We want to do it "right", but we are stuck!
I have a feeling a lot of our industry colleagues are feeling this way.
It all started with a simple question -
Would you still do risk management for your medical device if it was not expected (or required) by regulatory authorities?
An overwhelming majority of my colleagues on LinkedIn responded with a clear yes to this question as shown by the poll results in this graphic.
Even those who answered no, I feel, are thinking about the practice of risk management as it exists today; not what they think it should be. It seems to me that if we didn't have an expectation (or requirement) of compliance, we would likely not do risk management the way it is being practiced right now in the industry.
I explored this topic further in my recent weekly live discussion, where we tried to imagine a different world. One where we did not have a compliance focus, rather we did risk management for the right reasons.
Here are 5 key points that emerged from our discussion:
1. Doing it right makes business sense
Everyone in our industry intuitively understands that risk management is important. It is the right thing to do for our patients and other stakeholders. We must develop, launch and consistently produce safe and high-quality medical devices.
"It's good business sense", as noted by one of our colleagues in a comment.
2. We have a great desire to be patient-focused
Everyone who works in the medical industry is highly passionate about our patients. We work very hard to build products that save lives. In my 10+ years in the industry, I have seen a very high level of commitment across the board. Many of us work long hours, even on nights and weekends. We give up personal family time to show up and do whatever it takes to keep serving our patients and other stakeholders.
However, there is also a feeling that most of our work related to risk management activities is driven by compliance.
So the question is not whether we should do risk management. The question is more about how to do it with a focus on the patient, and not on compliance.
3. We are stuck in a system focused on compliance
In practice, risk management in the industry feels more like an exercise in documentation for the purpose of regulatory compliance. It feels highly burdensome, especially because we are required to maintain and update our risk management files throughout the lifecycle of each product. Countless hours are spent in keeping up with changing risk levels and updating our documents. We often feel stuck!
This feeling of regulatory burden is even more prevalent today in light of the EU-MDR/IVDR.
However, a lot has to do with our own confusion. There seems to be an impression that regulations require risk management to be done in a certain way. Regulations tell us the what, not the how. Did you know that compliance to ISO 14971:2019, the International Standard for risk management of medical devices, is not mandatory? It is certainly a good idea, because ISO 14971:2019 is the state-of-the-art in risk management, but you don't have to do it. Further, you don't have to comply with any of the guidance in annexes or in ISO/TR 24971:2020. You can do it any way you want as long as you can satisfy the requirements in clauses 1-10.
In short, the problem is not the requirements, or the regulations, but the way we have implemented them in our system. This is where we need to take a deeper look and challenge the status quo.
However, we all feel stuck in the current system. We often find ourselves running against the clock, trying to fix gaps and vulnerabilities purely from a compliance viewpoint.
What if we took a "clean sheet of paper" approach? Ed Bills talked about this in another live session with us where we talked about the history and evolution of ISO 14971. But first, we need to be honest and acknowledge the current state.
4. Automation can help but only if the process is robust
During our live session, one of our colleagues suggested that we could use automation to help alleviate the documentation burden and improve the efficiency.
This is a good idea. However, the underlying process needs to be robust.
There are still many points of confusion which lead to many mistakes and inconsistencies in our risk analysis process. We have to first identify and fix these issues before we deploy automation. Otherwise we will suffer from GIGO (garbage-in-garbage-out!), which will make the situation even worse.
Bottom line, before you rush to implement the latest high-tech automation solution - and there are many such solutions out there - you need to take a careful look at the underlying logic and structure of your risk management process.
5. Safety can be an explicit business goal
What would you say if I told you that a leading automotive manufacturer aspires to aim toward zero fatal accidents in 2030?
And they have declared it publicly in their 2021 integrated report.
Yes, this is bold. Yes, this must be intimidating to their rank and file. Yes, this must be achieved under the heavy burden of industry regulations.
But is it inspiring? You bet it is.
Would you buy this manufacturer's model as a first car for your teenage child who just got their driver's license? Very likely.
Why would they want to declare it so boldly? Because they know their customers care.
Therefore, it is certainly possible to make safety not only a part of your vision statement, but also an explicit business goal. It is good for business and it will inspire your entire organization.
As one of our colleagues noted in their comment -
"When properly implemented, consideration of risk is less burdensome and inherent to the culture of the organization"
Ask any CEO of a medical device company and they are sure to emphasize that patient safety is number one for them. I believe it to be so. However, we don't see an explicitly stated business goal around safety performance in our industry.
What if we did? Wouldn't it inspire us to do things differently?
Maybe, then we could get unstuck! I invite you to share your thoughts.
Listen to a recording of our live discussion here
Dual nationality (UK and US) executive with experience in quality assurance, regulatory affairs, lean six sigma master black belt, operations project and program management
2 年Naveen Great feedback but I think the main question is would companies still do it. We have seen over the years companies do not see risk management as a value add, but more of a bureaucratic red tape that they have to perform. If that requirement was removed then expediency would take priority
Optimizing medical products, driving efficient & effective Quality & Regulatory Science, and supporting career journeys.
2 年I love the discussion and how it is evolving. It is so important to always look at our practices and processes with a critical eye. Thinking back to the goal of the activity. Otherwise we move into a cruse-control mode and it becomes a check box.