Risk Management of medical devices under MDR

All medical devices are associated with inherent risks of some level. It is imperative to understand the medical device’s specific risks to a patient. Under EU MDR 2017/745, risk management is a continuous and iterative process.

Manufacturers are expected to plan, document, and implement risk management strategies in this process. These strategies may either eliminate the risk or mitigate the overall severity of the risk.

Medical Device Risk- Definition      

As per Article II of EU MDR 2017/745, medical device risk is defined as ‘the combination of the probability of occurrence of harm and the severity of that harm’.

According to the definition, the strategies help prevent particular harm or risk and prevent severe harm.

Risk Management under MDR

Annex I section 3 of EU MDR 2017/745 mentions its requirements specific to the European medical device regulations. Manufacturers, under MDR, must implement the following aspects of risk management to be fully compliant.

• Establish and document its plan for each device
• Identify the known and foreseeable hazards associated with the device
• Estimate and evaluate the risks associated with, and occurring during, the intended use and during reasonably foreseeable misuse
• Eliminate or control the risks 
• Evaluate the impact of information from the production phase to the post-market phase on hazards and the frequency of occurrence of associated risks, the overall risk, benefit-risk ratio, and risk acceptability
• Amend risk control measures if necessary

While implementing risk control measures to design and manufacture devices, the following aspects must be considered. Manufacturers must:

• Eliminate risks through safe design and manufacture of the device
• Take adequate protection measures (such as including alarms) if the risks cannot be eliminated
• Provide information for safety (warnings/precautions/contra-indications) and training to users.

Certain medical device risks may be due to device usage errors. In Annex I Chapter I, MDR clearly states that such risks can be prevented by:

• Reducing risks related to the ergonomic features of the device and the environment in which it is intended for use
• Consideration of technical knowledge, experience, education, training and use environment, and the medical and physical conditions of intended users

How are device risks managed?

Risk management can be considered a 5-step procedure.

Step 1: Risk management plan

All these activities must be planned. The plan lays forth a strategy for risk management activities to be carried out throughout the product lifecycle.

This plan is documented in a risk management file containing the risk management plan and a risk management report.

Step 2: Risk assessments

Risk assessments evaluate the risk identified in normal and abnormal medical device use. Normal use of a medical device is the intended application of the device following all instructions by the manufacturer.

In contrast, abnormal use is when the medical device was used, violating the device instructions.

Step 3: Risk Control

Risks are controlled by implementing its plan. The risk-control measures chosen must be executed, and their effectiveness must be validated. This is done for an effective quality management system.

Step 4: Evaluation of residual risks

Complete elimination of risk may not be possible all the time. Therefore, it is imperative to identify the residual risk so that small and expected rather than massive, unexpected risks.

Step 5: Risk management review

As risk management is an iterative process, reviewing the risk control measures adopted and their effectiveness is imperative. This is ensured by post-market surveillance systems, clinical evaluation, and vigilance systems.

Maintaining updated risk systems and documents constitutes an effective quality management system for any medical device.