Medical device manufacturers must determine possible harms and their severity to assess the risks posed by their devices.
What sounds simple is very challenging in practice. This article assists in determining and documenting harm and its severity in accordance with ISO 14971.
1. Harm
a) Definition
ISO 14971 defines the term harm.
“Injury or damage to the health of people, or damage to property or the environment”
DIN ISO 14971:2022, Chapter 3.3 with reference to ISO/IEC Guide 63:2019, 3.1
b) Examples
The harms, according to ISO 14971, are usually:
- Impairment of body structure (e.g., cut, burn, broken bone)
- Impairment of body function (e.g., ability to move, ability to see, capability to purify blood)
- The reduction in life expectancy
- Mental impairments
The latter are only included among the types of harm from the third edition of ISO 14971 onwards. Before that, harm was limited to physical injuries and damage.
c) Misunderstandings and challenges
Mistake 1: Assuming there is one (only) harm
Many manufacturers assume that they must enter one harm in the corresponding column in the “risk table.” This is usually not the case. There is not only one harm but an entire chain of harm in which each individual element is a harm in the sense of the definition (see Fig. 1).
Each element of this chain of causes meets the definition of ISO 14971 because each element represents a physical injury or damage to health.
Each element of this chain of harm will occur with a different probability and thus represent a different risk in the sense of ISO 14971.
Mistake 2: Assuming the “linearity” of the chain of harm
These chains of causes are usually complex and not linear, as Fig. 1 suggests. This is illustrated in Fig. 2 below:
If you want to carry out a risk analysis and specifically investigate this last part of the chain of causes, you will need
- a physician and
- a risk manager who documents the output of this physician in the risk management file consistently and in accordance with the requirements of ISO 14971.
Mistake 3: Stating harms that are not harms
The following entries are regularly found in the “harm” column of the risk table:
- defective product
- serious adverse event
- harm to patients
- expensive rectification
Do you recognize the problems? Tab. 3, at the end of the article, provides a solution.
2. Severity of harm
a) Definition
ISO 14971, the standard for risk management of medical devices, defines the term severity (of harm):
“Measure of the possible consequences of a hazard”
DIN ISO 14971:2022, Chapter 3.27 with reference to ISO/IEC Guide 63:2019, 3.3
b) Regulatory background
Manufacturers must identify and assess the risks. They usually use a risk acceptance matrix for the assessment (see Fig. 3).
This risk acceptance matrix assumes that manufacturers define classes for the probabilities and severities. This means that they must define classification criteria for the severity classes.
c) The challenge of defining severity classes
The assessment of severity proves to be difficult:
- What is more harmful to a patient: if his knee becomes permanently stiff due to the failure of a medical device, or if he was, for a short time, in a life-threatening situation that was resolved without lasting harm thanks to the intensive care physician?
- Are two months of life taken from a terminally ill person who has only six months to live to be valued differently from two months of missing life for a person who still has ten years to live?
d) Existing solutions
Definition of MPAIMV
The MPAIMV defines the term “severe incident” in §2 as an incident with the following potential consequences:
- the death of a patient, user, or other person,
- the temporary or permanent severe deterioration in the state of health of a patient, user, or other person, or
- a severe public health threat.
However, the regulation does not define the terms used, such as “severe.”
Definition of MEDDEV
MEDDEV-2.12. contains a definition of the term “serious harm”:
However, even this definition does not use defined terms and only allows a distinction between severe and non-severe harm.
NACA score
A classification for categorizing (short-term) harm can be found on Wikipedia (NACA score). This classification initially came from the National Advisory Committee for Aeronautics, originally developed for the classification of aviation accidents.
The problem with this score is that it only considers the “amplitude” of the harm, not its progression over time.
Tables of the VersMedV
The tables of the German Versorgungsmedizin-Verordnung – VersMedV (Ordinance on Medical Care) help classify long-term harm, i.e., disabilities. For example, this table contains the following entries:
| Disease | Degree of disability |
| Brain damage with cognitive impairment (e.g., aphasia, apraxia, agnosia) – mild (e.g., residual aphasia) 30-40 – moderate (e.g., aphasia with obvious to major communication disorder) – severe (e.g., global aphasia) | 30-40 % 50-80 % 90-100 % |
| Lens loss in one eye: visual acuity 0.1 to less than 0.4 | 20 % |
| Shortness of breath even with the slightest exertion or at rest; static and dynamic measured values of the lung function test more than 2/3 lower than the target values | 80-100 % |
| Loss of a thumb | 25 % |
If you are interested in further values, refer to the VersMedV mentioned above or google the terms “degree of disability” and “degree of the consequences of injury.”
An article on the “International Classification of Functioning, Disability and Health” (ICF) also provides suggestions for classifying the severity of harm.
Interim conclusion
Many scores only consider the severity of acute harm. Harm that is not life-threatening and at the same time not reversible, such as permanent disability, does not fit well into this scheme.
It also does not help in the ethical discussion about whether in the case of harm
- the maximum short-term effect (“the height of the damage curve”), or
- the duration of the effect, or
- the “integral” of this curve should be used.
e) New approach to quantifying the severity of harm
Step 1: Determine relevant classification features
To classify the severity of harm, manufacturers need classification features.
- Death (y/n)
- Duration of hospitalization > n days (y/n)
- Degree of disability > x % (y/n)
- Intensive care treatment (of a non-intensive care patient) necessary (y/n)
- Medical intervention necessary (y/n)
- Reversible (y/n)
- Shortening of life expectancy > n months (y/n)
- Reduction in life expectancy > x % compared to life expectancy with “correct treatment” (y/n)
- Pain level > X (y/n)
- Quality of life, psychological stress according to “quality of life” criteria
Step 2: Use these criteria to define severity classes
In the second step, manufacturers can use the selected classification features to define the severity classes.
Examples for the definition of severity classes
| Severity class | Classification features |
| Catastrophic | Death of one or more patients |
| Critical | Intensive medical treatment necessary or/and irreversible harm with at least n % disability. |
| … |
Step 3: Add examples
As a manufacturer, supplement the definition of severity classes with specific examples for your medical device. This will make it easier to estimate the severity of harm caused by your medical device during the risk analysis (in accordance with ISO 14971).
Step 4: Check your definitions
- Use the tips above to define severity. It is not enough to simply mention attributes such as “light,” “serious,” “severe,” and “catastrophic.” Instead, it is necessary to have a written definition of what constitutes “severe” harm.
- Do not confuse severities of harm with probabilities. Therefore, severity classes such as “potentially fatal” or “poses a risk of life-threatening injury” are incorrect. The probability axis is independent of this, primarily as risks are already defined as the combination of probability and severity.
- Avoid ethically debatable sequences in the severity of harm: Are two injured people worse than one dead person?
- Make sure that you define the severity of harm completely. For example, several “serious irreversible injuries” or “for several people.”
The Johner Institute’s risk management team will help you to create and review risk management files so that audits and approvals can be passed easily and safely. These files also include the risk policy and risk management plan, which should contain the risk acceptance criteria and, thus, the definition of the severity classes.
The seminar “Risk Management & ISO 14971” gives you a quick introduction. You will also learn how to define risk acceptance criteria.
3. Conclusion and summary
a) The determination of the severity classes of harm is the basis
One of the most important legal requirements is that of risk management. Legally compliant risk management requires precise risk acceptance criteria. These require a precise definition of severity.
b) Classification criteria enable reproducibility
Manufacturers must assign harms to severity classes in a reproducible manner – i.e., for a large number of people and over long periods of time. Otherwise, the entire risk management and, thus, the success of audits and approvals will be on a shaky foundation.
The definition of severity classes on the basis of clear, preferably binary classification characteristics enables this reproducibility.
c) The competence of the risk management team is crucial
Without a competent risk management team, defining severity levels and classifying harms into severity classes will not succeed, because the challenges are huge:
- Which harm in the chain of harm should be entered in the risk table?
This decision also affects the associated probabilities of the selected harms. - How should the severity of this harm be assessed with regard to the attributes and, thus, classified?
- How to deal with the ethical assessments mentioned above?
In addition to risk managers, the risk management team should also include physicians and contextual experts such as healthcare professionals.
The Johner Institute trains risk management teams and helps to create ISO 14971-compliant risk management files.
Change history:
- 2024-09-17: Chapter 1.c) restructured and expanded. Tab. 3 added. Editorial changes in Chapter 3.
- 2023-04-27: Article rewritten
- 2017-11: First version created
Resolution
| Entry in the column “harm” | Comment |
| Defective product | A defective product would theoretically be a case of property damage and, thus, harm as defined in ISO 14971. However, the description of “defective product” would first have to be described in more detail, and then it would have to be decided under which category it falls. Examples: – “Defective product” in the sense of malfunction or complete product failure (lack of availability of the product for urgent diagnostic or therapeutic use) – here, the defective product would be no harm but a hazard that can then lead to harm to the patient (e.g., hypoxia or death in the event of a defective respirator in operation) – “Defective product” in the sense of a sharp-edged housing due to a material fracture – here, the defective product would also be no harm but a hazard. The possible harm to the user, patient, or third party would be, for example, a cut – “Defective product” in the sense of economic damage to the product itself is not considered by risk management according to ISO 14971. |
| Serious adverse event | This harm is too unspecific. The “serious” corresponds to a severity. This is to be documented in another column. |
| Harm to patients | This harm is described in a way that is too unspecific. It is not enough to state who the harm affects. |
| Expensive rectification | See comment on “defective product.” It is ethically difficult to equate economic and health-related harm. Therefore, evaluating these “types of harm” in different risk acceptance matrices is better. |
