FMEA (Failure Mode Effect Analysis) is definitely the most widely used method for assessment of risks associated two any type of devices and processes. This is valid for any type of product or industry sector, medical device-related or not.
Here we present an article on how to apply and integrate FMEA method with risk management for a medical device. We all know the importance of a risk management process within a quality management system compliant with 21 CFR 820 and ISO 13485.
We have been extensively discussing about risk management process for medical devices according to ISO 14971 and 24971; furthermore, extensive risk management documentation is present on our website, including, among the others:
- Risk Management Procedure
- Risk Management Plan Template
- Risk Management Report Template
- Hazard Analysis Template
- Risk Analysis Template
- Traceability Matrix Template
-
Risk Management Package€149,00
What is FMEA?
FMEA (Failure Mode and Effect Analysis) is a method used to anticipate the potential failures associated to a product or a process, estimated the severity of the potential effects of the failure and identify measures to mitigate the risks related to this failure.
Different types of FMEA can be developed; in particular we could have:
- DFMEA, Design Failure Mode and Effect Analysis, where the risk analysis is performed on a specific products. The risks that can be handled within this FMEA are the ones related to failure of specific components of the device or failure related to the use of the device by patient, users or any other person potentially involved.
- PFMEA, Process Failure Mode and Effect Analysis, where the risk analysis is performed on the manufacturing process. Following the workflow of a process, all the potential deviations are taken in considerations, associated risks estimated and mitigation actions identified.
5 Steps to perform a FMEA
The FMEA can be performed on 5 sequential steps which can be summarised in the infographic below:
Here we can now discuss more in details each step of the FMEA process.
Step 1: Risk Identification
The first step of the FMEA method is the risk identification. Hazardous situation and related risk can arise from different sources:
- Risks resulting from faults : it is important to remind that the probability of a fault occurring is not the same probability of a harm occurring.
- Risks resulting from random faults : Random faults are typically due to physical or chemical causes such as corrosion, contamination, thermal stress, and wear-out, etc.
- Risk resulting from systematic faults : A systematic fault can be caused by an error in any type of activity. It will systematically give rise to a failure when some particular combination of inputs or environmental conditions arises, but will otherwise remain latent.
- Risks arising from security vulnerabilities : Security vulnerabilities can lead to loss of data, disclosure of personal health information, unauthorized access to patient records, etc.
Step 2: Determination of the severity of the potential harm
For each of the risks identified in Step 1, determination of the severity of the harm associated to the risk shall be performed. A score shall be given the severity of the harm. As a matter of example, the following table can be followed:
| Rating | Severity of the Associated Harm |
| Catastrophic / Fatal | Results in death |
| Critical | Results in permanent impairment or irreversible injury |
| Serious / Major | Results in injury or impairment requiring medical or surgical intervention |
| Minor | Results in temporary injury or impairment not requiring medical or surgical intervention |
| Negligible | Results in inconvenience or temporary discomfort |
Step 3: FMEA and Determination of the probability of occurence
Each of the risk identified in step 1 has a specific probability of occurrence shall be estimated. This can be performed using two different methods:
- Qualitative method
- Quantitative method.
For a qualitative method, the estimation of the probability of occurrence is performed by an expert based on different levels defined as per below:
| Probability Levels | Description |
| High | Likely to happen, often, frequently, always Likely to happen several times during the lifetime of the medical device |
| Medium | Can happen, but not frequently Likely to occur a few times during the lifetime of the medical device |
| Low | Unlikely to happen, rare, remote Not likely to occur during the lifetime of the medical device |
Instead, for a quantitative method, levels of probability of occurrence are defined on a quantitative way. For example:
| Probability Levels | Range |
| Frequent | ≥10−3 |
| Probable | <10−3 and ≥10−4 |
| Occasional | <10−4 and ≥10−5 |
| Remote | <10−5 and ≥10−6 |
| Improbable | <10−6 |
Step 4 : FMEA and Estimation of the detectability
For a tri-dimensional FMEA, the estimation of the detectability shall be performed. This means that for each risks identified, a score should be given the possibility to detect the risk in order to prevent any specific hazardous situation or harm.
Also in this case, a table could be prepared as a matter of example:
| Detectability Levels | Criterial |
| Almost Impossible | No known control(s) available to detect failure mode |
| Remote | Remote likelihood current control(s) will detect failure mode. |
| Low | Low likelihood current control(s) will detect failure mode. |
| Moderate | Moderate likelihood current control(s) will detect failure mode. |
| High | High likelihood current control(s) will detect failure mode. |
| Almost Certain | Almost Certain likelihood current control(s) will detect failure mode. |
Step 5 : FMEA and Risk Estimation
The estimation of the risk is performed through the definition of a score which is called risk priority number and it is the last phase of the FMEA process. The RPN can be defined as Severity x Occurrence x Detectability. Also in this case, different layers shall be defined in order to identify the region of risks.
In general the regions of risk are defined in the risk management plan.
Risk Analysis Template
The whole process described in this article can be applied in the moment a risk analysis shall be performed on a product or process. QualityMedDev has published an example of template of risk analysis that can be the starting point for the contruction of your FMEA document.
-
Risk Analysis Template€64,00 -
Risk Management Plan Template€64,00
Subscribe to 4EasyReg Newsletter
4EasyReg is an online platform dedicated to Regulatory matters within the medical device, information security and AI-Based business.
We offer a wide range of documentation kits to support your compliance efforts towards a wide range of standards and regulations, such as ISO 13485, EU MDR, ISO 27001, ISO 42001 and much more. . Specifically, in our webshop you will find:
- ISO 13485 Documentation / Compliance Kit
- ISO 27001 Documentation / Compliance Kit
- ISO 42001 Documentation / Compliance Kit
- FDA Cybersecurity Documentation
Within our sister platform QualityMedDev Academy, a wide range of online & self-paced training courses is available, such as for example:
- Complaint Handling and Vigilance Reporting
- Artificial Intelligence in Medical Device. Regulatory Requirements
- Unique Device Identification (UDI) Requirements according to EU MDR
- Clinical Evaluation Process According to EU MDR
- Medical Device SW Verification & Validation
- Risk Management for Medical Devices
- Usability Evaluation for Medical Devices
As one of the leading online platforms in the medical device sector, 4EasyReg offers extensive support for regulatory compliance. Our services cover a wide range of topics, from EU MDR & IVDR to ISO 13485, encompassing risk management, biocompatibility, usability, software verification and validation, and assistance in preparing technical documentation for MDR compliance.
Do not hesitate to subscribe to our Newsletter!
