Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
How To Conduct Risk Analysis – Part 2
For hundreds of thousands of years, humans have relied on fire to see at night, stay warm, cook food, disinfect water, and protect themselves. However, without proper precautions and controls, this process would be deemed incredibly dangerous, and it would not have been as readily adopted.
Think about it. What if every time you turned on your stove, there would be an 80% chance that your kitchen would burst into flames? Would you consistently rely on that heat source? I surely wouldn’t.
The same principle applies to your medical technology. Its benefits may be evident. Its potential for improving countless lives may be unmistakable. However, if the risks are not understood and mitigated in their entirety, the adoption of your technology will be greatly hindered or completely inhibited.
In this article, I will provide you with insight and resources to help you complete the foundation of your risk analysis and safely share your fire with the world.
Risk Analysis Foundations
So far, we’ve described Hazard Analysis and Failure Mode Effect and Analysis (FMEA), addressed their nuances, and emphasized their powerful dynamic. If you missed that discussion, I strongly encourage you to read How to Conduct Risk Analysis – Part 1 before proceeding, as we will be building on that preliminary understanding.
To make a long story short, Hazard analysis takes a top-down approach, starting with a hazard that may morph into a hazardous situation, ultimately leading to patient harm.
On the other hand, the FMEA scrutinizes the system via a bottom-up lens; outlining its components, their intended functionality, how that functionality could fail (failure mode), and, lastly, how that failure impacts the entire system (failure mode effect).
And through a beautifully synchronized dance, these two analyses converge at the point of the hazardous situation, allowing us to clearly discern how a component failure can lead to patient harm.
However, stopping here would be like gathering firewood, neatly stacking it on a pile of dry grass, and going to sleep in the vicinity of your woodsy sculpture without ever lighting it.
Clearly, you’ve wasted your time creating something that provides no value except for being pretty to look at.
Making Your Foundations Useful
So how can you go about reaping the benefits of your work? Well, you would grab your fire starter, neatly place it inside your pile, grab your lighter, and set it ablaze. Within minutes, you see your wood sculpture light alongside the grass pile onto which it sits.
However, a few moments later, you realize you’ve made a critical error as the grass around your intended pile lights up following a gentle breeze, and soon enough, the entire campsite is glowing, awaiting the firefighters to tame it.
This sequence of events enables us to draw a couple of conclusions :
- The severity of the situation is catastrophic.
- If you were to set up ten different campsites in the same manner and in the same conditions, the likelihood that the same event would occur across all campsites is very high.
Interestingly, this same approach is directly applicable to analyzing the risk of your medical technology. Let me explain.
Continuing with the example outlined in How to Conduct Risk Analysis – Part 1, you identified the hazard of air in line, which, catalyzed by improper system priming, led to the hazardous situation of air entering the patient, ultimately resulting in the patient suffering an air embolism, stroke, or even death.
Similar to our campfire example, you can now draw a couple of conclusions:
- The severity of the harm is catastrophic.
- If ten patients were set up on independent pumps in the same manner and in the same conditions, the likelihood that the same harmful event would occur across all devices is very high.
Risk Priority Number (RPN)
These two parameters, severity and occurrence, are ranked on a scale of one (best case) to five (worst case). Furthermore, their product, severity x occurrence, is encompassed by a variable known as the Risk Priority Number (RPN), which provides you insight into:
- Which parts of your system can lead to catastrophic patient harm
- The likelihood of harm occurring when a hazard is present
- The hazard that expects you, as the design authority, to take action and mitigate upon occurrence
For a clearer representation of the RPN, the industry relies on a risk matrix as shown below.
A Game of Risk Mitigation
The rules of the game are simple:
- Hazards associated with an RPN value in the red are “unacceptable” and must be mitigated.
- Hazards associated with an RPN value in the yellow are “acceptable with controls.”
- Hazards with an RPN value in the green are acceptable, requiring no additional interventions.
Now, let’s assess the RPN of your campfire experience.
We formally agreed that the severity of the harm caused by your uncontrolled fire is catastrophic, leading to a maximum severity value of five.
Also, for the sake of this example, if ten independent campsites were set up in the same manner and in the same conditions, you assume seven out of the ten campsites would ignite, producing a high, but not maximum, occurrence value of four.
Ultimately, this risk assessment generates an RPN value of 20, making this hazard unacceptable according to our risk matrix.
Furthermore, due to the unacceptable RPN rating of this situation, you are now required to implement sufficient controls to reduce the risk to a more acceptable level. As you can probably assume, this can be accomplished through a combination of:
- Reducing the severity of the harm
- Reducing the occurrence of harm when a hazard is present
Risk Mitigation and Re-evaluation
So you take it upon yourself to retry building a fire. However, given the previous mishap, you’ve decided to be a bit more methodical.
Your first idea is to construct a rock pit to retain the burning material within a pre-determined area; this reduces the likelihood of the fire spreading uncontrollably by one level since there is no longer a direct path to a fresh, dry patch of grass.
Additionally, you think to yourself: What if a strong gust of wind blows a hot ember out of the pit into the neighboring grass?
To mitigate this possibility, you decide to purchase a fire extinguisher and instill a rule for the extinguisher to be passed around the group every hour, ensuring there is always one person in charge of keeping an eye out for any spontaneous combustions.
Now, according to the risk matrix, the campfire is now well within your control:
- The presence of a fire extinguisher reduces the severity of harm by one level. So, even if an ember were to land in an undesirable location, a member of your party would likely react in time to stop the fire from spreading uncontrollably.
- Also, by assigning the extinguisher to one individual at a time, the severity of harm is further minimized because you are removing the inevitable confusion of who will take the responsibility of putting out the fire when it occurs.
At this point, you could comfortably stop your risk mitigation. However, since your first accident was so traumatic, you’ve decided to go one step further and reach out to the campsite committee to propose that they conduct a controlled burn operation around the campfire pit. This creates an additional buffer for hot embers to safely fall without risking any flare-ups. Upon their approval and implementation, you’ve successfully decreased the occurrence level of an uncontrolled fire once more, confidently bringing your RPN into the acceptable range.
Final Thoughts on Risk Analysis
In this article, we outlined how to assess and control your flame:
- Evaluate the severity and likelihood of harm associated with each part of your system
- Identify the Risk Priority Number (RPN) for each hazardous situation
- Understand where each risk falls within your risk matrix to determine acceptability
- Design and implement controls to reduce unacceptable risks to an acceptable level
Medical device development is inherently a balancing act between risk and reward. Like a campfire, every meaningful design decision has the potential to provide warmth and comfort – or, if mismanaged, can result in irreversible harm. So gather your team and leverage this toolset to identify and mitigate the intrinsic risks of your technology; the efficacy and adoption of your fire depend on it.
