One of the most common reasons the US FDA reject human factors submissions is due to an incomplete or insufficient use-related risk analysis (URRA). In our experience, we see more confusion and lack of understanding surrounding this topic than we do any other. To help, we’ve compiled the following 5 tips related to help avoid some common pitfalls:

A UFMEA is not your URRA

A sure-fire way to frustrate your FDA reviewer is to refer to a Usability Failures Modes Effects Analysis (UFMEA) as the only evidence of having performed a URRA. The simple truth is that a UFMEA is a tool, the URRA is the process. FDA1 define a URRA as being ‘a systematic use of available information to identify use-related hazards and to estimate the use-related risk.’ A comprehensive and robust URRA should include the following:

  • Task analysis with PCA analysis
  • Known use related problems review
  • Hazard identification
  • Related harms and severities (we’ll come onto those later)
  • Identification of potential use errors
  • Identification of critical tasks
  • Description and evaluation of risk controls (Note: ISO 14971 does not include the word mitigation as not all controls will eliminate risks, only control them)

Developing your URRA too late in the day

A URRA is expected to be a living document, meaning it is first conceived early in the development process and should be frequently updated as new knowledge is gathered. The process continues beyond market approval and plays an essential role in maintaining compliance with Section 10 of ISO 14971, production and post-production activities. If you’re URRA does not have a documented version history that conveys an iterative narrative, you may wish to reconsider putting it in front of a regulator.

Lack of clarity over Critical Task definitions

The FDA specifically require manufacturers to identify Critical Tasks. Hannibey Wiyor stated during a webinar in 2020 that a lack of, or incorrect selection of critical task definition, is one of the most common deficiencies in FDA submissions. Commonly Critical Tasks were being selected or eliminated by a risk prioritisation number (e.g. Occurrence X Severity). Critical Tasks must be identified solely on the level of potential harm that could occur to the user and or patient. The likelihood of that hazardous situation occurring is not pertinent to the identification of Critical Tasks. Beware of a subtle difference in the definitions of Critical Tasks when working on medical devices vs. combination drug products.

CDRH who regulate medical devices define critical tasks as: a user task which, if performed incorrectly or not performed at all, would or could cause serious harm to the patient or user, where harm is defined to include compromised medical care.

CDER who regulate drug and medicinal products define critical tasks as: Critical tasks are user tasks that, if performed incorrectly or not performed at all, would or could cause harm to the patient or user, where harm is defined to include compromised medical care.

Note the absence of the word “serious” in the CDER definition means your classifications will vary.
Furthermore, until the 2020 amended version of 62366-1, Critical Tasks were not mentioned. The amendment now includes the following definition: A task in a hazard related use scenario in which a use error can lead to a significant harm, can be thought of as a critical task.

Omitting ancillary tasks from the Task Analysis

Another pitfall commonly seen is forgetting to take a holistic approach to the analysis of all users and all user tasks. For example, in the context of a combination drug product, the pharmacist plays an important role in reviewing the information related to safety prior to dispensing the product to the intended patient. It is all too easy for development teams to focus on the user tasks which occur between the patient and the device. Common additional areas to consider including are:

  • Prescribing information
  • Selection of device
  • Maintenance procedure
  • Calibration

Non-specific risk controls

Finally, the URRA is intended to bridge the gap between potential use related risk and your intentions as a manufacturer to reduce or eliminate said risks. To maximise the value of the URRA, and prevent it becoming a stagnant set of documents, be prescriptive about the risk controls which are planned and implemented. Instead of simply stating “mitigated by design” or “stated in IFU”, include specific details such as “RF generator provides audible feedback to communicate change in device state (e.g. “RF power active”), or “IFU section XX.x includes details of intended patient population”.

Being prescriptive within the URRA documentation will assist in linking planned mitigations to test data, ultimately assisting you to document and build a narrative of following due HF process.

1 Content of Human Factors Information in Medical Device Marketing Submissions – Draft Guidance Dec 2022.