ISO 14971 defines the terms “hazard” and “hazardous situation.” Nevertheless, medical device manufacturers often find it difficult to assign concrete cases to either of the two categories. This article provides help.
1. Definition of hazard and hazardous situation
The ISO 14971 defines:
potential source of harm
circumstance in which people, property, or the environment are exposed to one or more hazard(s)
The standard provides examples of hazards (see Fig. 1):
- chemical materials
- electrical energy
- mechanical energy
- electromagnetic radiation
- thermal energy
- biological materials
- hazards due to (incorrect) information such as manuals or displays
The example of “information” often leads to confusion because no one can be directly harmed by incorrect information or display. Instead, (incorrect) information or display are elements in a chain of causes that can ultimately lead to a hazard.
For this reason, many companies use restrictive definitions of the term hazard:
The last element in a chain of causes leading up to a hazardous situation
A second definition has also proved useful:
External behavior or failure of a medical device that contributes to or causes harm.
Both alternative definitions are consistent with the definition of the term “hazard” in ISO 14971.
2. Typical mistakes when working with the term “hazard”
Mistake 1: Incorrect use of the term
Test your knowledge: Which of the following entries in a risk management file meet the hazard definition and which do not?
- software bug
- failure to follow the instructions for use
- possibility of a burn
- burst hose
- faulty final inspection during production
- failure to validate the process
- allergy-causing materials
- cyber attack
- delayed treatment
The correct answers can be found at the end of the article.
Don’t scroll down right away, but write down your thoughts first. This will maximize the insights you gain.
Mistake 2: Inconsistent use of the term
A patient is harmed because a standalone software displays the wrong medication due to a software bug. What is the hazard? The software bug, the wrong display, or the wrong medication?
All three elements of the chain of causes correspond to the definition of ISO 14971, namely “potential source of harm.”
Because companies do not determine the definitions, discussions regularly get out of hand. The above alternative definitions help to avoid this.
If the hazard is defined as the last element in a chain of causes leading up to the hazardous situation, then the sequence is:
element of the chain of causes | concept/term |
software bug | root cause |
incorrect display of the medicine | element of the chain of causes |
wrong medicine | hazard |
taking the wrong medication | hazardous situation |
allergic shock | harm |
If, on the other hand, the external (mis)behavior of the device is defined as a hazard, the sequence is:
element of the chain of causes | concept/term |
software bug | root cause |
incorrect display of the medicine | hazard |
wrong medicine | element of the chain of causes |
taking the wrong medication | hazardous situation |
allergic shock | harm |
In the second case (Tab. 2), it can be seen that the hazardous situation no longer strictly corresponds to the definition because the patient is not directly exposed to the hazard (in this case, the incorrect display).
The processes in Tab. 1 and 2 only differ for the case of “(incorrect) information,” not for hazards posed by materials or energies. This is because defective materials (e.g., toxic material) or energies (case under voltage) represent both external malfunction and the last element in the chain of causes leading up to the hazardous situation.
It is helpful if the manufacturers agree on a definition.
Mistake 3: Inconsistent level of detail
In particular, if several people work on the hazard analysis without coordination, risk management files regularly arise in which the hazards are formulated with inconsistent granularity.
The following entries can be found in the risk management file for the identical hazard:
- lack of biocompatibility
- toxic materials
- neurotoxic substances
- botulinum toxin
The entries here are sorted in ascending order from general/unspecific to granular/specific.
It is usually not reasonable to divide hazards into too many categories unless the hazards cause different types of harm or require different measures.
Hazards are often caused by a number of different factors. Manufacturers should pay particular attention to the chain of causes if
- they can take appropriate measures to interrupt the chain of causes before the hazard occurs,
- different causes influence the probabilities or severities of the harm resulting from the hazards.
Mistake 4: Incomplete hazard identification
It is particularly serious when manufacturers overlook hazards. These are, for example, hazards that arise from
- failure to achieve the intended purpose, e.g., delayed or incorrect display of laboratory values in an IVD or insufficient removal of substances requiring dialysis from the blood in a dialysis machine,
- insufficient usability,
- unknown and uncontrolled transport and storage conditions,
- uncoordinated changes to the design or production of the device (including at suppliers),
- the use of the device in accordance with its other intended uses (such as cleaning and maintenance), and
- foreseeable misuse, such as use by untrained users or use beyond the specified lifespan.
3. Conclusion
As simple and short as the definition of the term “hazard” is (or at least appears to be), manufacturers often make mistakes when using the term. Incorrect or inconsistent use leads to incorrect and inconsistent risk management files and, thus, to regulatory problems and unsafe products.
Therefore, manufacturers should consistently invest in the training of those involved in risk management. This is exactly what ISO 13485 and ISO 14971 require.
Software systems such as those from the Johner Institute help to avoid inconsistencies.
Change history
- 2024-09-15: Article completely revised
- 2018-09-28: First version of the article published
Solution and hints
hazard? | comment |
software bug | A hazard as defined by ISO 14971. Note the information in chapter 2 “Typical mistakes.” |
failure to follow the instructions for use | A hazard as defined by ISO 14971. Note the information in chapter 2 “Typical mistakes.” |
possibility of a burn | A burn is a form of harm; the possibility expresses a probability. It is not a hazard. |
burst hose | A (potentially) bursting hose is a hazard. |
faulty final inspection during production | A faulty final inspection can contribute to harm. However, it is more likely to be a risk-minimizing measure intended to avoid the actual hazard, such as a device that is not manufactured according to specifications. |
failure to validate the process | A failure to validate a process can ultimately contribute to harm. However, it should be seen more as a validation of a risk-minimizing measure, such as sterilization. |
allergy-causing materials | A hazard as defined by ISO 14971 |
cyber attack | A hazard as defined by ISO 14971. Note the information in chapter 2 “Typical mistakes.” |
delayed treatment | A hazard as defined by ISO 14971. Note the information in chapter 2 “Typical mistakes.” |