FDA Benefit-Risk Analysis Summary

What concerns FDA when conducting a benefit-risk assessment of medical devices?  The answer is a long list of variables that can vary by type of device, target population, and indications for use, but the clear focus is on patient safety and benefit. The FDA considers both the device benefit-risk assessment, as well as evidence and data showing the benefit-risk factors related to availability, compliance, and enforcement.

The FDA considers benefit-risk factors for medical device manufacturers who are subject to premarket review, and manufacturers who have concerns about the quality or compliance of their devices. Certainly benefit-risk factors are likely to be applied when new information or a change in risk associated with a device could potentially impact the device’s availability. The availability of a device may be affected by either a decision to limit its market presence, or by other compliance or enforcement actions – either way, such a decision should focus on how the changed availability will impact patients. The goal, of course, for both the FDA and the industry, is to provide medical devices which elevate the benefit to patients and diminish the risk of harm posed.

Ensuring maximum benefit and minimal risk for patients might involve gathering patients’ perspectives, accounting for alternatives, and considering patients’ decision options. A patient’s decision option and overall perspective should be supported by what they consider to be acceptable options. A manufacturer would be well-served to have relevant and reliable documentation about these patient perspectives. Armed with that knowledge, a manufacturer should take important, self-directed steps to minimize patient harm. This provides a dual benefit of documentation for the FDA should it be needed, and it can demonstrate a manufacturer’s proactiveness.

Factors for Assessing Medical Device Benefits

To preface, it’s important to remember that benefits may change over the product life cycle and should be reassessed throughout the product lifecycle stages. However, throughout the use of the device, benefits should be considered in the aggregate if appropriate. The broad concept of a “benefit” might include: the type and magnitude of the benefit, the likelihood that a patient will experience said benefit, how long the benefit lasts and how valuable it is to the patient, and whether a substitute device could provide a comparable benefit.

Benefit can encompass the overall effect of the device on the patient’s prospects – whether it impacts survival, function, or comfort. The magnitude of the benefit may be measured simply as the degree of effectiveness or change in condition that patients experience due to the medical device. The likelihood of patients experiencing one or more benefits (i.e., patients treated effectively divided by the number of total patients treated) is important; but manufacturers should also be on the lookout for identifiable subpopulations that may be more likely to benefit, as they would experience a “greater benefit.”

In addition, benefits can be assessed by examining the duration of effects – if a device allows a patient to experience a beneficial effect for a longer time, that means it has a greater benefit. Substitute devices play a role, whereby if there is no other device that could provide the same effect, the device has a greater benefit. Individual considerations by patients and healthcare professionals about the value of the device can also be assessed, whether it be a favorable response to the efficiency, reliability, or helpfulness of the device.

Factors for Assessing Medical Device Risks

Risks to patients may be direct or indirect, and they should be considered in the aggregate as well. Manufacturers should be reactive to any changes in risk. These changes could come about if there is unanticipated harm to users of the device (or unexpected hazardous situations), changes in the device use environment, device nonconformities, or design issues. Such changes should immediately be noted in risk management documentation and appropriate notifications and/or corrections or removals if appropriate. The FDA’s (non-comprehensive) list of risk factors account for nonconforming devices, non-compliance with regulations, and other causes of harm. Risk factors of severity, likelihood, and patient tolerance of risk are repeated throughout FDA guidance and are therefore likely to be the forerunners in their assessments.

Some medical device-related harm might cause or be related to death or serious injury, and of course this is the most serious category. Other categories describe diminished harm, like medical device-related non-serious adverse events (there is some assertion that the device contributed to minor or temporary injury), or medical device-related events without reported harm (device nonconformities or malfunctions were observed but caused no related harm). If there is risk for device-related harm, the best-case scenario is for it to have been identified by the manufacturer, but no harm has yet occurred. When there is risk, then manufacturers would be well-served to show that occurrence is improbable, or that very few patients have been exposed to the risk. Furthermore, manufacturers aiming to minimize exposure of the population to the risk should reduce the time period between initial patient exposure and a successful response to the risk.

Throughout the risk assessment process, the level of concern that patients have about the potential harm of the device is significant. If patients are willing to engage with the device and tolerate it despite the risks of which they are informed, that can be a sign that the product should be available to them. Of particular relevance would be the type of target population for the device such as terminally ill patients versus healthy newborns. Note that an FDA assessment of risk might also consider the risk factors that may impact healthcare professionals.

Further Factors to Consider

An FDA assessment also may consider things like certainty and detectability, mitigations, and firm compliance, although these do not clearly fall on the risk or the benefit side. Other factors are more briefly touched upon, but preventative steps by manufacturers are a reoccurring theme. That’s good news for manufacturers, because there are steps that can be taken to improve a benefit-risk assessment.

Certainty based on representative clinical information is preferred, as there are limitations on what sort of inferences can be drawn about a device for which risk is uncertain. If there are nonconformities which can be readily identified, especially before use of the device, then there is less risk of patient harm, and such ready detectability is more acceptable. Scope of the device issue may play a role here as well – whether the risk is device-specific, manufacturer-specific, or industry-wide.

A manufacturer may proactively act to limit harm (by addressing use errors, for example), or act to recover benefit (possibly by addressing unmet medical needs). The good news is that risk acceptability is assessed after appropriate mitigations have been taken to identify and correct issues. Keep in mind that the FDA likely would still assess whether the proposed correction strategy is adequate. Mitigating steps tie into the firm’s compliance history and communication with the FDA – if those have been properly done, it can boost a manufacturer who is working to ensure low risk and high benefit.

Now that the factors are clear, how does the FDA go about conducting such assessment?

  1. First, there is an evaluation of all available benefit information – found in places including literature, clinical studies, patient input, and documentation (This is the point where manufacturers may, if they so desire, provide documentation to the designated FDA point of contact for the issue being assessed.).
  2. Next, there is an assessment of all available risk information – found in similar places, but also including medical device reports, inspection reports, and risk management documentation.
  3. The assessment is completed by consideration of relevant “further factors” – uncertainty, mitigations, detectability, failure mode, scope of the device issue, patient impact, preferences for availability, nature of violations/nonconforming product, and firm compliance history.

The FDA may use the outcome of the benefit-risk assessment to make decisions about product availability and enforcement. If the assessment of a nonconforming device shows high benefit to patients and little risk, the outcome may be that the device remains available to patients as the manufacturer works with the FDA to correct the nonconformity. However, if the assessment shows low benefit to patients and high risk, the FDA would likely act to limit the device’s availability. Enforcement can be formal or discretionary; so, if there’s a compliance issue but the device is needed because of a shortage or for the benefit of public health, the FDA has the freedom to use less formal approaches to resolve the issue.

In making product availability decisions, the FDA is more likely to keep a product on the market if: the manufacturer properly documented any nonconformity, the device has high benefits with no comparable substitute, removal of the product would have a frustrating impact, no adverse events have occurred, and the likelihood of risk is low, patients informed about the device still prefer it, and mitigations have taken place.

In making compliance and enforcement decisions, the FDA is more likely to take the discretionary approach if: the device has unique, high benefits and patients strongly prefer it, the likelihood of risk is low, and the manufacturer voluntarily took corrective action and provided certain data. In this situation a regulatory meeting would likely be an efficient means of achieving compliance. The examples in this guidance repeatedly emphasized the importance of manufacturers being forthcoming and offering solutions backed by reliable evidence.

For manufacturers wondering about the overlap between this Benefit-Risk Assessment Guidance and ISO 14971, the FDA notes that the risk management language is not completely harmonized, but that both focus on “outcomes for patients that deliver the most benefit for the least amount of risk and provide a reasonable assurance of safety and effectiveness.”

Legal Disclaimer

While SoftwareCPR® attempts to ensure the accuracy of information presented, no guarantees are made since regulatory interpretations and enforcement practices are constantly changing and are not entirely uniform in their application.

Disclaimer of Warranties: The information is provided AS IS, without warranties of any kind. CPRLLC does not represent or warrant that any information or data provided herein is suitable for a particular purpose. CPRLLC hereby disclaims and negates any and all warranties, whether express or implied, relating to such information and data, including the warranties of merchantability and fitness for a particular purpose.

About the author

Amy enjoys researching and writing about developments in medical technology and how that intersects with US law. She received her J.D. from the University of Florida Levin College of Law in 2020 and now works as a Regulatory Associate for SoftwareCPR®, a general-purpose regulatory consulting firm that is recognized globally for their expertise with standards and national regulations pertaining to medical device, mobile medical app, and HealthIT software.

SoftwareCPR Training Courses:

Risk Management (Public or Private)

Our newly updated ISO 14971:2019 Medical Device Risk Management, A Software Organization’s Perspective training course is now open for scheduling!

  • Coverage of ISO 14971:2019, IEC 62304; amd1, and IEC/TR 80002-1.
  • System level hazards analysis – mapping to software, cybersecurity, and usability
  • Why FMEA is incomplete for medical device risk management.
  • How to perform software hazards analysis.
  • And more!

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructors: Dr. Peter Rech, Brian Pate

Next public offering:  TBD


Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering:  TBD


Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD


IEC 62304 and other emerging standards for Medical Device and HealthIT Software (Public or Private)

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate, 2nd instructor (optional)

Next public offering:  TBD


Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.