Over 20 years ago, a doctor phones a medical device company’s technical service group from nearly half a world away, and is in a panic. He’s performing his first implant of the newly available AICD [automated implantable cardioverter defibrillator] technology, and his patient is sedated, on the table and there is a problem. “I’ve implanted the defibrillator, programmed it, turned it on, and now it’s making a buzzing sound that I can’t get to stop! It seems like it is discharging on its own! What’s wrong with your device?!” After going through the initial steps of the trouble-shooting algorithm, the technical service rep asks “Can you confirm you have a solid connection between the cardiac lead and the AICD?” After a few moments of silence… the confused doctor says “Um…Cardiac lead? …Oh” then promptly hangs up, presumably going back to the patient to implant (and connect) the cardiac lead.
This story is true and was told to me by the technical service rep, although the details are purposely vague to protect the innocent (and the guilty!). I can’t imagine this particular scenario happening today – certainly proper hardware and software interlocks are in place that would prevent device activation without a lead – but I can imagine how a company’s design group would respond if this scenario were brought up in a risk analysis meeting. While the severity of not connecting the lead to the generator could be catastrophic, the likelihood of the event would probably be considered to be small, due to:
- Good product design, including those hardware and software interlock safety features, and
- Effective user training, such as didactic sessions, demonstrations, manuals and other labeling, to make sure the user knows what he or she is doing and that the patient is a good candidate for the device.
One of the key documents we work with at Medavise is ISO 14971 – Application of risk management to medical devices. The most recent update to this standard was issued in 2012, which included seemingly minor changes to bring the standard into compliance with the European Medical Devices Directive. One of the interesting changes was how information provided to the users of a medical device can (or can’t) reduce device risk.
The latest version of ISO 14971 allows consideration of “user information” to assess the risk of a device and to help reduce the residual risk. The residual risk is what is left after applying all the risk control measures. But if the residual risk is still too high, the company can no longer lower their risk value to an acceptable level just by telling the user about it. In the AICD example, the company can’t say to the doctor “even after all of our design efforts and user training there is a high risk of failure with our device from not connecting the lead, but now that you know about this high risk we consider it to be acceptable.” This assumes that providing this information will somehow further impact the doctor’s behavior and will result in lowered risk. While the doctor has to be told about any residual risks during training on the device, the updated standard says that the mere fact of providing that information cannot, itself, further mitigate risk.
So while this change in ISO 14971 may seem minor, it ends up reinforcing the idea that it is not the user’s responsibility to figure out a way to safely use a hazardous device, but rather the company’s responsibility to provide a device that can safely be used from the start.