Lecture Two

1
?????????????Lecture Two

• ??? ???
• ?????/???
• cwlinx_at_ntu.edu.tw
• 33665272

2
Outline

• Part I. Exemplar case from novel medical device
• Part II.
• Ethics
• Safety
• Risk
• Part III.
• Accident/hazard
• Mishap
• Failure
• Reliability
• Liability

3
Part I
4
(No Transcript)
5
(No Transcript)
6
Roche Amplichip
7
iStat
 
8
(No Transcript)
9
(No Transcript)
10
(No Transcript)
11
(No Transcript)
12
Part II
13
Ethics vs. Moral

• Ethics from the Greek ethos custom. It is the
  study of right and wrong and of good and evil in
  human conduct. It often means a particular kind
  of study and use morality to refer to its subject
  matter.
• Ethics is not concerned with providing any
  judgments or specific rules for human behavior
  but rather with providing an objective analysis
  about what individuals ought to do.
• Moral from the Latin word for custom. It is the
  codes of conduct of a society. It often becomes
  part of what people believe to be right and good
  and the reasons they give for it. For example,
  tell truth, pay debt

14
Engineering Ethics.

• The development of new technologies for modern
  health care has posed new and troubling moral
  dilemmas for medical professionals, the
  biomedical engineering, and society at large.
  Therefore, we need to re-examine some of the
  moral questions related to the use of new medical
  technologies.
• The objective, however, is not to provide answers
  or recommendations for these questions. Rather,
  the intent is to demonstrate that each
  technological advance has consequences that
  affect the very core of human values.

15
IEEE Code of Ethics

• The Fundamental Principles
• Engineers uphold and advance the integrity, honor
  and dignity of the engineering profession by
• I. Using their knowledge and skill for the
  enhancement of human welfare
• II. Being honest and impartial, and serving with
  fidelity the public, their employers and clients
  and
• III. Striving to increase the competence and
  prestige of the engineering profession.

16
The Fundamental Canons

• 1. Engineers shall hold paramount the safety,
  health and welfare of the public in the
  performance of their professional duties.
• 2. Engineers shall perform services only in the
  areas of their competence.
• 3. Engineers shall continue their professional
  development throughout their careers and shall
  provide opportunities for the professional and
  ethical development of those engineers under
  their supervision.
• 4. Engineers shall act in professional matters
  for each employer or client as faithful agents or
  trustees, and shall avoid conflicts of interest
  or the appearance of conflicts of interest.
• 5. Engineers shall build their professional
  reputation on the merit of their services and
  shall not compete unfairly with others.
• 6. Engineers shall associate only with reputable
  persons or organizations.
• 7. Engineers shall issue public statements only
  in an objective and truthful manner.
• 8. Engineers shall consider environmental impact
  in the performance of their professional duties.

17

• We, the members of the IEEE, in recognition of
  the importance of our technologies affecting the
  quality of life throughout the world, and in
  accepting a personal obligation to our
  profession, its members and the communities we
  serve, do hereby commit ourselves to the highest
  ethical and professional conduct and agree
• to accept responsibility in making engineering
  decisions consistent with the safety, health and
  welfare of the public, and to disclose promptly
  factors that might endanger the public or the
  environment
• to avoid real or perceived conflicts of interest
  whenever possible, and to disclose them to
  affected parties when they do exist
• to be honest and realistic in stating claims or
  estimates based on available data
• to reject bribery in all its forms
• to improve the understanding of technology, its
  appropriate application, and potential
  consequences
• to maintain and improve our technical competence
  and to undertake technological tasks for others
  only if qualified by training or experience, or
  after full disclosure of pertinent limitations
• to seek, accept, and offer honest criticism of
  technical work, to acknowledge and correct
  errors, and to credit properly the contributions
  of others
• to treat fairly all persons regardless of such
  factors as race, religion, gender, disability,
  age, or national origin
• to avoid injuring others, their property,
  reputation, or employment by false or malicious
  action
• to assist colleagues and co-workers in their
  professional development and to support them in
  following this code of ethics.

18
The Belmont Report

• Basic Ethical Principles
• Respect for Persons
• Individual autonomy
• Protection of individuals with reduced autonomy
• Beneficence
• Maximize benefits and minimize harms
• Justice
• Equitable distribution of research costs and
  benefits

Source Melody Lin, Ph.D.
19
IRB Decision Matrix
BENEFICENCE Risk/Benefit Analysis Experimental
Design Qualifications of PI
JUSTICE Subject Selection Inclusion/Exclusion
Recruitment
RESPECT FOR PERSONS
Informed Consent Surrogate Consent Assent
Protection of Subjects (especially vulnerable
population)
Source Melody Lin, Ph.D.
20
Basic Protections

• The regulations contain three basic protections
  for human subjects
• Institutional Assurances not FDA
• IRB Review
• Informed Consent

Source Melody Lin, Ph.D.
21
Assurances

• The institution must certify that the research
  has been reviewed and approved by an IRB45 CFR
  46.103(b)
• Submitted to funding agency

Source Melody Lin, Ph.D.
22
Institutional Review Board (IRB)

• Membership
• At least five members of varying backgrounds
• Sufficiently qualified
• Not solely of one profession
• Gender diversity
• At least one non-scientist
• At least one non-affiliated member
• Expertise on vulnerable populations
• Outside consultants

Source Melody Lin, Ph.D.
23
Criteria for IRB Approval

• Risks to subjects are minimized
• Risks are reasonable in relation to anticipated
  benefits
• Selection of subjects is equitable
• Informed consent is sought from each subject
• Informed consent is appropriately
  documented continued

24
Criteria for IRB Approval

• When appropriate
• data collection is monitored to ensure subject
  safety
• privacy and confidentiality of subjects is
  protected
• additional safeguards are included for vulnerable
  populations

25
IRB Responsibilities

• Identify Risks
• Determine that risks are minimized
• Determine that risks to subjects are reasonable
  in relation to anticipated benefits
• Determine that subjects are adequately informed
  about any reasonably foreseeable risks or
  discomforts

26
Informed consent

• It is considered to be the most important moral
  issue in human experimentation. It is an attempt
  to preserve the rights of individuals by giving
  them the opportunity for self-determination to
  participate in any experimental effort.

27
Definitions

• Risk The probability of harm or injury
  (physical, psychological, social, or economic)
  occurring as a result of participation in a
  research study. Both the probability and
  magnitude of possible harm may vary from minimal
  to significant. Federal regulations define only
  "minimal risk."

28
Definitions

• Minimal Risk A risk is minimal where the
  probability and magnitude of harm or discomfort
  anticipated in the proposed research are not
  greater, in and of themselves, than those
  ordinarily encountered in daily life or during
  the performance of routine physical or
  psychological examinations or tests

29
IRB Responsibilities

• Identify Risks
• Determine that risks are minimized
• Determine that risks to subjects are reasonable
  in relation to anticipated benefits
• Determine that subjects are adequately informed
  about any reasonably foreseeable risks or
  discomforts

30
Identifying Risks

• Types of Risk
• Physical Harms
• Psychological Harms
• Social and Economic Harms

31
Identifying Risks

• Physical Harm
• Pain, discomfort, injury or loss of function
• Direct result of procedure or side effect
• Permanent or transitory

32
Identifying Risks

• Psychological Harm
• Change in thought processes or emotional state
• Emotional Distress
• Psychological Trauma
• Invasion of Privacy

33
Identifying Risks

• Social or Economic Harm
• Embarrassment
• Loss of Social Status
• Loss of Employment
• Loss of Insurability

34
Identifying Risks

• Primary source of social harm results from a
  breach of confidentiality.
• Confidentiality and anonymity are not the same
• Names are not the only identifiers
• Subjects participation in the research may need
  to be kept confidential as well as their data

35
Identifying Risks

• Social and Psychological harms are real harms
• All research interactions, including biomedical
  research, are social interactions with social and
  psychological implications

36
Identifying Risks

• IRBs should not rely on investigators to
  identify risks
• IRBs should do an independent analysis of risk

37
Minimizing Risk

• Three ways to minimize risk
• Precautions
• Safeguards
• Alternatives

38
Risk/Benefit

• Two kinds of benefits to subjects and to society
• Evaluation of Risk/Benefit ratio is subjective
  judgment
• Risks often underestimated and benefits
  overestimated
• Should take into account different subject
  populations and individual differences among
  subjects

39
Safety is not an option for medical products

• It is a must in designing and developing a
  medical device.
• Due to the lag of applicable standards to the
  state of art, merely complying with the
  applicable standards is not enough to assure a
  safe and effective device.
• Firms that are successful in the marketplace and
  the courtroom, however, are the ones that
  intentionally exceed safety and performance
  standards in their quest for safe, effective, and
  reliable devices.

40
Considerations of safety

• Risk assessment
• What failure could cause harm to the patient or
  user?
• What misuse of the device could cause harm?
• These failures must be analyzed using such
  methods as fault tree analysis or failure mode
  analysis and must be designed out of the device.
• Liability assessment
• Have all possible failure modes been explored and
  designed out?
• Have all possible misuse situations been
  addressed?
• Court cases have special punitive judgments for
  companies that have knowledge about an unsafe
  condition and do nothing about it.

41
Definition of Safety

• freedom from accidents or losses, or
• a judgment of the acceptability of risk, with
  risk, in turn, as a measure of the probability
  and severity of harm to human health.
• Based on the argument that there is no such thing
  as absolute safety, and therefore safety should
  be defined in terms of acceptable losses.
• This definition of safety implies that hazards
  cannot be eliminated, when they often can.
• So, "How safe is safe enough?" has no simple
  answer.

42
Accident Mishap

• An accident is traditionally defined by safety
  engineers as an unwanted and unexpected release
  of energy.
• The term mishap is often used to denote an
  unplanned event or series of events that result
  in death, injury, occupational illness, damage to
  or loss of equipment or property, or
  environmental harm. Thus, the term mishap
  includes both accidents and harmful exposures.

43
How do engineers deal with safety problems?

• The earliest approach to safety, called
  operational or industrial safety, involves
  examining the system during its operational life
  and correcting what are deemed to be unacceptable
  hazards. In this approach, accidents are
  examined, the causes determined, and corrective
  action initiated. In some complex systems,
  however, a single accident can involve such a
  great loss as to be unacceptable. The goal of
  system safety is to design an acceptable safety
  level into the system before actual production or
  operation.
• System safety engineering attempts to optimize
  safety by applying scientific and engineering
  principles to identify and control hazards
  through analysis, design, and management
  procedures.

44
Safety

• A safe system is one that does not incur too much
  risk to persons or equipment.
• A risk is an event or condition that can occur,
  but is undesirable. Risk is measured both in
  terms of severity and probability.
• Safety only concerns itself with failures that
  introduce hazards.
• The probability of failure of a device to meet
  its requirements defines its reliability.
• Safety takes a broader view - The concept of
  safety is not defined in terms of meeting
  requirements, but on a level of risk.

45
System Safety

• Every system, no matter how complex it is, should
  be fail-safe, that is, it should be designed to
  fail into a safe and harmless state.
• A very important part of the design process is
  identifying the safe states. It includes hardware
  and software safety.
• EX.1 A radiation therapy machine is in a safe
  state when the beam is turned off and all motions
  are stopped.
• Ex. 2 An automatic drug infusing device is in a
  safe state when the infusion is stopped or,
  depending on the drug, when the infusion rate is
  at some constant, low value.

46
Verification for Safety

• A proof of safety involves a choice or
  combination of
• 1) showing that a fault cannot occur, that is,
  the device cannot get into an unsafe state,
• 2) showing that if a fault occurs, it is not
  dangerous.
• It has been argued that verification systems that
  prove the correspondence of devices to concrete
  specifications are only fragments of verification
  systems - Verification systems must capture the
  semantics of the hardware, the software code, and
  the system behavior.

47
Effective Safety Program

• Any effective safety program requires procedures
  and expertise in formal hazard identification and
  analysis techniques.
• A truly effective safety program includes
  implementation of internal hazard analysis
  procedures, a firm grasp of regulatory and other
  standards, and an awareness of the current
  industry practices regarding safety controls.
• Such programs consume considerable time and
  resources, but failing to make the investment
  increases the risk of product recalls for medical
  device manufacturers.
• Safety analysis begins when the project is
  conceived and continues throughout the product
  development life cycle.

48
Safety Analysis Program

• Due to the variety of medical devices with many
  degrees of complexity, the following should be
  included in a safety analysis program
• Safety review personnel must have a thorough
  understanding of the operation of the device.
  Personnel should review pertinent documentation,
  such as drawings, test reports, and manuals prior
  to the analysis.
• Make a representative device available for the
  review. It will be subject to disassembly.
• Use a checklist for the analysis especially
  prepared for the particular device.
• Address all areas of concern immediately. Safety
  release is not granted until the device has no
  apparent areas of concern.
• Safety release the device via a release letter
  only after all areas of concern are addressed.
• Retain the checklist and release letter as part
  of the Product file.

(From Fries, 1991)
49
Part III
50
Use related Hazard
51
Medical Device Use-SafetyIncorporating Human
Factors Engineeringinto Risk ManagementIdentifyi
ng, Understanding, and Addressing Use-Related
Hazards

• Guidance for Industry and FDA Premarketand
  Design Control Reviewers,
• FDA CDRH, 2000
• http//www.fda.gov/cdrh/humanfactors/index.html

52
Use-related hazards

• occur for one or more of the following reasons
• Devices are used in ways that were not
  anticipated,
• Devices are used in ways that were anticipated,
  but inadequately controlled for,
• Device use requires physical, perceptual, or
  cognitive abilities that exceed those of the
  user,
• Device use is inconsistent with users
  expectations or intuition about device operation,
  
• The use environment effects device operation and
  this effect is not understood by the user, or
• The users physical, perceptual, or cognitive
  capacities are exceeded when using the device in
  a particular environment.

53
Risk Management Activities and Associated HFE
Approaches
5.1 Device Use Description
54
Hazard

• A hazard is a potential source of harm.
• Hazards arise in the use of medical devices due
  to the inherent risk of medical treatment, from
  device failures (or malfunctions), and from
  device use.
• Hazards resulting from medical devices impact
  patients, family members, and professional
  healthcare providers.
• Hazards typically considered in risk analysis
  include
• Chemical hazards (e.g., toxic chemicals),
• Mechanical hazards (e.g., kinetic or potential
  energy from a moving object),
• Thermal hazards (e.g., high temperature
  components),
• Electrical hazards (e.g., electrical shock,
  electromagnetic interference (EMI)),
• Radiation hazards (e.g., ionizing and
  non-ionizing), and
• Biological hazards (e.g., allergic reactions,
  bio-incompatibility, and infection).

55
Sample flowchart showing risk management of
identified hazards
56
HAZARD ANALYSIS

• Even before a final design has been developed, a
  preliminary hazard analysis can be conducted to
  establish the baseline hazards associated with a
  device. In essence, the analysis consists of
  listing the major components and operating
  requirements of the device and evaluating their
  potential hazards.
• The goal is to eliminate all high-severity
  hazards and reduce as many medium- and
  low-severity hazards as possible.
• The components and operating requirements could
  include raw materials and wastes, hardware,
  monitoring and control systems, human-device
  interfaces, services, and the operating
  environment.

57
HAZARD ANALYSIS

• Some potential hazards that may need to be
  evaluated include toxicity, flammability, and
  reactivity of raw materials and wastes
  sensitivity to environmental factors such as
  temperature and humidity mechanical or
  electronic hazards and human factors associated
  with the operator-device interface.
• The patient-device interface can also be
  hazardous because of unsafe or ineffective
  delivery of energy, administration of drugs, or
  control of life-sustaining functions. Also,
  incorrect information could lead to a
  misdiagnosis or wrong treatment or therapy being
  ordered.

58
Any item falling into high risk categories (A or
B) should be redesigned.
59
Failure Mode and Effects Analysis (FMEA)

• When a device contains many mechanical
  components, an FMEA should be considered.
  However, an FMEA is time-consuming and is
  generally applied only to Class III devices or to
  the safety critical portions of devices. For
  those devices that contain many electrical
  components, an FMEA is also a desirable
  methodology. This is another bottom-up approach
  that focuses on a particular component of a
  medical device and explores the various failure
  modes that can occur. For each failure mode that
  results in an undesirable consequence, potential
  causes and existing controls are evaluated, and
  the level of risk can be determined by using a
  risk matrix.

60
Fault tree analysis FTA
Figure A partial fault tree analysis for a
pacemaker.
fault trees are generally best used to compare
risks of various alternatives.
61
FTA

• FTA is being used by pacemaker manufacturers
  based on FDA guidance for software aspects of
  510(k) notification submissions for medical
  devices. Other computer-controlled medical
  devices will also need to be reviewed using FTA
  as a primary risk analysis tool.

62

• For mechanical devices that are used away from
  the patient, such as plasma and blood viral
  inactivation devices, as well as devices for
  preparing intravenous solutions, an FMEA is a
  reasonable choice. However, for associated
  activities such as preparation of disposables,
  which are manual operations, a what-if approach
  is preferred.

63
Failure and Reliability

• The term failure refers to the degradation of the
  performance of a device outside a specified
  value.
• The measure of a devices reliability is the
  infrequency of failure over time.

64
Definition of Failure

• The nonperformance or inability of a component or
  systems to perform its intended function for a
  specified time under specified environmental
  condition. It must always related to a measurable
  parameter or a clear indication.
• If there are no definitions for its normal
  functions, there will be no failure.
• It works under specific environmental conditions,
  temperature, lighting, ambient noise, stress
  level of operator, interference.
• It happens as an event or behavior that occurs at
  a particular instant in time. Failure may be
  intermittent, degradation after a long period
  time, drift.
• Failures in components or devices are usually
  listed in terms of a failure rate. The failure
  rate of a component or device is the probability
  of a failure per unit of time for the items still
  functioning.

65
The practical aspects of Failures

• Failure is a fact of life. No device or component
  will ever have a perfect reliability. Therefore,
  we must learn to anticipate failure, take steps
  to minimize their occurrence, and optimize the
  operation of the device or component.
• When developing a medical device, it is of utmost
  importance to design the device to operate
  according to spec, without failure, for a maximum
  period of time.
• To do this, failure must be analyzed as to
  whether its occurrence will allow the device to
  keep operating at a safe level, or whether the
  device should be shut down to avoid potential
  harm to the patient, user, or the machine.

66
MD related failures

• Hardware Failure
• One group of failure particular to hardware is
  the time related failure. Time related failure
  may be classified into three groups early
  failure, chance or random failure and wearout
  failure.
• Software Failure
• Due to no time-related degradation in software,
  therefore, the causes of software failure are
  significantly different from those of hardware
  components. There are four basic causes of
  software failure specification errors, design
  errors, typographical errors and omissions of
  symbols.
• Failures Due to Human Error
• Since it is impossible to anticipate all
  contingencies, which might cause failure, the
  best that can be done is to review all the
  procedural controls initially and modify them as
  their inadequacies become known. The only way to
  do the latter is to insist that all human errors
  be reported and prevent the natural tendency to
  relax once the design part of the problem appears
  close to solution.

67
The Definition of Reliability

• the probability, at a desired confidence level,
  that a device will perform a required function,
  without failure, under stated conditions, for a
  specified period of time.- IEEE Standard
  Glossary
• required function the function must have been
  established through such activities as customer
  and/or market surveys.
• to perform without failure the normal operation
  of the device must be defined, in order to
  establish what a failure is.
• to perform under stated conditions the
  environment in which the device will operate must
  be specified.
• to operate for a specified period of time the
  life expectancy of the device must be defined as
  well as the typical daily usage.

68
Types of Reliability

• Electronic reliability
• Infant Mortality
• Useful Life
• Wearout
• Mechanical reliability
• Aging
• Software reliability.

69
Quality vs. Reliability

• The term quality is defined in ISO 8402 as the
  totality of features or characteristics of a
  product or service that bear on its ability to
  satisfy stated or implied needs.
• The definition refers to this totality at a
  particular instant of time.
• Thus, we may speak of the quality of a component
  at incoming inspection, the quality of a
  subassembly in manufacturing testing, or the
  quality of a device at setup.
• Reliability, on the other hand is quality over a
  specific time period, such as the five year
  expected life of a device or an eight hour
  operation. It has been described as the science
  of estimating, controlling and managing the
  probability of failure over time.

70
Reliability's Effect on Medical Devices

• Subjecting a medical device to a reliability
  program provides a structured approach to the
  product development process. It provides
  techniques that improve the quality of the device
  over a period of time as well as reduce
  development and redevelopment time and cost.
• It also assures regulatory requirements are
  satisfied and gives confidence that regulatory
  inspections will produce no major discrepancies.
• Reliability techniques also reduce the risk of
  liability by assuring safety has been the primary
  concern during the design and development
  process.
• Most importantly, the inclusion of reliability
  gives development personnel a feeling of
  confidence that they have optimized the design to
  produce a device that is safe and effective for
  its intended use and will remain that way for a
  long period of time.

71
Reliability Assurance

• Reliability Assurance is the science that
  provides the theoretical and practical tools
  whereby the functionality of a component or
  device may be evaluated with a certain
  confidence.
• Establishing reliability in design by use of
  failure-free or failure-tolerant principles
• Verifying reliability by well-designed test
  procedures
• Producing reliability by proper manufacturing
  processes
• Assuring reliability by good quality control and
  inspection
• Maintaining reliability by proper packaging and
  shipping practices
• Assuring operational reliability by proper field
  service and appropriate operations and
  maintenance manuals
• Improving reliability throughout the life of the
  device by information feedback on field problems
  and a system to address these issues.
• These functions of Reliability Assurance form a
  structured approach to the life cycle of a
  medical device.

72

• A significant risk device is a device that
  presents a potential for serious risk to the
  health, safety, or welfare of a subject and
• 1) is intended as an implant,
• 2) is used in supporting or sustaining human
  life, and/or
• 3) is of substantial importance in diagnosing,
  curing, mitigating, or treating disease or
  otherwise preventing impairment of human health.

73
Liability

• Limiting legal liability is one of the goals of
  system safety.
• The three most common theories of liability for
  which a manufacturer may be held liable for
  personal injury caused by its product are
• Negligence Under the theory of negligence, a
  manufacturer that does not exercise reasonable
  care or fails to meet a reasonable standard of
  care in the manufacture, handling, or
  distribution of a product may be liable for any
  damages caused.
• Strict liability the critical focus in a strict
  liability case is on whether the product is
  defective and unreasonably dangerous.
• Breach of warranty

74
Discussion cases take home

• Role playing of manufacturer and gatekeeper
• Tissue adhesive
• Intermil
• Brain ?
• Oral protective agent
• Rincinol
• Implantable drug delivery system

75
Thanks for your attentions!