All medical devices are associated with inherent risks of some level. It is imperative to understand the medical device’s specific risks to a patient. Under EU MDR 2017/745, risk management is a continuous and iterative process. Manufacturers are expected to plan, document, and implement risk management strategies in this process. These strategies may either eliminate the risk or mitigate the overall severity of the risk.

Medical Device Risk- Definition      

As per Article II of EU MDR 2017/745, medical device risk is defined as ‘the combination of the probability of occurrence of harm and the severity of that harm’. According to the definition, risk management strategies help prevent particular harm or risk and prevent severe harm.

Risk Management under MDR

Annex I section 3 of EU MDR 2017/745 mentions the risk management requirements specific to the European medical device regulations. Manufacturers, under MDR, must implement the following aspects of risk management to be fully compliant.

  • Establish and document a risk management plan for each device
  • Identify the known and foreseeable hazards associated with the device
  • Estimate and evaluate the risks associated with, and occurring during, the intended use and during reasonably foreseeable misuse
  • Eliminate or control the risks 
  • Evaluate the impact of information from the production phase to the post-market phase on hazards and the frequency of occurrence of associated risks, the overall risk, benefit-risk ratio, and risk acceptability
  • Amend risk control measures if necessary

While implementing risk control measures to design and manufacture devices, the following aspects must be considered. Manufacturers must:

  • Eliminate risks through safe design and manufacture of the device
  • Take adequate protection measures (such as including alarms) if the risks cannot be eliminated
  • Provide information for safety (warnings/precautions/contra-indications) and training to users.

Certain medical device risks may be due to device usage errors. In Annex I Chapter I, MDR clearly states that such risks can be prevented by:

  • Reducing risks related to the ergonomic features of the device and the environment in which it is intended for use
  • Consideration of technical knowledge, experience, education, training and use environment, and the medical and physical conditions of intended users

How are device risks managed?

Risk management can be considered a 5-step procedure.

Step 1: Risk management plan

All risk management activities must be planned. The risk management plan lays forth a strategy for risk management activities to be carried out throughout the product lifecycle. This plan is documented in a risk management file containing the risk management plan and a risk management report.

Step 2: Risk assessments

Risk assessments evaluate the risk identified in normal and abnormal medical device use. Normal use of a medical device is the intended application of the device following all instructions by the manufacturer. In contrast, abnormal use is when the medical device was used, violating the device instructions.

Step 3: Risk Control

Risks are controlled by implementing a risk management plan. The risk-control measures chosen must be executed, and their effectiveness must be validated. This is done for an effective quality management system.

Step 4: Evaluation of residual risks

Complete elimination of risk may not be possible all the time. Therefore, it is imperative to identify the residual risk so that small and expected rather than massive, unexpected risks.

Step 5: Risk management review

As risk management is an iterative process, reviewing the risk control measures adopted and their effectiveness is imperative. This is ensured by post-market surveillance systems, clinical evaluation, and vigilance systems. Maintaining updated risk systems and documents constitutes an effective quality management system for any medical device.


How are risks categorised?

Risks are classified based on the occurrence and severity of harm caused. The figure below is a risk matrix used to illustrate a matrix on all foreseeable risks. This is useful for evaluating residual risks posed by the medical device on the patient.

What is the EU MDR harmonized standard adopted for Risk Management?

EU MDR has adopted ISO 14971 for the Application of risk management to medical devices. This ISO standard allows manufacturers to identify hazards of a medical device and implement control measures for the same.

What is the role of Risk management in a clinical evaluation procedure?

Clinical evaluation is imperative to risk management as this allows the manufacturer to identify all possible risks associated with the device. This data can be used for the identification of safety concerns and appropriate risk management methods can be implanted. In other words, clinical evaluation is one of the inputs to risk management.

Disclaimer: Regulations/legislations are subjected to changes from time to time and the author claims no responsibility for the accuracy of information.