Page 121 - Safety Risk Management for Medical Devices
P. 121

100   Safety Risk Management for Medical Devices


                As such, if the Failure Mode of the item under analysis could result in the System
                harming the patient, then the severity of that Harm is attributable to the End Effect
                of the Failure Mode in the DFMEA.
                   In the BXM method there are five classes of Harm severity. One could wonder
                how to choose the severity class of the Harm, when it may have a probability of
                Harm in all five severity classes. The answer is to choose the most probable severity
                class. Example: Let’s say the failure of the sterile seal of an implantable device could
                cause contamination of the device, which could lead to infection. In the example that
                was presented in Fig. 12.13, Infection had the highest probability of causing a Serious
                Harm (72.1%). Therefore in the FMEA, the sterile seal failure would receive a sever-
                ity ranking of 3, Serious. Remember that in the DFMEA, this ranking is used only
                for criticality determination and the prioritization of resources on mitigating Failure
                Modes. The risk of Hazards is computed in the RACT and is a different matter.


                    Tip   In the hierarchical multilevel FMEAs, lower level DFMEAs are associated with the physical
                    components and are reusable. If a component is used in multiple Systems and is a contributor to
                    Hazards in those Systems, it may be that the same component would have different severity rank-
                    ings depending on the System in which it is used. The severity rankings in reused FMEAs will
                    need to be adjusted in the context of the System in which they are reused.

                   Occ ratings can be estimated from a variety of sources. For example:

                      •  Field failure data on the same product
                      •  Failure data for similar items, used under similar conditions
                      •  Published data, e.g., MIL-HDBK-338B
                      •  Data from suppliers

                   If the quantitative criteria are used to estimate the Occ rating (see Table 12.4),
                ensure the probabilities have a meaningful basis for the subject of analysis. Examples:
                per-use; per device-year, etc.
                   In the context of risk management, detectability rating in DFMEA has a special
                meaning. It relates to how likely it is for the End Effect to be detected and countermeasures be
                taken, external to the boundary of analysis, to minimize the risk of Harm.
                   To elucidate this, consider the qualifier “external.” Remember that per ground
                rule number 9 in Section 12.4.4, designer errors are excluded. It means that assuming
                the correct design of the subject of DFMEA, it may be that the End Effect could cre-
                ate a Hazard at the System level. How likely is it for the End Effect to be detected
                and a countermeasure be taken by an entity which is external to the subject of analy-
                sis, in order to minimize the risk of Harm?
                   Why “external?” If a Failure Mode is detectable inside the subject of the DFMEA,
                and the designer chooses to devise a mechanism to counteract that Failure Mode,
   116   117   118   119   120   121   122   123   124   125   126