ISO 14971 Basic Concepts – Hazard, Hazardous Situation and Harm

These terms are foundational to risk analysis, yet they are poorly understood and often incorrectly applied.

 
ISO+BASIC+CONCEPTS
 

If your organization has implemented ISO 14971, the International Standard for Risk Management, there is a good chance you are already familiar with these terms. These are very basic terms used for analyzing safety risks associated with a medical device. We have practiced risk management for many years so we know that there is a lot of confusion about these terms in the real world! We have seen many situations where these terms are not properly used, and the result is that the risk analysis is not correctly done. So, in this blog, we will review the definition of these terms, highlight a few areas of confusion and give examples for a better understanding of how they are related to each other.

First, it is important to appreciate that these terms are inter-related. Let us illustrate this relationship using a familiar example of commercial aviation illustrated in the graphic below.

 
 
Hazard, Harm, Hazardous Situation
 
 

Flying is a routine activity and there are thousands of commercial flights every day. Yet, despite a strong track record of safety, commercial aviation is a hazardous activity. Last year, we were reminded of the risk by two nearly back-to-back fatal crashes of the Boeing 737 Max 8 aircraft that led to a combined 346 fatalities and the worldwide grounding of the entire fleet. In both of these crashes, a sequence of events unfolded due to the interaction between pilot actions and a software control called the Maneuvering Characteristics Augmentation System (MCAS). The trigger event was faulty sensor data from the Angle of Attack (AOA) sensor which caused the MCAS to activate in an effort to stabilize the plane by lowering the nose. When the pilots tried to counter by trying to manually get the plane to nose-up, the MCAS continued to issue the nose-down commands. This sequence of events is shown in the top right of the graphic above. The hazardous situation in this case, as shown in the bottom right of the graphic above, is the failure to achieve altitude after take off due to these events. The result is a disastrous fatal crash with no survivors. 

In the sections below, we will look into each of the three basic terms - hazard, hazardous situation and harm - in more detail.

1) Hazard

 
 

ISO 14971 defines a hazard as a potential source of harm. What does that mean? Is it a “thing”, an “action”, or an “activity”? Well, it could be anything that could result in any harm. It doesn’t have to, but it can.

Driving a car is a hazard even though we do it every day.

Surgery is a hazard because it could result in all kinds of complications.

At the most basic level, use of a medical device itself is a hazard.

Remember, we are not yet talking about the type of harm or if it is just a small injury or something more serious. We will consider that when we get to the definition of harm later in this blog.

One problem we have seen in practice is when people look at failure modes associated with a medical device as part of their risk analysis. This is usually done during engineering risk analysis using tools such as an FMEA, or Failure Mode Effects Analysis. A failure mode is a way in which a device can fail to meet specifications or its intended function. Engineers try to think ahead of all possible failure modes so they can control them and improve the reliability of the device.

But a failure mode, in itself, is not a hazard. It could act as a trigger event that could lead to harm by activating exposure to one or more hazards. This difference is subtle, but important. Controlling failure modes is important for reliability, but it is not sufficient for analyzing safety risks within the context of ISO 14971. That is why using an FMEA for risk analysis is useful, but not sufficient for safety risk assessments. Yet, we have frequently seen FMEAs used as the only tool for this purpose.

Instead, it is better to look at different types of hazards within the context of the device and its use scenarios. ISO 14971 provides guidance on different classes of hazards such as energy hazards, biological or chemical hazards, information hazards and functional hazards. It is helpful to make a master hazards list under different categories so you can evaluate them holistically within the scope of a given medical device. A failure mode may be associated with one or more hazards, and this standard list can help mapping of failure modes to applicable hazards. In this way, the FMEA can be used exclusively for failure analysis and implementing controls for reliability, and the mapping of failure modes to hazards can facilitate a connection with safety risk analysis.

2) Hazardous Situation

 
 

A hazardous situation is a circumstance that exposes people, property or environment to one or more hazards.

A related concept to understand in this context is “foreseeable sequence of events”. There is usually a sequence of events that lead to a hazardous situation where people are exposed to hazards. Exposure to hazards through these situations is needed for harm to occur. Again, it may not always happen, but it could.

As an example, if a medical device is supposed to be sterile, any breach of sterility due to packaging issues, or how it is handled in the use environment, may expose the patient to infection causing microorganisms. The hazard in this case is biological – for example, bacteria, viruses or other infection agents. The foreseeable sequence of events is defective packaging leading to breach of sterility and presence of infection agents. The hazardous situation is this device being used by or on the patient, thereby exposing the patient to these infection agents.

One problem we have seen is that a clear statement of the sequence of events and resulting hazardous situation is generally missing. Sure, there is a lot of discussion during risk analysis about how a hazard may result in harm, but such discussion is not usually captured accurately to provide a clear understanding of sequence of events and hazardous situation. The reality is that engineers usually do a bottoms-up analysis from device failures, while medical experts focus on a top-down analysis starting from harms and working backwards to hazards. Although these are complimentary analyses, often they are done in isolation by different teams of experts. The result is generally incorrect or missing relationships between hazards and harms, which makes it difficult to properly estimate and evaluate the resulting risks. Inaccuracies in risk evaluation is a common reason for low effectiveness of the risk management process.

It is through an iterative back and forth bottoms-up and top-down analysis that we can come to a clear understanding of hazardous situations.

ISO 14971 provides guidance on events and circumstances that can lead to hazardous situations. It is a good practice to prepare a master table that clearly shows hazards and statements of sequence of events leading to hazardous situations.

3) Harm

 
 

In the context of safety risk management under ISO 14971, harm is defined as injury or damage to the health of people, or damage to property or the environment.

It is a very broad definition. Harm could be as simple as a minor inconvenience from a health point of view, or as serious as a life-threatening emergency or even death. In this way, harm has two components – the type of harm, and the severity of the harm.

We have seen two problems in defining harms during risk analysis. The first is not using a standard terminology. Harms should be defined in medical terms, and should ideally be done in consultation with a medical professional. Typically, people have used different complaint codes over the years to describe harms that have been reported. These complaint codes are not standardized and often evolve over time. It is not unusual to see “Other” as one of the most frequently used complaint codes because a reported condition may not always fall under any of the exiting categories. One good resource is MedDRA, or Medical Dictionary for Regulatory Activities. It is a recognized source of medical terms which can be used to create a master harms list for your product portfolio.

The second problem we have seen is inconsistent, and often incorrect, assignment of severity levels to harms. In our experience, the underlying problem is the lack of clear statements of sequence of events and hazardous situations. It is possible that the same condition, let us say a bacterial infection, could have different levels of severity. It is the link between a hazard and hazardous situation that can help us identify the appropriate severity level. In practice, this is not done and the result is inconsistent assignment of severity levels for the same harm because different teams come up with a different analysis of sequence of events and hazardous situations.

It is a good practice to build a Master Harms Severity table that has multiple lines of clear statements reflecting different scenarios. This work is best done in a cross functional team environment with engineers, medical professionals and risk management experts.

In conclusion, these three terms – Hazard, Hazardous Situation and Harm – are inter-related. It is really important to clearly understand each term and how they relate to each other. It requires a lot of work upfront to build a master table of hazards, hazardous situations and harms relevant to a product or product family. But once you do this work, your risk analysis will be more accurate which will help you manage these risks more effectively.

Remember, that it is not a one-and-done exercise. This has to be done on an ongoing basis because you will learn about new hazards, hazardous situations and harms through your post-market surveillance process. The idea is to build the right tools that can help you throughout the entire product lifecycle.

Share your comments and questions below. Contact us and let us know how we can help.