Intro to Medical Device Development

Quality Management Systems

Risk Management

Usability Engineering
What is Quality?
 What is Quality?
Quality
Per ISO 13485:2016
• Ability to consistently meet customer and applicable regulatory requirements

Quality System Regulation

Per 21 CFR 820.3
• Quality system means the organizational structure, responsibilities, procedures,
processes, and resources for implementing quality management

Evolution of Quality
• Quality Control: Test/inspect components/finished products vs. approved
specifications

• Quality Assurance: Manufacture quality into product

• Quality System: Design and manufacture quality into products

 ISO 13485
is a global standard which describes how to set
up and maintain a quality management system.

• Management Responsibility
• Resource Management
• Product Realization
• Continuous Improvement
FDA Guidance: 21 CFR 820
 Records, Documents, and Change
Controls
• To assure only current documents are used
and all records are maintained.
• To make sure changes are reviewed, approved,
and incorporated into documents.
• Documents are maintained for the required
length of time
 Device Master Record
• Device master record (DMR) means a
compilation of records containing the
procedure and specifications for a finished
device
 Device Master Record
• DMR includes:
1. Device specifications
2. Production process specifications
3. Quality assurance procedures and
specifications
4. Packaging and labeling specifications
5. Installation, maintenance, and servicing
procedures and methods
 Device History Record
• Device history record (DHR) means a
compilation of records containing the
production history of a finished device.
 Device History Record
• DHR includes:
1. Dates of manufacture
2. Quantity manufactured
3. Quantity released for distribution
4. Acceptance records which demonstrate the
device is manufactured in accordance with
DMR
FDA Guidance: 21 CFR 820
 Corrective and Preventative Actions
(CAPA)
• To collect and analyze information to identify
actual and potential product and quality
problems
• To investigate product and quality problems
and take appropriate and effective corrective
or preventative action
• To verify or validate the effectiveness of
corrective and preventive actions
 Corrective Action
• Correction is an action to eliminate a detected
nonconformity
– Could be a design rework
• Corrective action is to eliminate the cause of a
detected nonconformity.
– There can be more than one cause
– Goal is to prevent recurrence
 Preventative Action
• Preventative action is to eliminate the cause
of a potential nonconformity or other
undesirable situation
– There can be more that one cause
– Action taken to prevent occurrence
 CAPA Planning
How can we detect nonconformities?

How can we figure out the cause of a

nonconformity?

How can we predict the potential occurrence of

a nonconformity?
 CAPA Planning
• Establishing Data Sources and Criteria
• Measuring and Analysis of Data Sources
• Improvement Plans
• Input to Management
 Data Sources
Internal Sources External Sources
• Process control data • Complaints
• Test/inspection data • Supplier controls
• DHR • Adverse event
• Internal audits reports
• Training records • FDA
• Similar devices on
the market
 Data Analysis
• Use risk-based and statistical approaches to
detect recurring quality problems and assign
high risk/impact/priority to items
• Investigate to determine root cause of
nonconformities
• Identify actions to be taken:
– Corrective Action
– Preventative Action
 Verify/Validate and Implement CAPA
• Verify or validate the corrective and
preventive action to ensure that such action is
effective and does not adversely affect the
finished device
• Implement and record changes in methods
and procedures needed to correct and
prevent identified quality problems
 Risk Management
Application of risk management to medical
device requires you to have a Risk Management
Plan.

ISO 14971 is a guidance on how to set up a risk

management plan
 Risk Management
• Risk Analysis
• Risk Evaluation
• Risk Control
• Risk-benefit analysis
• Risk arising from risk control
 Risk Analysis
It is the process of identifying risk and hazards.

Consider:
– Intended use
– Use environment
 Risk Evaluation
How do you evaluate risk?
Per ISO 14971, Risk is the product of a hazard’s
severity and probability of occurrence.

Risk = Sev x Occ

= Risk Product Number (RPN)
 Quantifying Risk
A company can explain and justify their risk
scoring system in their Risk Management Plan.

The Plan will also explain what risks are

acceptable and which are not.

Example:
Quantifying Risk
Quantifying Risk
 Risk Controls
Three types of risk controls:

Inherent Safety by Design

• Device uses a biocompatible material
Protective Measures
• Device indicates error state to user via LED
Information for Safety
• Device label has symbol stating Sterile
 Risk Controls
How do risk controls
affect the risk score?

Risk (RPN) = Sev x Occ

Pre-Control vs. Post-Control

 Risk-benefit Analysis
After controls are in place and risk is revaluated,
if there is any residual risk then a risk benefit
analysis is performed in order to determine:

•Do benefits outweigh residual risk?

•Do the risk controls introduce new risks to the
system?
 Risk Analysis Tools
Failure Modes and Effects Analysis (FMEA)
ID Potential Pre-controls Post-controls
Part or Failure Possible
Harm Risk Controls Conclusions / Comments
Function Mode Cause(s) Sev Occ RPN Sev Occ RPN
(Effects)
1 LEDs LEDs Fail LEDs not Loss of 2 2 4 INHERENT 2 1 2 Risk has been mitigated
or lose designed User SAFETY BY to the greatest possible
brightness for Indication DESIGN: extent.
proposed Designed to meet The risk controls do not
life of stress values in introduce new risks or
product requirements. new means to realize
PROTECTIVE risk.
MEASURES The residual risk is
LEDs shall blink acceptable and is
once to confirm comparable to other
operation. devices on the market
and thus the benefits
INFORMATION
outweigh the risks.
FOR SAFETY:
The IFU shall define
the LED legend and
describe the
condition detected
and recommended
user action.
 Documentation
All the risk management activities are
documented as:

Risk Management File (RMF)

–Specs
–Risk Analyses: FMEAs
–Verification Plans and Reports
–Traceability
 Documentation
All the risk management activities are
documented as:

Risk Report
–List of controls
–Residual Risks
–Risk benefit analyses
 Usability Engineering
Usability engineering incorporates human
factors into the design process.
This means:
• Gathering end-user feedback
• Anticipating use errors (risks)
• Demonstrating that design was correctly
adjusted based on gathered information
 Usability Engineering
IEC 62366 standard outlines the various tasks
that should be performed to ensure the
manufacturer has considered human factors.
• End-user feedback  Formative Studies
• Use errors (risks)  Use FMEA
• Correctly adjusted design  Summative
Studies
 Formative Studies
Include any feedback from end-users.
Manufacturers are encouraged to have multiple
studies.
The studies can be:
• Meetings
• Demos
• Thought experiments
• Hands-on use exercises
 Use-Error Risk Analysis
• Use-FMEA can be performed, however the
various use steps need to be defined

• Task analysis is performed the steps to setup,

use, and tear down/clean the device

• FMEA will then consider any use-errors that

can happen at every step
 Summative Studies
Summative Studies are where the manufacturer
verifies whether end-user feedback and
useFMEA risk controls were incorporated.
• Minimum of 15 of each intended user type
• Study protocol which defines device use steps
• Exercises which attempt at creating use errors
• Data collection with predefined pass/fail
criteria
Break
 Infusion Set
Apply what we learned to intravenous infusion
set.
• Product Requirements
• Doc Control
• Risk Analysis
• Usability Engineering
• CAPA
 IV Set
Intended Use and Use Environment
 Requirements
Considering the Intended Use and Use
Environments, what are some products
requirements we can think of?

Some devices have standards to guide

requirements.
 Document Control
• Create a Product Requirements document and
that now becomes Revision 1 under document
control.
• Responsible personnel approve the document
and it is now active.
 Risk Analysis
FMEA process
• Identify hazards
• Score Pre-controls
• Assign controls
• Score Post-controls
• Risk benefit analysis
 Risk Controls
Risk controls from the FMEA now become new
requirements.

We revise the Product Requirements document

from Rev 1 to Rev 2 by adding new requirements.
New requirements can be traced to the FMEA.

Once Rev 2 is approved, Rev 1 becomes obsolete.

 Usability Engineering
• Create Task Analysis

• Perform useFMEA

• Summative Study
 Production
Fast forward and we are in production. We have
a DMR and create a DHR for every production
lot.

Continuous improvement: CAPA

What can be monitored during production to
prevent nonconformity from happening?
 CAPA
Internal Sources vs. External Sources

• Corrective Action

• Preventive Action

• Verify and Document

Questions?