at articulating reasonable sequence of events in an actual use scenario. You have to include medical or clinical professionals who have knowledge of the specific procedure where the device is used.
Event tree analysis is more suited for reasonably foreseeable sequence of events
Annex B in ISO/TR 24971:2010 identifies several techniques that support risk analysis. One such technique is Event Tree Analysis (ETA), which starts from an initial event and builds the sequence or combination of events that can lead to a hazardous situation. It is an inductive technique, similar to a Fault Tree Analysis (FTA), except that it starts from an event and builds the future progression of events, instead of starting from an outcome and drilling down into contributing factors in the FTA.
Keep in mind that the initial event does not have to be a fault (component level) or failure (device/system level). It can also be a reasonably foreseeable misuse and factors related to environmental conditions, as well as patient-specific factors.
The objective of the ETA analysis is to estimate probabilities of individual events, using conditional probability rules based on the probability of the prior event(s). The end result then allows us to estimate the overall probability of occurrence of a specific sequence of event, which can be related to the probability of occurrence of a hazardous situation (P1).
The figure below illustrates this concept.
It is obvious from this example that this analysis cannot be done in an FMEA!
How to think about sequence of events
In her book "Engineering a Safer World", Nancy Leveson links conditions and events through a cause-and-effect relationship as shown in the following figure. This concept is useful to understand the relationships between events, whether in a specific sequence, or in a combination of events with many different branches.
Let us take the following example:
- Initial Condition: A rapid antigen test for COVID-19 gives a false negative result to a person who has no symptoms but is infected
- Event A = Negative COVID-19 result
- New condition - an infected person is now a carrier of the virus which may infect another person
- Event F = second person infected who comes in contact with this individual
- Events B, D, E= the first individual develops symptoms, their condition worsens and they are taken to the hospital
- Event E - second person who was infected also develops strong symptoms and they are taken to the hospital
- Event C - the first person develops symptoms, but is able to recover with minimal treatment
Note that we can estimate the probability of each event, based on the prior event(s) if we are able to outline the event tree structure in this analysis.
In conclusion
- ISO 14971:2019 requires medical device manufacturers to consider reasonably foreseeable sequence or combination of events that can lead to a hazardous situation (clause 5.4).
- This analysis is best conducted using the Event Tree Analysis (ETA) method with a cross-functional team which includes medical/clinical professionals with knowledge and experience in the actual use environment for the medical device.
- FMEA is not suited for identifying sequence of events because it focuses on individual failure modes, their causes and effects with the goal of improving product reliability. FMEA is a linear technique that cannot help us identify relationships between events involved in a specific sequence or combination.
- ISO 14971 does not mandate documenting the sequence of events, however it is important to do it right to correctly identify all potential hazardous situations.
- Risk mitigation in the context of ISO 14971:2019 should address different opportunities in the sequence of events, not just the initial event.
Continue learning
If you are interested in building a solid foundation of knowledge in key terms and basic principles or risk management, consider taking this on-demand, Fundamental of ISO 14971 training course. It is designed to help you build mastery of 25 key terms and basic concepts. Click below to receive a special offer!