R-TF-013-003 Risk management report
Intended use and identification of the qualitative and quantitative characteristics
The following questions, extracted from Annex A.2 of UNE-CEN ISO/TR 24971:2020, help us identifying all the characteristics of the medical device manufactured that could affect its safety and performance. The list is neither exhaustive nor representative and must be appropriate to the medical device in question, and we will skip the questions that are not relevant to it.
| # | Characteristics of the medical device that could affect safety | Applicable? | Justification | Section of the risk analysis where have been evaluated & risk identify |
|---|---|---|---|---|
| 1 | What is the intended use and how is the medical device to be used? | TRUE | The intended purpose is to support clinicians during the dermatosis diagnosis process, through the medical information provided by the device as a result of skin structure image processing and analysis. This process contributes indirectly to a faster, more efficient and affordable diagnosis, and to more continuous and objective monitoring of the severity of the condition, especially in what regarding telemedicine. | Product and requirements. Risks 1, 2, 3, 4, 11, 13, 16, 24, 31, 36. |
| 2 | Is the medical device intended to be implanted? | FALSE | ||
| 3 | Is the medical device intended to be in contact with the patient or other persons? | FALSE | ||
| 4 | What materials or components are utilized in the medical device or are used with, or are in contact with, the medical device? | FALSE | ||
| 5 | Is energy delivered to or extracted from the patient? | FALSE | ||
| 6 | Are substances delivered to or extracted from the patient? | FALSE | ||
| 7 | Are biological materials processed by the medical device for subsequent reuse, transfusion or transplantation? | FALSE | ||
| 8 | Is the medical device supplied sterile or intended to be sterilized by the user, or are other microbiological controls applicable? | FALSE | ||
| 9 | Is the medical device intended to be routinely cleaned and disinfected by the user? | FALSE | ||
| 10 | Does the medical device modify the patient environment? | FALSE | ||
| 11 | Are measurements taken? | FALSE | ||
| 12 | Is the medical device interpretative? | FALSE | ||
| 13 | Is the medical device intended for use in conjunction with other medical devices, medicines or other medical technologies? | FALSE | ||
| 14 | Are there unwanted outputs of energy or substances? | FALSE | ||
| 15 | Is the medical device susceptible to environmental influences? | FALSE | ||
| 16 | Does the medical device influence the environment? | FALSE | ||
| 17 | Does the medical device require consumables or accessories? | TRUE | The device is a standalone software (API rest) that requires to be integrated into the user servers. | Product and requirements. Risks 1, 2, 3, 4, 11, 13, 16, 19, 31, 36. |
| 18 | Is maintenance or calibration necessary? | TRUE | Maintenance activities on the Application Programming Interface (API) are performed on a yearly basis. | Risks 48, 49, 50 |
| 19 | Does the medical device contain software? | TRUE | The device is a standalone software, more precisely is an API (Automatic Programming interface) | Essential requirements. Risk 20 |
| 20 | Does the medical device allow access to information? | TRUE | The device allows the users to collect the results of the images' analysis and it also allows to check previous results to ensure the proper monitoring of the condition | Product and infrastructure. Risks 5, 6, 7, 8, 14, 15. |
| 21 | Does the medical device store data critical to patient care? | TRUE | The device stores anonymous data: images of the conditions and optionally gender, heigth, weigth and birthday. | Requirements. Risks 26, 29. |
| 22 | Does the medical device have a restricted shelf life? | FALSE | Given the nature of the product (API), it has no shelf life limitation. | Requirements. Risk 51 |
| 23 | Are there any delayed or long-term use effects? | FALSE | ||
| 24 | To what mechanical forces will the medical device be subjected? | FALSE | ||
| 25 | What determines the lifetime of the medical device? | FALSE | Given the nature of the product (API), it has no lifetime limitation. | Requirements. Risk 51 |
| 26 | Is the medical device intended for single use? | FALSE | ||
| 27 | Is safe decommissioning or disposal of the medical device necessary? | FALSE | ||
| 28 | Does the installation or use of the medical device require special training or special skills? | TRUE | Our medical devices require a team of IT experts on the customer side or to contract our services to perform the integration into user's softwares. | Product integration. Risks 19, 36. |
| 29 | How will information for safety be provided? | TRUE | Safety information is shared with the customers through the IFU | Requirements. Risk 28 |
| 30 | Are new manufacturing processes established or introduced? | TRUE | We introduce software artificial intelligence manufacturing process | Requirements. Risk 52 |
| 31 | Is successful application of the medical device dependent on the usability of the user interface? | TRUE | The device is integrated via API into third party softwares, which means that interaction with the medical device capabilities happens programmatically: server-to-server. | Product integration. Risks 1, 2, 3, 4, 11, 13, 31 |
| 31.1 | Can the user interface design features contribute to use error? | FALSE | The application programming interface (API) has been designed to avoid use error. | Product. Risks 1, 2, 3, 4, 22 |
| 31.2 | Is the medical device used in an environment where distractions can cause use error? | FALSE | No, because of its asynchronous nature. The operation of the device does not require real time interactions. The user submits a picture and receives a report that is static, not requiring actions. Its not interactive. | |
| 31.3 | Does the medical device have connecting parts or accessories? | TRUE | Mainly three types of accessories: 1) image capture devices, such as smartphones, 2) browsing devices, such as computers, and 3) User interface to visualise the report. The first two are hardware, whlist the other is software | Requirements. Risk 25 |
| 31.4 | Does the medical device have a control interface? | FALSE | The device is used through an API (Application Programming Interface). This means that the interface is coded, and used programatically, without a user interface. | |
| 31.5 | Does the medical device display information? | FALSE | Not to the user, the medical device returns the image analysis results in a json format that is read programmatically. | Product integration. Risks 1, 2, 3, 4, 31, 36. |
| 31.6 | Is the medical device controlled by a menu? | FALSE | The device is used through an API (Application Programming Interface). This means that the interface is coded, and used programatically, without a user interface. | Product integration. Risks 1, 2, 3, 4, 11, 13, 19, 31, 36. |
| 31.7 | Is the successful use of the medical device dependent on a user's knowledge, skills and abilities? | TRUE | It depends on two kinds of users: The technicians that integrate the device into their system, that must have the knowledge to do it The health care practitioners that must have been trained on its usage | Product and training. Risks 17, 18, 19, 36, 41 |
| 31.8 | Will the medical device be used by persons with special needs? | FALSE | ||
| 31.9 | Can the user interface be used to initiate unauthorised actions? | FALSE | Only the authorized computer has the API key, and the API key has been delivered securely following our GP-011 Provision of service. | Data privacy requirements. Risks 26, 29. |
| 32 | Does the medical device include an alarm system? | TRUE | The device send alerts to the user when there is any problem with the communication between the device and the user end. | Infrastructure. Risks 11, 12, 13, 14, 15. |
| 33 | In what ways could the medical device be misused (deliberately or not)? | TRUE | Due to security issues, such as API key sharing, and due to technical issues, such as wrong images formats or resolution. | Requirements and product. Risks 9, 26, 30, 40, 41, 54. |
| 34 | Is the medical device intended to be mobile or portable? | FALSE | The device is used through an API (Application Programming Interface). This means that the interface is coded, and used programatically, without a user interface. | |
| 35 | Does the use of the medical device depend on essential performance? | FALSE | It is a clinical decision support tool and because it is a software that doesn't interact with patients directly. | |
| 36 | Does the medical device have a degree of autonomy? | TRUE | Low degree of autonomy. The device has the autonomy to analyze the images received and export the analysis results when receiving the order to do so. | Requirements and product. Risks 9, 14, 34, 35, 54. |
| 37 | Does the medical device produce an output that is used as an input in determining clinical action? | TRUE | The device provides the practitioner with images data analysis results that can be used for the triage and diagnosis, treatment and follow up of the patients conditions. | Product and requirements. Risks 5, 6, 7, 24. |
List of generic hazards applicable to this product family
| Associated with energy sources | Applicable | Justification |
|---|---|---|
| Electricity | FALSE | |
| Heat, surface temperature | FALSE | |
| Mechanical strength | FALSE | |
| Ionizing radiation | FALSE | |
| Electromagnetic fields | FALSE | |
| Moving parts (motorized) | FALSE | |
| Suspended masses | FALSE | |
| Failure of patient support system | FALSE | |
| Pressure | FALSE | |
| Sound pressure (noise) | FALSE | |
| Vibrations | FALSE | |
| Magnetic fields | FALSE |
| Biological | Applicable | Justification |
|---|---|---|
| Biological overload | FALSE | |
| Incorrect release of substances or energy | FALSE | |
| Incorrect formulation (chemical composition) | FALSE | |
| Biocompatibility and toxicity | FALSE | |
| Infection and biological contamination | FALSE | |
| Difficulty in maintaining hygienic safety | FALSE | |
| Degradation | FALSE |
| Associated with the environment | Applicable | Justification |
|---|---|---|
| Electromagnetic interference | FALSE | |
| Inadequate supply of energy or cold | FALSE | |
| Restriction of ventilation, perspiration | FALSE | |
| Probability of operation in adverse environmental conditions | FALSE | |
| Incompatibility with other devices | TRUE | The requirements of the user end are defined at the IFU to ensure the proper operating of the device |
| Accidental mechanical damage to the product | FALSE | |
| Pollution (waste and removal) | FALSE | |
| Corrosion | FALSE | |
| Flammability | FALSE |
| Relative to the use of the product | Applicable | Justification |
|---|---|---|
| Inadequate labelling | TRUE | We have designed the proper labelling according to requirements and the nature of our product as it is recommended at the MDR 2017/745 Annex I Chapter III section 23 and the Annex 6 part C section 6.5 for the software as medical devices |
| Inadequate instructions for use | TRUE | We have designed the IFU according to requirements and the nature of our product as it is recommended at the MDR 2017/745 Annex I Chapter III section 23 |
| Inadequate specification of accessories | TRUE | We have designed the IFU according to requirements and the nature of our product as it is recommended at the MDR 2017/745 Annex I Chapter III section 23, including the medical device's accessories specifications requirements. |
| Inadequate specification of pre-use checks | FALSE | |
| Complicated instructions for use | TRUE | We have designed and written the IFU in a friendly, intuitive and simplified version to allow their proper usage. |
| Instructions for use not available or separate from the product | TRUE | As our medical device is a software, we have designed electronic IFU that are available electronically |
| Use by untrained personnel | TRUE | There are two situations: the device is used by non-HCP (health care professionas) or integrated by untrained technicians. We have included at the IFU that the intended user must be a health care professional and we only give access to health care providers. We also specify the technologies that intervene in the integration. |
| Reasonably foreseeable misuse | TRUE | We have considered all the reasonably foreseeable misuses detected, including the ones detected during our legacy device usage. |
| Inadequate warning of adverse effects | TRUE | It is not known or foreseen any undesirable side-effects specifically related to the use of the software, as it is explained at the IFU |
| Inadequate warning of possible hazards in case of reuse of single-use products | FALSE | |
| Incorrect measurement and other metrological aspects | FALSE | |
| Incorrect diagnosis | TRUE | The device must always be used for reviewing the results by a dermatologist. In the event of an incorrect diagnosis provided by the device, the specialist that review the image analysis results can validate if the result is correct, or chose the proper one from the conditions list provided and validate this new condition, to ensure the patient is properly diagnosed. |
| Wrong data transfer | TRUE | The device must be properly connected server-to-server via API REST to allow proper data transfer. We describe the procedure to connect the manufacturer organization server with the API in the IFU. |
| Misinterpretation of results | TRUE | The device must be properly integrated in the Management Organization system by trainned technicians according to our IFU. Additionally, the results shown by this system always be used for reviewing the results by a dermatologist properly trained on the device usage |
| Incompatibility with consumables, accessories or other devices | TRUE | Given the nature of our device, the compatibility with the devices that are communicating with the API are considered during the Design and Development phase and the proper advise is noted down at the IFU to ensure the users connect and integrate the device properly. |
| Forces, inadequate contact pressures | FALSE | |
| Imprisonment of parts of the human body | FALSE | |
| Non-functional edges, surfaces or cutting edges | FALSE | |
| Discomfort of use and handling (ergonomics) | FALSE |
| Associated with functional failure, maintenance and aging of the product | Applicable | Justification |
|---|---|---|
| Inadequate to the planned functions | TRUE | API maintenance is performed yearly when its validation is performed to ensure its proper operating. No additional maintenance is required. |
| Inadequate or absent maintenance specifications, including performance checks | TRUE | The device does not require any performance checks activities nor maintenance by the users, as it is specified at the IFU. |
| Inadequate maintenance | TRUE | API maintenance is performed yearly when its validation is performed to ensure its proper operating. No additional maintenance is required. |
| Absence of limitation of product lifetime | TRUE | Given the nature of the product (API), it has no lifetime limitation. |
| Loss of mechanical integrity | FALSE | |
| Inappropriate packaging (loss of sterility, contamination or deterioration of the product) | FALSE | |
| Incorrect reuse | FALSE | |
| Cutting edges due to breakage | FALSE |
Benefit-risk ratio acceptability
The benefit-risk analysis is based on individual and global risks considerations:
Individual
When a risk is evaluated as AFAP and no further actions can be implemented, it requires a benefit-risk analysis. The following risks have been evaluated as "AFAP":
| # | Hazard | Hazardous situation |
|---|---|---|
| 5 | Incorrect clinical information | The care provider receives into their system data that is erroneous |
| 6 | Incorrect diagnosis or follow up | The medical device outputs a wrong result to the HCP |
| 9 | Image artefacts/resolution | The medical device receives an input that does not have sufficient quality in a way that affects it performance |
| 11 | Data transmission failure from care provider's system | The care provider's system cannot connect to the device to send data |
| 12 | Data input failure | The medical device cannot receive data from care providers |
| 13 | Data accessibility failure | The care provider cannot receive data from the medical device |
| 14 | Data transmission failure | The medical device cannot send data to care providers |
| 30 | The user is unable to provide adequate lighting conditions | The medical device receives an input that does not have sufficient quality |
Control state of the risks
Risk control measures have been implemented for all risks identified in the R-TF-013-002 Risk Management Record_2023_001 and the current state of risks control verifies that ALL FORESEEABLE RISKS ARE CONTROLLED AND MITIGATED according to R-TF-013-002 Risk Management Record_2023_001.
The resulting individual residual risks are classified as:
Acceptable: when mitigation measures have been implemented and no further actions are required for the safe use of the deviceAFAP(as far as possible): when mitigation measures have been implemented and an individual benefit-risk analysis is required.
The individual benefit/risk analysis for AFAP risks is conducted as specified in the internal procedure GP-013 - Risk management, and it is confirmed by the benefit/risk ratio analysis performed below and confirmed and documented at the R-TF-015-003 Clinical evaluation report (CER). All AFAP risks are currently controlled, but PMS and PMCF data will confirm a minimization.
| # | Hazard | Hazardous situation | Benefit-risk analysis |
|---|---|---|---|
| 5 | Incorrect clinical information | The care provider receives into their system data that is erroneous | Benefits outweigh the risks |
| 6 | Incorrect diagnosis or follow up | The medical device outputs a wrong result to the HCP | Benefits outweigh the risks |
| 9 | Image artefacts/resolution | The medical device receives an input that does not have sufficient quality in a way that affects it performance | Benefits outweigh the risks |
| 11 | Data transmission failure from care provider's system | The care provider's system cannot connect to the device to send data | Benefits outweigh the risks |
| 12 | Data input failure | The medical device cannot receive data from care providers | Benefits outweigh the risks |
| 13 | Data accessibility failure | The care provider cannot receive data from the medical device | Benefits outweigh the risks |
| 14 | Data transmission failure | The medical device cannot send data to care providers | Benefits outweigh the risks |
| 30 | The user is unable to provide adequate lighting conditions | The medical device receives an input that does not have sufficient quality | Benefits outweigh the risks |
Global
It is assessed in consideration of the product features and its R-TF-015-003 Clinical evaluation report (CER). Global benefit/risk ratio is acceptable, according to the CER conclusions:
Benefits
Clinical advantages
The device offers precision in analyzing skin structures, contributing significantly to improve clinical outcomes. The non-invasive nature of the device ensures patient safety while providing healthcare practitioners with a wealth of data to aid in their clinical evaluations.
Efficiency and workflow improvement
By seamlessly integrating into existing healthcare workflows, the device enhances operational efficiency, reduces patient wait times, and optimizes resource utilization within healthcare organizations.
Support for longitudinal monitoring
The ability to track the progression of skin conditions over time allows for more personalized and effective patient care, as well as providing invaluable data for long-term clinical studies.
Preliminary diagnostic assistance
Our device offers preliminary interpretative distribution representation of possible ICD classes, aiding in the initial stages of patient evaluation and contributing to a more streamlined diagnostic process.
Risks and undesirable side-effects
While the device presents clinical benefits, it is crucial to remain cognizant of potential risks and undesirable side-effects.
Data privacy and security
As a software device handling sensitive patient data, ensuring the utmost data privacy and security is paramount. Any breach or misuse of data could have severe implications for patient privacy and trust in the device.
Over-reliance on the device
There is a potential risk of healthcare practitioners becoming overly reliant on the device, potentially neglecting other crucial aspects of patient evaluation. It is vital to reinforce that our device is intended to be an aid in the clinical decision-making process, not a replacement.
Misinterpretation of data
The risk of misinterpretation, which could lead to incorrect clinical decisions, has been mitigated by designing the endpoints of the device in accordance with the FHIR interoperability standard and by providing detailed IFU to ensure correct interpretation and application of data. Despite these control measures, the risk of data misinterpretation warrants continuous monitoring. Therefore, it is recommended that this hazard be reviewed and assessed continuously during the post-market surveillance phase to ensure ongoing safety and effectiveness of the device.
Acceptability of Benefit-Risk ratio
Criteria for acceptance
Our acceptable benefit-risk profile hinges on the device demonstrating clear clinical advantages, efficiency improvements, and support for longitudinal monitoring, with minimal risks associated with data security, over-reliance, and data misinterpretation.
- Clinical safety: No adverse effects should be found in preclinical data evaluation, and a positive impact on algorithm performance and user feedback should be evident (as per PMCF activities 2 and 4).
- Literature support: Current literature should support the use of AI in the manufacturing process, highlighting the clinical benefits and advantages over existing alternatives.
- Risk management: A comprehensive risk management plan (
GP-013 Risk management) is in place, ensuring all known and foreseeable risks are evaluated and mitigated.
Target populations and clinical contexts
The device is designed for use across all age groups, skin types, and demographics, ensuring wide applicability. It is imperative that the benefits and risks are carefully weighed in these diverse clinical scenarios to maintain a favorable benefit-risk ratio.
Professional opinions and unmet medical needs
Diverging opinions among healthcare professionals regarding the use of computational devices in clinical settings necessitate clear communication of the device's benefits and limitations. Addressing unmet medical needs, particularly in the realm of dermatological assessment, remains a top priority.
Overall residual risk
In conclusion, our computational medical device presents a highly favorable and acceptable benefit-risk ratio, with its myriad of clinical benefits significantly outweighing the potential risks and undesirable side-effects. Continuous monitoring during the post-market phase, proper customer support, and adherence to data privacy and security protocols are essential to maintaining this balance and ensuring the ongoing safety and efficacy of the device.
Risk management review
The risk management process has been reviewed according to GP-013 Risk management procedure before the device commercialization, guaranteeing that:
- The
R-TF-013-001 Risk Management Planhas been appropriately executed. - The overall residual risk is acceptable.
- Appropriate methods are in place to collect and review relevant production and post-production information.
Record signature meaning
- Author: JD-004
- Reviewer: JD-003
- Approval: JD-005