Allowing Harm vs Causing Harm

[FRA 2 FDA]

We recently met to review the dHA and FMEAs for a device we have in development. It got derailed (for many reasons, honestly) but one reason in particular was that we went down a rabbit hole of the question between the device causing harm and the device allowing harm. I combed through 14971:2019 and didn't see this addressed. I also didn't see any discussions here about it. I thought it was going to be addressed in A.2.3 in the 2nd paragraph where it mentions unwanted pregnancy but then it turned into a focus on psychological harm or stress. What we want to know is how to handle a harm that is not caused by the device but is allowed by the failure of the device, where the purpose of the device is to prevent that harm. For example, if a restraint is applied to a patient to prevent that patient from self-extubating and the patient escapes from the restraint and self-extubates, the harm is a harm that existed without the presence of the device and is no worse than it would have been. So, would it be excluded from the FMEA? Would it be considered but at a lesser severity? Would it be treated the same as any harm that the device itself actively presents? This may be a really stupid question with a completely obvious answer and if so, I apologize. But we went so far down the rabbit hole, I can't see daylight anymore. Will appreciate someone shining a light for me!

 

[AndrewK]

i would threat it in same manner to be on the safe side. Allowing Failure to happen and causing failure - lead probably to the same effect of failure- so i would choose Highest severity base on the possible effects for both

 

[Bev D]

What an interesting question! I can see how you went down a rabbit hole. Absent a requirement in a standard or regulation (which I have not looked for and have no knowledge of) this is a very interesting ethical and quality question.

@Tidge @Ed Panek and others:
If any one here knows of a regulatory answer to this question please let us know…

Given the example of a contraceptive or a diagnostic disease test etc. there are publicized (label claim) failure rates. I believe that legal rulings have upheld the ‘CYA’ of these rates. As long as the thing doesn't exceed the rate then the manufacturer is not liable. Of course then we must discuss Purdue pharma’s unsubstantiated claim that <1% of opioid users get addicted. This was irrefutably proven false and Purdue was held liable. I also remember that the FDA required HIV tests to 100% accurate because of the harm of a false negative. (It’s been awhile so I might be a bit off in my memory here). So some things are expected to work 100% of the time (exclusive of natural disasters and violent aggression I suppose….thinking of defects that result in the loss of life or serious injustice/damage (such as defective vehicles and airplanes).

Absent a regulatory requirement I would advise AndrewK’s approach. Do everything to understand the probability of occurrence, have the data from rigorous analytic studies to back it up, publicize it and do everything possible (to a reasonable level whatever that is) to mitigate or prevent a failure that would allow harm that the thing is intended to detect, prevent or reduce…

 

[Ed Panek]

I'll try to give a hypothetical example.

A company is developing a SaMD that predicts fever up to 1 hour in advance. It relies on the patient wearing a soft patch thermometer in their axilla broadcasting temperature readings every 6 minutes to a Bluetooth gateway. During our risk analysis, it's decided to create a 2x2 matrix with the possible outcomes.

We predict a fever event that does later occur,
We Predict a fever event that does not later occur
We don't predict (miss) a fever event
We don't predict a nonfever event

The only substantially risky item was predicting a fever that isnt real. The other 3 have the same risk profiles as the thermometer. Missing a fever prediction is mitigated by the fact they are wearing a thermometer so in that case this failure results in the current standard of care.

Predicting a fever that isn't occurring requires a more thorough analysis. In this case, clinical experts or key opinion leaders in your field or through a literature review to support the submission. The buck stops with the clinical outcome(s)

 

[FRA 2 FDA]

Great, thank you so much guys. Wonderful feedback so far. I'll be checking back frequently to see what else I can learn

 

[Tidge]

What we want to know is how to handle a harm that is not caused by the device but is allowed by the failure of the device, where the purpose of the device is to prevent that harm. For example, if a restraint is applied to a patient to prevent that patient from self-extubating and the patient escapes from the restraint and self-extubates, the harm is a harm that existed without the presence of the device and is no worse than it would have been. So, would it be excluded from the FMEA?

Generally, I lean towards the opinion that the "14971"-focused(*) part of the risk management file (e.g. FMEA) not consider "device doesn't do the thing it is supposed to do", because that is more of a validation question. My preference is to leverage RMF to make risk assessment of possible harms introduced by the device's design.

In this specific case, it does sound like there could be elements of the design that should be considered in a Use FMEA, because the restraint itself comes into play during a use scenario... but more like 'misuse' and less like 'it simply doesn't work'.

Looking at this from a slightly different direction: We don't analyze the risks relating to customers who don't buy or use our products.

(*) My field is medical devices, mileage may vary for other industries.

 

[Bev D]

Just to elaborate on the FMEA portion (and perhaps add some clarity): the phrase “device doesn’t do the thing it’s supposed to do” is the definition of the failure of a function which is exactly what the FMEA is intended to detect. In the development process specifically, the iterative use of FMEA leads on to determine the severe failure modes and undertake develop testing and optimization intended to prevent, mitigate, eliminate or reduce the occurence rate of the failure. This also results in knowing the occurrence rate (NOT a GUESS). Validation (or as the USDA calls it, Verification) testing is intended to demonstrate that the development actions resulted in the predicted occurrence rate. Which in the case of certain products results in a label claim of effectiveness. (How frequently the device will do the thing it is supposed to do).

With diagnostic testing devices (and methods) this occurrence is stated as the sensitivity and specificity of the test.
With Vaccines it is stated as the effectiveness in preventing the target disease.

Now the cautionary tale using the example of a patient restraint, without discussing the hazard or harm as I am not an expert in that. I would expect that the development process would test for the ability (failure occurrence rate) of the primary purpose of the restraint to restrain patients. In Particulr what stress can the restraint survive and the length of time (and probably max stress per cycle) it takes to degrade the restraint. After al ho successful will toilet tissue be in restraining a patient and how many sales do you think you will get? (Yes I’m invoking the concrete lifesaver scenario). Now this doesn’t address the follow on concern of the OP regarding harm being equal to no restraint or worse if the belief that the restraint will hold leads the medical staff to be less vigilant or prepared if the patient were to break the restraint. I would expect - from a quality standpoint not a regulatory standpoint - that the effectiveness and life span of the restraint is known and published somewhere…and that protects the manufacturer from liability…in most cases.

 

[Tidge]

To clarify: when I write "the thing doesn't do what it supposed to do", I am referring to a thing that actually cannot be demonstrated to do what is supposed to do, in the absence of any failure mode. I mean something like a divining rod to find explosive ordinance or a metal bracelet to cure cancer.

 

[Bev D]

To clarify: when I write "the thing doesn't do what it supposed to do", I am referring to a thing that actually cannot be demonstrated to do what is supposed to do, in the absence of any failure mode. I mean something like a divining rod to find explosive ordinance or a metal bracelet to cure cancer.

Thanks. Specific examples help as the phrase you use is exactly what is commonly used in FMEA to describe the failure of a function. Your examples are also invoking the infamous concrete lifesaver…

 

[FRA 2 FDA]

@Bev D hit on exactly one of the points that was plummeting us further down the rabbit hole. If you tell users that the device will perform this function, so they stop being vigilant about it (using the restraint scenario, the nurses leave the room and they don't leave the patient with a sitter because they assume the restraint will keep them safe) is that worse or somehow different than just a patient not being restrained. Either way, the end result could be that they pull out tubes and lines or strike a nurse but........???

It seems this is a complicated issue after all, even for those of you who have a good handle on FMEAs and risk management.