Medical device manufacturers must determine the severity of possible harm to assess the risks posed by their devices. What sounds simple is very challenging in practice. This article assists in determining and documenting the severity of harm in accordance with ISO 14971. 1. Basics a) Definition ISO 14971, the standard for risk management of medical…
DetailsISO 14971 defines the terms “hazard” and “hazardous situation.” Nevertheless, medical device manufacturers often find it difficult to assign concrete cases to either of the two categories. This article provides help. 1. Definition of hazard and hazardous situation The ISO 14971 defines: The standard provides examples of hazards (see Fig. 1): The example of “information”…
DetailsPDMS stands for patient data management system. These clinical information systems are typically used in hospitals, especially in departments that treat patients in intensive care. PMDS are experiencing a new boom in Germany as a result of the funding provided by the Hospital Future Act (Krankenhaus-Zukunftsgesetz, KHZG). This article provides 1. PMDS: Functionalities and requirements Patient data management systems (PDMS)…
DetailsLaws require risk management in hospitals, especially in order to improve patient safety. Nevertheless, many hospitals find this difficult. This article presents the most important regulatory requirements and provides tips for implementation. 1. Typical risks in a hospital a) Risks for patients The most important risks for patients include: b) Risks for all people in…
DetailsMedical device cybersecurity is a focus not only for the FDA but also for other legislators and authorities, both in the US and other markets. This is understandable The USA has added requirements for cyber devices to the Food, Drug & Cosmetic Act (FD&C), and the FDA has published several guidance documents on cybersecurity, which…
DetailsOutsourcing risk management to service providers. Wouldn’t that be convenient? But is that allowed? And how much sense does it make anyway? Conversely, what should you as a service provider not be burdened with under any circumstances? This article provides the answers. It suggests how manufacturers and service providers can divide their activities and gives…
DetailsLaws and standards require medical device manufacturers to compile a Software Bill of Materials, the SBOM. However, standardized SBOM formats are not always sufficient to meet these requirements. In particular, medical device manufacturers who do not supply and use SBOMs for their software are no longer accepted in the market. Here are the reasons. 1.…
DetailsUnderstandably, laws and standards also require IT security for legacy devices. However, the way in which these requirements are formulated often leads to confusion. For example, legislators and standard committees have been unable to agree on common definitions. One definition refers to the IT security of legacy devices, another to the IT security of old…
DetailsThe risk management plan is one of the most important documents in technical documentation. Accordingly, authorities and notified bodies examine this plan intensively. However, it is not only from a regulatory perspective that medical device manufacturers benefit from a precise risk management plan. This article 1. What a risk management plan is In a risk…
DetailsFMEA, or Failure Mode and Effect Analysis, is a procedure for investigating the unknown effects of known causes. In the case of medical devices, for example, FMEA is used in risk analysis to analyze the consequences of a faulty component, in particular, the resulting hazards. 1. How to use the FMEA a) During development Use…
Details