Top 5 Common Pitfalls to Avoid During Risk Assessment

Kamiya Crabtree
A man carefully steps across a cliff-face. An analogy for assessing risk.

A medical device-specific risk assessment uses the ISO 14971 standard, which provides guidance for producing and maintaining a risk management file.

A risk assessment is a process used to identify, analyse, and mitigate risk in the design and development process to enable the sale of safe and successful medical devices. Risk assessment ensures that all potential hazards are identified and mitigated to protect patient safety. However, manufacturers often encounter mistakes along the way that can compromise the effectiveness of the assessment and delay product launch. To help you navigate the risk management process smoothly, here are the Top 5 Pitfalls to avoid during the risk assessment of your medical devices.

Diagram highlighting the 5 pitfalls for risk assessment.

1. Failing to Identify All Potential Hazards

To begin a risk assessment, a comprehensive identification of potential hazards that could arise at any stage of the device’s lifecycle should be conducted. This involves documenting known and foreseeable hazards related to the medical device, considering its intended use, foreseeable misuse, and safety characteristics. A significant pitfall occurs here when manufacturers underestimate these hazards, in turn leading to an incomplete risk assessment.

How to avoid this:

Ensure cross-disciplinary teams are engaged (e.g., engineering, clinical, regulatory experts). This will ensure a thorough hazard analysis. Consider all potential risks, including those related to device malfunction, misuse, environmental factors, and human error.

2. Insufficient Documentation and Traceability

Clear documentation of the risk management process is required for regulatory authorities, e.g., Notified Bodies, to review. Article 10 of the EU MDR requires all manufacturers to establish, document, implement, and maintain a system for Risk Management. A frequent pitfall here is failing to maintain proper documentation of hazard identification, risk analysis, and control measures. This, in turn, will lead to non-compliance and delays.

How to avoid this:

Confirm that every step of the risk management process is documented in detail. Alongside this, you can use risk management tools, e.g., FMEA or risk matrices, to track the rationale behind each decision. This will allow for full traceability throughout the device lifecycle.

Maintaining and updating a Risk Management strategy requires scheduled review and appraisal sessions to analyse system suitability. The clinical evaluation cycle offers an opportunity to assimilate Risk Management data collected and to re-perform a benefit-risk analysis of the device. Any updates or changes to the process must be reflected in documentation and disseminated across the organisation to ensure the changes are implemented.

3. Underestimating Risk Acceptability Criteria

Determining whether a risk is acceptable or not is crucial in risk assessment. During risk evaluation, the manufacturer must assess estimated risks for each hazardous situation and check if they meet the criteria in the risk management plan.

Setting inappropriate risk acceptance thresholds can directly impact both patient safety and product timelines. If the acceptable risk is set too high, the device may pose a significant threat to users, leading to potential harm or regulatory non-compliance. On the other hand, being too cautious and lowering the threshold could result in unnecessary design changes or delays in the approval process, even for risks that are statistically insignificant.

How to avoid this:

Risk acceptance should be based on both regulatory requirements and real-world clinical needs. The criteria should be proportional to the severity and likelihood of the identified risks. A low-risk device may have higher acceptable risk levels, while a high-risk device, such as a life-supporting medical device, must have stringent limits. Tools like risk matrices can help categorise and prioritise risks by their severity and probability, ensuring a rational and evidence-based approach to setting acceptability levels.

4. Ignoring Post-Market Risks

Many manufacturers place a significant emphasis on pre-market risks, neglecting the post-market risks that may arise once the device is in use by patients or healthcare professionals. The manufacturer must review all collected post-market information, focusing on safety relevance. This aims to identify unrecognised hazards not initially identified, hazardous situations with now-unacceptable estimated risks, and cases where the overall residual risk is no longer acceptable relative to intended use benefits.

How to avoid:

Ensure you incorporate a robust post-market surveillance plan into your risk management strategy. As well as this, make sure you set up systems to monitor and track device performance, adverse events, and potential hazards once the product is on the market.

5. Neglecting Risk Control and Mitigation Strategies

The identification of hazards is just one part of the risk management process. The next critical phase is the implementation of effective risk controls, which is necessary to reduce identified risks to acceptable levels. Failing to implement effective controls or using controls that are impractical or inadequate is a common trap. This can lead to unresolved risks that may jeopardise patient safety, compromise device effectiveness, and increase the likelihood of regulatory non-compliance.

How to avoid:

To avoid neglecting risk control strategies, it’s essential to follow a structured approach that aligns with recognised best practices and regulatory standards. Here are some practical steps:

  • Start by prioritising the risks that need mitigation based on their severity and probability of occurrence.
  • Evaluate the effectiveness of controls. This can include pre-market validation through clinical trials, in-vitro testing, and failure testing, as well as post-market monitoring to ensure that controls remain effective over time.
  • For each identified risk, provide a rationale for the selected control, how it works to mitigate the hazard, and how its effectiveness will be measured.

Final Thoughts: Mastering Risk Assessment

By carefully identifying all potential hazards, setting realistic risk acceptability criteria, and implementing robust mitigation strategies, you can significantly reduce the likelihood of regulatory setbacks and safety issues. A proactive and comprehensive approach to risk management not only protects patients but also streamlines the path to market, helping your device succeed in a competitive landscape. Remember, risk assessment is an ongoing process that requires constant vigilance and adaptation, so stay committed to continuous improvement. Please contact us if you need any help with risk assessment or any medical device regulation issue.

Back to top

Related articles

  1. A precariously balanced pile of ping-pong balls and wooden bars.

    The Shift from MDD to MDR: Key Differences in Demonstrating Equivalence

    This transition has demanded that device safety must be demonstrated with more evidence. We offer tips for winning equivalence claims.

    Kamiya Crabtree Kamiya Crabtree Regulatory Medical Writer
  2. A pen and notepad, resting on a laptop.

    Periodic Safety Update Report: Requirements under EU MDR

    Post-Market Surveillance has become more stringent. We help you to understand what manufacturers need to consider.

    Chandini Valiya Kizhakkeveetil Chandini Valiya Kizhakkeveetil Regulatory Medical Writer
  3. An EU flag on a pole flies between two US flags against a blue sky.

    Webinar: From USA to Europe - Accelerating Your Path to the Medical Device Market

    We showed you how to quickly transform your U.S. regulatory work into a compliant EU MDR submission.

    Chandini Valiya Kizhakkeveetil Chandini Valiya Kizhakkeveetil Regulatory Medical Writer
  4. A poster frame for our Clinical Evaluation video series featuring Paul Hercock.

    Guide to Clinical Evaluation: Common Pitfalls & Useful Resources

    Part 5 - In the final video from this series, we explore five major pitfalls that often derail clinical evaluations.

    Dr Paul Hercock Dr Paul Hercock Chief Executive Officer
  5. A US-style 'changes ahead' warning road sign.

    Device Modifications: When a Simple Change Becomes a Regulatory Nightmare

    As regulatory consultants we understand how minor modifications to a device can often cause disproportionate disruption.

    Kamiya Crabtree Kamiya Crabtree Regulatory Medical Writer
  6. Webinar announcement poster.

    Webinar: Regulatory & Cybersecurity Essentials for medical device software and AI-enabled devices

    Our webinar with Cyber Alchemy addressed bringing AI-enabled medical devices to market with both the right regulatory and cybersecurity foundations.

    Shen May Khoo Shen May Khoo Regulatory Project Lead
  7. A simple jigsaw with iconography representing growth printed on it.

    Leveraging Post-Market Surveillance Data for Continuous Improvement

    PMS isn’t just about compliance, it’s an opportunity for improvement, enhance patient safety & innovate.

    Shen May Khoo Shen May Khoo Regulatory Project Lead
  8. A poster frame for our Clinical Evaluation video series featuring Dr. W. Brambley.

    Guide to Clinical Evaluation: CEP Strategy & CER Structure

    Part 4 - We explore how these guide reviewers through the evidence that supports safey, performance, and conformity.

    Dr Will Brambley Dr Will Brambley Lead Medical Writer
  9. A checklist being ticket-off in pen.

    The Critical Role of Pre-Submission Reviews in EU MDR Clinical Evaluations

    Ensuring your CER is robust and aligned with current standards is critical. How much Clinical Evidence is enough?

    Sandra Gopinath Sandra Gopinath Chief Regulatory Officer

More articles

Need help producing compliant CEPs & CERs? We are offering FREE CEPs to 5 qualifying applicants per week

Get your free CEP