Quality Progress - May 2017 - 14

Field Notes
characterize device benefits: impact on patient health and
clinical management, magnitude of benefits, likelihood of
patients experiencing the benefits, duration of effect, patient
perspective, benefits for healthcare givers and medical necessity. These are the types of benefits that must be considered
and balanced against each individual risk and all risks taken as
a whole.
If an organization proactively and comprehensively documents device benefits as well as risks in the risk management
file, post-market decisions that affect product availability can
be more objective and fact based, and less judgment based.

Cybersecurity threats

In our fast-changing world of increasing computer capabilities,
cybersecurity is another hot topic. The FDA issued the guidance document "Postmarket Management of Cybersecurity in
Medical Devices" in December 2016.6 The guidance applies to
devices that contain software or programmable logic, or software that is itself a medical device. Devices that are networked
are particularly vulnerable.
In this guidance, a link is made between cybersecurity risk
and overall risk to health, with the foundation for cybersecurity risk management coming from 21 CFR 820. A more direct
parallel between cybersecurity and ISO 14971 can be found in
Association for the Advancement of Medical Instrumentation
(AAMI) TIR 57:2016-Principles for medical device security-Risk management.7 Consistent with U.S. philosophy, the
introduction states "This document does not address content
deviations included in Annex ZA of EN ISO 14971:2012."8
Specifically, the AFAP requirement is not included in the
evaluation of security risks. TIR57 recommends that a security
risk process be developed that is separate-not integrated
with-the safety risk process.9 Cybersecurity does have its own
terminology, including identification of threats, vulnerabilities
and assets. Cybersecurity risks that affect patient and user
safety, however, also should be documented in the safety risk
management file. In a global organization, the full requirements
of EN ISO 14971 should be addressed.
Device use risk also continues to receive much focus.
The FDA guidance "Applying Human Factors and Usability
Engineering to Medical Devices" was issued in February
2016.10 Although user error has long been part of the trilogy of design, process and use risks identified in a top-level
hazard analysis, the guidance provides more details regarding
identifying and analyzing critical tasks, and applying usability failure mode and effects analysis and fault tree analysis.
A particularly detailed section on human factors validation
testing is helpful.
The usability engineering process is shown in parallel to
ISO 14971 in International Electrotechnical Commission (IEC)

14 QP

May 2017 ❘ qualityprogress.com

62366:2015-Part 1-Application of usability engineering
to medical devices,11 a standard that all risk management
professionals should understand and apply. Those of
us who work with medical
equipment also should be
familiar with IEC 60601-16:2010, General requirements
for basic safety and essential
performance.12

In summary, the proliferation of related guidance
documents and standards, the
need to demonstrate compliance to ISO 14971 and EN
ISO 14971, and the countless
ways in which details can be
implemented all make medical
device risk management a
challenging career, but it is
also a fantastic opportunity to
do good for many people. 

REFERENCES
1. European Committee for
Standardization (CEN), EN ISO
14971-Risk management for
medical devices, 2012.
2. International Organization for
Standardization (ISO), ISO 14971-
Medical devices-application
of risk management to medical
devices, 2007.
3. European Commission, European
Union Medical Device Directive,
93/42/European Economic
Community (EEC), June 14, 1993.
4. Scott A. Laman, "Building a
Consensus," Quality Progress,
October 2009, p. 72.
5. U.S. Food and Drug
Administration (FDA), "Factors
to Consider Regarding BenefitRisk in Medical Device Product
Availability, Compliance and
Enforcement Decisions," guidance
document, Dec. 22, 2016.
6. FDA, "Postmarket Management
of Cybersecurity in Medical
Devices," guidance document,
Dec. 28, 2016.

7. Association for the Advancement
of Medical Instrumentation
(AAMI), AAMI/Technical
Information Report (TIR)
57:2016-Principles for
medical device security-Risk
management, June 2015.
8. CEN, EN ISO 14971 Risk
management for medical devices,
Annex ZA, 2012.
9. AAMI, AAMI/TIR 57:2016-
Principles for medical device
security-Risk management, see
reference 7.
10. FDA, "Applying Human Factors
and Usability Engineering to
Medical Devices," guidance
document, Feb. 3, 2016.
11. International Electrotechnical
Commission (IEC), IEC
62366:2015-Part 1-Application of
usability engineering to medical
devices, 2015.
12. IEC, IEC 60601-Parts 1-6:2010,
General requirements for basic
safety and essential performance,
2010.

Scott A. Laman is senior manager of
quality engineering and risk management
for Teleflex Inc. in Reading, PA. He
earned a master's degree in chemical
engineering from Syracuse University
in New York. Laman is an ASQ fellow
and a certified manager of quality/
organizational excellence, quality
engineer, reliability engineer, Six Sigma Black Belt, quality
auditor, supplier quality professional and biomedical auditor. He
is also an ASQ fellow, a past chair of the ASQ Professional Ethics
and Qualifications Committee.


http://www.qualityprogress.com

Table of Contents for the Digital Edition of Quality Progress - May 2017

Seen and Heard
Expert Answers
Progress Report
Mr. Pareto Head
Field Notes
Mind the Gaps
Solid Footing
Are These the Same?
New Tricks for an Old Tool
Innovation Imperative
Experience More
Career Coach
Statistics Spotlight
Standard Issues
Marketplace
Footnotes
Back to Basics
Quality Progress - May 2017 - intro
Quality Progress - May 2017 - cover1
Quality Progress - May 2017 - cover2
Quality Progress - May 2017 - 1
Quality Progress - May 2017 - 2
Quality Progress - May 2017 - 3
Quality Progress - May 2017 - 4
Quality Progress - May 2017 - 5
Quality Progress - May 2017 - Seen and Heard
Quality Progress - May 2017 - Expert Answers
Quality Progress - May 2017 - Progress Report
Quality Progress - May 2017 - Mr. Pareto Head
Quality Progress - May 2017 - 10
Quality Progress - May 2017 - 11
Quality Progress - May 2017 - Field Notes
Quality Progress - May 2017 - 13
Quality Progress - May 2017 - 14
Quality Progress - May 2017 - 15
Quality Progress - May 2017 - Mind the Gaps
Quality Progress - May 2017 - 17
Quality Progress - May 2017 - 18
Quality Progress - May 2017 - 19
Quality Progress - May 2017 - 20
Quality Progress - May 2017 - 21
Quality Progress - May 2017 - 22
Quality Progress - May 2017 - 23
Quality Progress - May 2017 - Solid Footing
Quality Progress - May 2017 - 25
Quality Progress - May 2017 - 26
Quality Progress - May 2017 - 27
Quality Progress - May 2017 - 28
Quality Progress - May 2017 - 29
Quality Progress - May 2017 - Are These the Same?
Quality Progress - May 2017 - 31
Quality Progress - May 2017 - 32
Quality Progress - May 2017 - 33
Quality Progress - May 2017 - 34
Quality Progress - May 2017 - 35
Quality Progress - May 2017 - New Tricks for an Old Tool
Quality Progress - May 2017 - 37
Quality Progress - May 2017 - 38
Quality Progress - May 2017 - 39
Quality Progress - May 2017 - 40
Quality Progress - May 2017 - 41
Quality Progress - May 2017 - 42
Quality Progress - May 2017 - 43
Quality Progress - May 2017 - Innovation Imperative
Quality Progress - May 2017 - 45
Quality Progress - May 2017 - 46
Quality Progress - May 2017 - Career Coach
Quality Progress - May 2017 - 48
Quality Progress - May 2017 - 49
Quality Progress - May 2017 - Statistics Spotlight
Quality Progress - May 2017 - 51
Quality Progress - May 2017 - 52
Quality Progress - May 2017 - 53
Quality Progress - May 2017 - Standard Issues
Quality Progress - May 2017 - 55
Quality Progress - May 2017 - 56
Quality Progress - May 2017 - 57
Quality Progress - May 2017 - Marketplace
Quality Progress - May 2017 - 59
Quality Progress - May 2017 - Footnotes
Quality Progress - May 2017 - 61
Quality Progress - May 2017 - 62
Quality Progress - May 2017 - 63
Quality Progress - May 2017 - Back to Basics
Quality Progress - May 2017 - cover3
Quality Progress - May 2017 - cover4
http://www.nxtbook.com/naylor/ASQM/ASQM0719
http://www.nxtbook.com/naylor/ASQM/ASQM0619
http://www.nxtbook.com/naylor/ASQM/ASQM0519
http://www.nxtbook.com/naylor/ASQM/ASQM0419
http://www.nxtbook.com/naylor/ASQM/ASQM0319
http://www.nxtbook.com/naylor/ASQM/ASQM0219
http://www.nxtbook.com/naylor/ASQM/ASQM0119
http://www.nxtbook.com/naylor/ASQM/ASQM1218
http://www.nxtbook.com/naylor/ASQM/ASQM1118
http://www.nxtbook.com/naylor/ASQM/ASQM1018
http://www.nxtbook.com/naylor/ASQM/ASQM0918
http://www.nxtbook.com/naylor/ASQM/ASQM0818
http://www.nxtbook.com/naylor/ASQM/ASQM0718
http://www.nxtbook.com/naylor/ASQM/ASQM0618
http://www.nxtbook.com/naylor/ASQM/ASQM0518
http://www.nxtbook.com/naylor/ASQM/ASQM0418
http://www.nxtbook.com/naylor/ASQM/ASQM0318
http://www.nxtbook.com/naylor/ASQM/ASQM0218
http://www.nxtbook.com/naylor/ASQM/ASQM0118
http://www.nxtbook.com/naylor/ASQM/ASQM1217
http://www.nxtbook.com/naylor/ASQM/ASQM1117
http://www.nxtbook.com/naylor/ASQM/ASQM1017
http://www.nxtbook.com/naylor/ASQM/ASQM0917
http://www.nxtbook.com/naylor/ASQM/ASQM0817
http://www.nxtbook.com/naylor/ASQM/ASQM0717
http://www.nxtbook.com/naylor/ASQM/ASQM0617
http://www.nxtbook.com/naylor/ASQM/ASQM0517
http://www.nxtbook.com/naylor/ASQM/ASQM0417
http://www.nxtbook.com/naylor/ASQM/ASQC12518
http://www.nxtbook.com/naylor/ASQM/ASQM0317
http://www.nxtbook.com/naylor/ASQM/ASQM0217
http://www.nxtbook.com/naylor/ASQM/ASQM0117
http://www.nxtbook.com/naylor/ASQM/ASQM1216
http://www.nxtbook.com/naylor/ASQM/ASQM1116
http://www.nxtbook.com/naylor/ASQM/ASQM1016
http://www.nxtbook.com/naylor/ASQM/ASAC0016
http://www.nxtbook.com/naylor/ASQM/ASQM0916
http://www.nxtbook.com/naylor/ASQM/ASQA0016
http://www.nxtbook.com/naylor/ASQM/ASQM0816
http://www.nxtbook.com/naylor/ASQM/ASQM0716
http://www.nxtbook.com/naylor/ASQM/ASQM0616
http://www.nxtbook.com/naylor/ASQM/ASQM0516
http://www.nxtbook.com/naylor/ASQM/ASQM0416
http://www.nxtbook.com/naylor/ASQM/ASQM0316
http://www.nxtbook.com/naylor/ASQM/ASQM0216
http://www.nxtbook.com/naylor/ASQM/ASQM0116
http://www.nxtbook.com/naylor/ASQM/ASQM1215
http://www.nxtbook.com/naylor/ASQM/ASQM1115
http://www.nxtbook.com/naylor/ASQM/ASQM1015
http://www.nxtbook.com/naylor/ASQM/ASQM0915
http://www.nxtbook.com/naylor/ASQM/ASQM0815
http://www.nxtbook.com/naylor/ASQM/ASQM0715
http://www.nxtbook.com/naylor/ASQM/ASQM0615
http://www.nxtbook.com/naylor/ASQM/ASQM0515
http://www.nxtbook.com/naylor/ASQM/ASQM0315
http://www.nxtbook.com/naylor/ASQM/ASQM0215
http://www.nxtbook.com/naylor/ASQM/ASQM0115
http://www.nxtbook.com/naylor/ASQM/ASQM1214
http://www.nxtbook.com/naylor/ASQM/ASQM1114
http://www.nxtbook.com/naylor/ASQM/ASQM1014
http://www.nxtbook.com/naylor/ASQM/ASQM0914
http://www.nxtbook.com/naylor/ASQM/ASQM0814
http://www.nxtbook.com/naylor/ASQM/ASQM0714
http://www.nxtbook.com/naylor/ASQM/ASQM0614
http://www.nxtbook.com/naylor/ASQM/ASQM0514
http://www.nxtbook.com/naylor/ASQM/ASQM0414
http://www.nxtbook.com/naylor/ASQM/ASQM0314
http://www.nxtbook.com/naylor/ASQM/ASQM0214
http://www.nxtbook.com/naylor/ASQM/ASQM0114
http://www.nxtbook.com/naylor/ASQM/ASQM1213
http://www.nxtbook.com/naylor/ASQM/ASQM1113
http://www.nxtbook.com/naylor/ASQM/ASQM1013
http://www.nxtbook.com/naylor/ASQM/ASQM0913
http://www.nxtbook.com/naylor/ASQM/ASQM0813
http://www.nxtbook.com/naylor/ASQM/ASQM0713
http://www.nxtbook.com/naylor/ASQM/ASQM0613
http://www.nxtbook.com/naylor/ASQM/ASQM0513
http://www.nxtbook.com/naylor/ASQM/ASQM0413
http://www.nxtbook.com/naylor/ASQM/ASQM0313
http://www.nxtbook.com/nxtbooks/naylor/ASQM0213
http://www.nxtbook.com/nxtbooks/naylor/ASQM0113
http://www.nxtbook.com/nxtbooks/naylor/ASQM1212
http://www.nxtbook.com/nxtbooks/naylor/ASQM1112
http://www.nxtbook.com/nxtbooks/naylor/ASQM1012
http://www.nxtbook.com/nxtbooks/naylor/ASQM0912
http://www.nxtbookMEDIA.com