Risk Management in Health & Technology

Batteries fail, devices malfunction. It's the nature of technology to be imperfect. In the health industry however, malfunctions can mean more than a phone call to IT. Medical device incidents have the potential to harm the people they are meant to help. While technology has come so far in improving the quality of life for so many, it comes with its own set of unique challenges. And as we continue to innovate, we continue to learn and improve on old ideas and processes. We recognize that while imperfect, technology has the power to benefit far beyond the potential of risk, so long as we carefully evaluate those risks.


The most simple definition of risk management is the process of assessing a product's benefit/ risk balance. Does the potential benefit outweigh the potential harm? If so, how much? Because no product is perfect, and every small piece of the process and final product is subject to error, failure, or oversight. There is risk involved with even the most simple medical devices… so how do we manage and keep them to the absolute minimum?


Of course, there are processes and guidelines to be followed. The ISO 14971 outlines the risk management process and management responsibilities, and the FDA has guidelines for assessing risk as well.


  • Establish a process to manage and control the risks

  • Document your risk management process.

  • Apply your risk management process to your organization’s medical devices.

  • Maintain your risk management process for every device throughout its entire life-cycle.

  • Check whether you process complies with this standard by inspecting the appropriate documents.


So while we have a system of risk management in place, we should remember that risk management embodies our commitment to our customers and patients. Rather than a set of guidelines, this can be seen as an attitude towards quality, and towards the well being of the people using our devices. In addition to simply understanding what risk management is, we should be asking questions like how do we determine risk? What is acceptable vs. unacceptable? And how much risk is too much? To answer these questions, we have to apply the science of human factors. The FDA defines this as understanding how a device will be used, and how people will interact with the technology. Hazards that result from medical technology are generally rare and complex in nature, and therefore difficult to predict. For this reason, devices must be looked at in the contexts of the product, the user, and the environment. Risk management isn't just about the bottom line. It is a set of decisions that determine what is considered acceptable in terms of the safety of our customers. Because it is a big picture term that is linked with many definitions and applications, it's easy to forget that it is directly related to the health and well being of real people, not just numbers in statistics and reports.

When we look beyond the processes and guidelines, we realize that manufactured medical devices could end up anywhere. Our friends and families could be the ones using them, whether it be at home or in a hospital. From this perspective, we might be able to look at risk management from a more human approach. Commitment to quality is at the heart of our core values, and this means commitment to improving health and reducing harm to the best of our ability.