Risk Management Plan

Medical Center Risk Management

August 2, 2013

Risk Management Plan

1. Introduction

Risk management is mostly defined as the systematic applications of management. Risk management is to be integrated with different activities like device design control activities and other compliance activities. The main importance of applying risk management to medical devices is to provide the patient with safety. In risk management, the risk evaluation process is a key step.

1.1 Risk Management Procedures

Risk management involves a three-step procedure:

1) Hazards Identifications:

The hazard identification process should account not only for hazards directly related to the medical devices, such as designs and manufactures, but this is also used in the clinical worlds.

2) Risks Assessments:

In risk management, it includes some difficulties of risk assessments are difficult of measurement of the quantities, potential loss and probability of occurrence. There is more chance of errors to measure these contents . Risks with more potential loss and a less probability are often treated differently from other less potential loss. In practically, it is more difficult to manage, but in theory. it is nearly equal priority. The risk assessments face many problems like rareness of resources, specifically time.

Expressed mathematically:


3) Risks Mitigation:

Risks mitigation is the process of an organization defining the measures to minimize or the process by which an organization introduces specific measures to minimize or remove unnecessary risks and operations. Risk mitigation is also the process of developing some options and actions to increase opportunities and reduce damage to project objectives. Risk mitigation handling options include:


Acknowledge the existence of risks, make decisions about medical devices and accept them without engaging in special efforts, which is controlled.


Adjust program requirements or constraints to eliminate or reduce the plan risks. This is used to avoid the financial or technical problems.


Reassign organizational accounts and responsibilities and provide the authorities to different people who have the ability to accept the risks


Monitor the environment for changes that affect the nature and/or the impact of the risk.


Implement actions to minimize the impact or likelihood of the risk.

1.2. Principles of Risk Management

The organization identifies the following principles of risk management:

  • Important part of the organization process
  • A part of the decision-making process
  • Systematic and structured
  • Tailored
  • Takes human factors into account
  • Transparent and inclusive
  • Dynamic, iterative and responsive to change
  • Capable of continual improvement

1.3. Risk Management Process

  • Establish a process to manage and control the risks.
  • Document your organization’s medical device risk management process.
  • Maintain your risk management process for every medical device.
  • Apply your risk management process.


2. Medical Device Risk Analysis

Medical devices are providing risk analysis services. Risk analysis is a structured tool for the evaluation of potential problems. Risk analysis could be encountered in connection with the use of anything, like driving a car or using medical devices. Risk analysis of medical devices includes:

  • Achieve compliance to ISO 14971.
  • Perform a Fault Tree Analysis (FTA) on your device.
  • Include a compatibility mode

2.1 Why should we perform risk analysis?

  • Risk analysis is now required by law.
  • Eliminates costs
  • Measure of protection from product liability
  • Regulatory submissions checklists used by the FDA

2.2 Ways of Risk Analysis

1) Hazard Identification: Toltec has experience with many types of medical devices and can assist you in understanding what hazards exist. The main examples of risk analysis of medical devices are as follows:

  • Electric shock
  • Hemolytic
  • Chemical poisoning
  • Mechanical hazards
  • Hypothermia
  • Fire

3. What is Hazard?

3.1 Hazard Detectability

Hazard detection accounts for the likelihood of discovering and correcting a hazard or failure mode prior to an incident. Detection of hazards provides an inverse relationship between the level of detectability and the degree of risk seriousness. Detectability should then be scaled such that increasing scores denote a decreasing likelihood of hazard detection.

3.2 Hazard Correctability

The hazard correctability factor rates the relative ease of mitigating a certain risk. It accounts for the associated feasibility and effort required in reducing a particular risk to the lowest practicable level. In other words, in assessing the level of hazard correctability, both the availability of technical solutions and their economic feasibility and budget constraints should be considered. Practicability has main two procedures, and these are as follows:

1) Technical practicability: Ability to mitigate the risk regardless of cost

2) Economic practicability: The ability to reduce a risk without making the medical device into an unsound economic proposition

3.3 Types of Hazards

1) Biological hazards: These include bio-contamination, bio-incompatibility, incorrect formulation, toxicity, allergen-city, mutagen-city, ontogeny, carcinogenicity, re-and/or cross-infection, progeny-city, inability to maintain hygienic safety and degradation.

2) Physical and Mechanical hazards: These include erroneous data transfer, lack of, functional checks, inadequate maintenance, lack of adequate, loss of electrical/ mechanical integrity, inadequate packaging, re-use and/ or improper re-use.

3) Others: These include electricity, radiation, volume, pressure, supply of medical gases and supply of anesthetic agents.

4) Medical hazards: Hazards related to the use of the medical device, etc. This medical hazard includes trained and untrained people, width, etc.

5) Energy hazards: These include heat, electrical vibrations, etc.

6) Communication hazards: These include mistakes and experts errors, complexes or confused systems or unknown devices and their states, etc.

4. Methods of a Risk Analysis

The risk analysis includes the three factors of risk assessment, risk communications and risk managements. This risk analysis is to assure that medical devices processed in healthcare institutions are sterile. A risk analysis is performed to identify the risks to reduce the likelihood of a sterilization failure occurring.

Step 1) Risk Assessment: The risk analysis begins with a risk assessment. The possible risks are reviewed and then rated to assess which risk or risks pose the highest vulnerability. The CSSD Risk Assessment form can be completed using the following steps:

  • The team categorizes the failures into processes or topics such as purifying, packages, etc.
  • The CSS techs then place their paper under the category that best describes the process failure.
  • A higher number is associated with a higher severity or degree of risk (hypothermia).
  • The issues identified during the brainstorming session are categorized and documented on the Risk Assessment form.
  • The rating is based on how severe the risk is or rather than how much harm it can do.
  • An undetected failure is important since that can increase the chance of an unsterile instrument being used.
  • To complete this form, the techs will determine if the department is prepared for this failure and designate a rating number for preparedness.
  • The risk score for each issue is tallied by adding the column scores for each row.

Step 2) Risk Management: Next are the risk managements, which perform some actions that are known for the risks rated as the highest in huge . This plan is used to reduce the failure of risk which is occurring when it is used . This is the part of the risk analysis which is used to eliminate the risks and to develop the plans.

Step 3) Risk Communication: A risk analysis should be conducted annually or whenever major changes occur. This step is used to provide communication between the different people for managing the risk plans.

5. General Requirements for Risk Management

1) National Regulatory Requirements: XXX shall establish, document and maintain a quality management system to ensure that all known potential risks within the field of application of risk management to medical devices are identified and that all relevant risks are controlled in such a manner that the products of our company do not harm the user/consumer.

2) Risk Management Process: The XXX shall establish and maintain a process for identifying hazards associated with devices, estimating and evaluating the risk and alternatives of the risks, controlling the risk and monitoring the risk. The XXX shall document the risk management processes, which include:

  • Risk Analysis
  • Risk Evaluation
  • Risk Control
  • Post-production Information

3) Management Responsibilities: There are many management responsibilities of general requirements. These are:
Policy: The top management of our company is committed with regard to evaluates, IDs, and risk controls, which is related to a safety plan. The risk management plan is used to communicate with the organizations so that they can easily understand the problems.

  • Displayed at various strategic areas
  • Existing members briefed by their respective heads on the policy
  • New members are to be briefed during their induction/orientation.

Suitability: The company’s management shall review the continuing suitability and effectiveness of the quality management system at defined intervals to fulfill the requirement of customers and authorities, satisfy the company’s stated risk management policy and meet the company’s risk management objective.

6. Qualification of Personnel

6.1 Task, Responsibilities and Authorities
The Managing Director is the leader responsible for overall system qualities, policies of risk management and objectives. The responsibilities and policies of risk management plan are as follows:

  • Identify any problems that relate to the products.
  • Initiate, recommend or provide solutions through designated channels.
  • Control processes and delivery of products until the deficiency or unsatisfactory condition has been corrected.
  • Verify the implementation of solutions.
  • To achieve the above purpose, the top management shall identify resource requirements.

6.2 Risk Management Team
XXX has set up the risk management teams, which are used for developing, maintaining, establishing and reviewing the system of quality managements. The managers or director of management has selected the technical manager as the quality management representative, who shall have the defined authority for:

  • Ensuring that a quality management system is established, implemented and maintained
  • Reporting on the performance of the quality management system to the management for review
  • Liaising with external parties on matters relating to the quality management system

6.3 Risk Management Plan
The risk management file is the subset of the risk management plan. These include following:

  • The scope of the plan
  • Identifying and describing the medical device
  • A verification plan
  • Allocation of responsibilities
  • Requirements for review of risk management activities
  • Criteria for risk acceptability

6.4 Risk Management File
The company will have to save and maintain the record of all the risk management activities in the risk management file for the particular medical device or accessory being considered.

7. Medical Device Users

A medical device can be easy for one person to use safely and effectively, but creates present problems for different people. On the other hand, the medical devices that are easy for a certain group of users to use safely and effectively could be difficult for different groups. The users have to needs the medical devices so that they users can use it safely and effectively.
7.1 Characteristics of Medical Devices Users
The main characteristics of medical devices users are as follows:

  • General health and mental state
  • Physical size and strength
  • Sensory capabilities (vision, hearing, touch)
  • Coordination (manual dexterity)
  • Cognitive ability and memory
  • Knowledge about device operation and the associated medical condition
  • Previous experience with devices
  • Expectations about how a device will operate
  • Motivation
  • Ability to adapt to adverse circumstances

7.2 Medical Device User Interfaces
A well-designed user interface will facilitate correct actions and will prevent or discourage actions that could result in hazards. The user interfaces are as follows:

  • All components of a device with which users interact while using it, preparing it for use or performing maintenance
  • Hardware features that control device operation such as switches, buttons, knobs and device features
  • It provides information to the user, such as indicator lights, displays, auditory and visual alarms.
  • The logic that directs how the system responds to user actions, including how, when and in what form information is provided to the user
  • Increasingly, user interfaces for new medical devices are computer-based.
  • The manner in which data is organized and presented
  • It includes the control and monitoring screens, screen components, etc.
  • The prompts, navigation logic, alerting mechanisms, data entry requirements, help functions, keyboards, mousse and pointers
  • The size and configuration of the device are important parts.
  • Device labeling, packaging, training materials and operating instructions
  • An important concept pertaining to user interface use-safety is error tolerance.
  • Error tolerance is the quality of a user interface that prevents or mitigates dangerous or disastrous consequences when an error occurs.
  • The logic of device operation can also determine its degree of error tolerance.

8. Document Risk Management Activities for Device Use

In risk management, it can help demonstrate that a manufacturer has addressed the needs of the intended users and documented the incorporation of human factors engineering (HFE). Submitting this documentation can streamline and facilitate, which is the part of the pre-market review process that is concerned with safe and effective device use. The information that should be included with the device use documentation is described below.

8.1 Device Overall

  • The purpose and operation of the device
  • The patient populations on whom the device will be used
  • The physical devices like shape, size and other related components
  • A comparison of device use with other devices currently in use that operate similarly or perform similar tasks
  • A description of how the device addresses the needs of intended users.

8.2 Device User Interface

  • The physical characteristics of the user interface
  • The operating logic of the user interface
  • Existing or anticipated labeling materials that will be provided to the user with the device
  • Labels on the device itself, packaging, operating instructions, and training materials.

8.3 Device Use

  • How the user interacts with the device user interface
  • How the device is set up and maintained
  • The primary tasks that the user is expected to perform

8.4 Device User Population

  • The intended population of device users
  • The characteristics of device user population that were considered during the design
  • The training and information tools that the user population will require to operate the device safely and effectively
  • The population of users for which the device is not intended to be used.

8.5 Device Use Environments

  • Environments for which the device is intended to be used
  • Environments for which the device is unsuited or can be expected to affect device performance

8.6 Use-Related Hazards

  • The use-related hazards that have occurred with similar, already marketed devices
  • The processes used to identify and prioritize use-related hazards
  • The use-related hazards that have either been identified during development or have occurred with this device during early testing
  • How significant use-related hazards were mitigated or controlled during design and development
  • Why strategies used to address use-related hazards are appropriate

9. Verification and Validation

The validation and verification process of medical devices are as follows: Testing and evaluation processes and results associated with determining.

  • Whether device use design considerations have been achieved
  • Whether intended device users can use the device safely and effectively in actual or simulated conditions
  • Medical device manufacturers are generally required to have a quality management system as well as processes for addressing device-related risks.
  • These processes for managing risk can evolve into a stand-alone management system.
  • Has general applicability to quality management systems for manufacturers that provides medical devices
  • Discusses risk management-related to medical devices risks
  • Does not suggest a particular method of implementation
  • Does not include requirements to be used as the basis of regulatory inspection or certification assessment activities

10. Scope of the Medical Devices

The scope of the medical devices is as follows:

  • Quality management system will define the applicability
  • Extent of implementing risk management principles and activities
  • The quality management system provides the processes and performed by suppliers to the manufacturer are the responsibility of the manufacturer.
  • The quality management systems are ultimately the responsibility of the manufacturer.
  • An effective quality management system is essential for ensuring the safety and performance of medical devices.
  • A well-defined quality management system includes safety considerations in specific areas.

11. Performance Measurements of Medical Devices

Performance measurement is the measurement of the accuracy of the medical device or the medical system. It is using by the standard measurement system whose accuracy is known and is the determination and the record of the deviations. It is established whether the medical devices are appropriate to the international standards or not. The problems are also determined if the device is not adequate to the international standards.
11.1 Objectives of Performance Measurements
In the objective of the performance measurement, the following procedures are observed.

  • The medical equipment inventory of the hospital is prepared.
  • The medical devices whose performance measurement is needed or not are determined.
  • Performance measurement intervals are determined.
  • Performance measurement procedures and measurement forms are prepared.
  • Performance measurements are performed in accordance with procedures at the location of the devices, and the measurement forms are filled.
  • The devices are labeled with the green or red sticker to highlight the performance measurement result.
  • Certificates are prepared for performance measurement.
  • Measurement results are interpreted according to the acceptance criteria in the international standards.
  • Certificates are archived of performance measurement.


  • Agarkhed Deepak Venkatesh, Nov 2012. Hazard Identification and Risk Anaysis [Online]. Available at: http://healthcare.financialexpress.com/sections/strategy/949-hazard-identification-and-risk-analysis accessed on: May 13, 2013
  • Derrico Pietro, Ritrovato, Nocchi Federico, Faggiano Francesco, Capussotto Carlo, Franchin Tiziana, Vivo Liliana De, 2010. Clinical Engineering IRCCS Ospedale Pediatrico Bambino Gesu, Rome, Italy Available at: www.intechopen.com
  • Global Harmonization Task Force 2000. Study Group 3 on Implementation of Risk Management Principles and activities within a Quality Management System SG3/N15R8
  • Jerry Krueger, Ray Ongirski, 2010. Implementing a Failure-Rate Enhanced PM Program. Journal of Biomedical Instrumentation & Technology, Volume 44 (6) Allen Press-Nov, 2010
  • Kaye Ron, Crowley Jay, 1999. Medical device Use-Safety: Incorporating Human Factors Engineering into Risk Management CDRH (Centre for Devices and Radiological Health), July, 1999.
  • M Ridgway, 2012-13. Analyzing Planned maintenance (PM) inspection data by failure mode and effect analysis methodology published by Unbound Medline [Online] Available at: Http://www.unbound medicine .com/medline/citation/12792943/Analyzing_planned_maintenance__PM__inspection_data _by_failure_mode_and_effect_analysis_methodology_Accessed on 14th may, 2013
  • Sezdi Mana Medical Technology Management And Patient Safety Istanbul University, Turkey
  • Sue Klacik, 2010. Risky Business: Risk analysis in CSSD Published by Healthcare Purchasing News [Online] Available at : http://www.readperiodicals.com/201008/2109413371.html Accessed on 13th May, 2013
  • Sydney South West Area Health Service Policy, Sept 2008. Medical Devices: Risk Assessment Of Difficult to clean Reusable Medical and Surgical Devices (RMSD)
  • Toltec International Inc, 2006. Medical Device Engineering [Online]. Available at: http://www.toltec.biz /index.htm. Accessed on 15th May, 2013
  • Youssef Nataly F., Hyman William A., 2010. Risk Analysis: Beyond Probability and Severity [Online]. Available at : http://www.mddionline.com/article/risk-analysis-beyond-probability-and-severity. Accessed on: May 12, 2013.
chevron-downarrow-leftarrow-right linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram