Marc Miller01.23.08
Cave Paintings, Black Swans and Standards: Practitioners’ Perspectives on Risk Management
By Marc Miller
Among the famous Lascaux cave paintings is a well-known rendering sometimes referred to as the “Scene of the Dead Man.” In it, a prehistoric hunter topples over backwards—evidently gored to death by a bison. An evocative image, this may be the first recorded adverse event—an early failure in risk management.
Interestingly, the concept of risk illustrated by the Lascaux artist some 15,000 years ago is exactly the same as we face today. In fact, ISO 14971 (the risk management standard for medical device companies and their suppliers) defines risk as:
a) the probability of the occurrence of harm, that is, how often the harm may occur
b) the consequences of that harm, that is, how severe it might be
Clearly, stalking a wild bison (a potential harm) has put our hunter directly in harm’s way. Based on evidence, the consequences of this harm are severe. Therefore, we can state with some confidence that prehistoric bison hunting gave rise to a relatively hazardous situation. The rituals that presumably took place in the Lascaux caves formed the earliest attempts to manage this risk.
Magic, oracles and sacrifices served as the primary methods of risk management for early societies. By the 18th century, a number of seminal mathematical discoveries—including standard distribution and the bell curve—had been made. These statistical insights provided the tools to quantify and manage risk. Peter Bernstein, in his bestselling Against the Gods: The Remarkable Story of Risk, characterizes this ability to accurately predict the future through statistical analysis as a hallmark of modern society.
The ability to accurately predict the future lies at the heart of effective risk management. This is because risk, by definition, lives in the future—it is a potential harm that hasn’t, but may, occur. Recently, our bell curve–based ability to estimate the future and manage associated risk has been called into question. Nassim Taleb’s book, The Black Swan, argues that in societal or informational matters (eg, economics or regulatory enforcement), we largely are governed by unlikely events with enormous impact that occur more often than we might expect. Taleb’s Black Swan events are outliers—highly improbable and often outside of our risk assessments or models. Military planners refer to this as the unknown unknown (versus the known unknown of bell curves and standard deviations) and offer only a handful of remedies, the most fundamental of which is increased awareness or enhanced perception.
An Age of Risk
Psychological studies demonstrate that humans are motivated more by fear of loss than by expectation of gain. Add to this a vast increase in information, an accelerated pace of change and an exponential increase in technological complexity, and it is easy to understand the current preoccupation with risk: Loss or harm can come to us in ways that are outside of our ability to understand or anticipate.
Against this backdrop, increased media attention has raised public awareness around product risk. Health risks associated with imported Chinese products serve as a prime example. This awareness of product safety risk, combined with high-profile litigation, has especially focused public attention on healthcare products, including medical devices.
While safety and ethical issues dominate discussions of device risk, there is another factor of growing importance: demographics. Aging populations in the United States and Europe mean expanded markets for medical devices. For instance, the number of hip replacements is projected to increase more than 60% in the next 30 years. And, not surprisingly, the older we get, the more we spend on medical devices. According to one Harvard study, individuals age 65 to 74 have a per capita healthcare spending that is 300% higher than people 35 to 44 years of age.
In general, market growth is good news for industry. However, it also means increased exposure to risk—where failures in design, manufacture or operation may affect larger patient populations. Unforeseen problems with drug-eluting stents and cardiac pacemaker leads offer two recent examples.
A direct consequence of public preoccupation with risk can be observed through increased levels of regulation and the development of risk management standards. Since their introduction in 2000, the risk management concepts embodied by ISO 14971 have had a significant impact. In seven short years, this ISO 14971 has become a European Union harmonized standard and a Japan Industrial Standard, as well as recognized by the FDA and Health Canada. In 2000, approximately 10 standards referenced ISO 14971. Today, more than 100 standards make reference to it, including an informative (guidance) reference in ISO 13485 and a normative (requirement) reference in IEC 60601. This 10-fold growth in cross-standard reference is a direct result of the growing influence and awareness of risk management.
Recently, medical device risk management systems have been deemed to be auditable. At the same time, Underwriters Laboratories has introduced a registration service for ISO 14971. Other registrars, such as BSI and TÜV, are exploring or introducing similar services. Besides demonstrating compliance with global risk management requirements, manufacturers are looking to ISO 14971 registration as a means to limit liability exposure. For example, manufacturers’ liability for outsourced processes, first made explicit in guidance from the Global Harmonization Task Force (Study Group 3), has been formally documented in the newest revision to the European Union’s Medical Device Directive. Supplier registration to ISO 14971 soon may become the preferred method for manufacturers that want to demonstrate appropriate risk management in their outsourced processes. Together, the growth of risk management requirements, confirmation of system auditability and introduction of third-party audit services, combined with manufacturer’s liability concerns (including manufacturer responsibility for outsourced suppliers) ensure a continued emphasis on formal risk management systems and ISO 14971.
The Practitioner’s Perspective
Historically, unsuccessful risk management practitioners, such as our man from Lascaux, provided important object lessons for the rest of the population. On the other hand, successful practitioners can provide value by sharing hard-won experience. A professional dialogue with veteran practitioners is one path to increased awareness—an important antidote to “black swan” type (unanticipated) risk. Shared experience also can serve as the basis for valuable process innovation.
Which brings us to the point of this column. In upcoming issues, this space will feature interviews with expert practitioners to obtain their perspectives on risk management. Post-market surveillance, software risk management, supplier risk management, labeling risk management and related issues will be explored in an effort to provide input for manufacturers’ risk management systems. An awareness of risk sources and mitigations helps to develop a broad-based risk management practice. The importance of a comprehensive practice is clear: All markets require risk management, and devices must be safe. The health and well-being of both patients and manufacturers depend on it.