The risk assessment process for NMPA registration of medical devices in China is an essential component of the regulatory pathway, ensuring that medical devices are safe, effective, and meet Chinese regulatory requirements. The National Medical Products Administration (NMPA) emphasizes risk management throughout the product lifecycle, starting from the initial design and development phase through post-market surveillance.

Here’s a detailed description of the risk assessment process for NMPA registration of medical devices in China:

1. Risk Management Framework

NMPA’s risk management requirements are aligned with ISO 14971 (Risk Management for Medical Devices), which is a key international standard for the application of risk management to medical devices. The risk management process is applied at various stages of the device lifecycle to identify, evaluate, control, and monitor risks.

The NMPA requires manufacturers to provide evidence of a systematic risk assessment that complies with the principles outlined in ISO 14971. The overall process typically involves:

• Risk Analysis
• Risk Evaluation
• Risk Control
• Post-market Surveillance

2. Risk Assessment Steps for NMPA Registration

Step 1: Risk Analysis

• Definition: The first step is to identify potential hazards associated with the medical device. This involves understanding the device's intended use, environment of use, and the possible failure modes.
• Key Actions:
  • Hazard Identification: Identify all possible hazards (e.g., electrical, biological, mechanical, chemical, software-related) that may arise during the use of the medical device.
  • Hazardous Situations: Assess how these hazards could lead to unsafe situations. For example, if the device is an infusion pump, a hazard could be improper drug delivery due to a software failure.
  • Use Scenario Analysis: For each identified hazard, consider different use scenarios, including misuse and worst-case scenarios, to understand the risks during normal and abnormal operations.
  • Device Design and Manufacturing Risks: Assess risks associated with the design and manufacturing process. This may include material failure, manufacturing defects, and component incompatibilities.

Step 2: Risk Evaluation

• Definition: Once the hazards are identified, the next step is to evaluate the associated risks by determining the severity of each potential hazard and the probability of it occurring.
• Key Actions:
  • Risk Estimation: Assess the potential consequences of each identified hazard and the likelihood of it occurring. The severity could range from minor (e.g., slight discomfort) to major (e.g., life-threatening injuries or death).
  • Risk Priority: Prioritize the risks based on severity and likelihood. A common approach is to use a risk matrix to classify risks into categories such as low, moderate, or high risk.
  • Risk Evaluation Criteria: Evaluate the risks against established criteria to determine if the risk is acceptable or if further actions are required to mitigate the risk.

Step 3: Risk Control

• Definition: This stage involves taking appropriate actions to control, mitigate, or eliminate the identified risks to acceptable levels. The goal is to reduce risks to the lowest acceptable level without compromising the device's functionality.
• Key Actions:
  • Risk Control Measures: Implement design changes, manufacturing process improvements, or safety features to mitigate the risks. These measures may include:
    • Safety Features: Adding safeguards, alarms, or automatic shutoffs to reduce risks.
    • Material Substitution: Using safer materials to avoid biocompatibility or chemical risks.
    • Design Modifications: Modifying the design to prevent electrical failures or mechanical malfunctions.
  • Risk Reduction: Reduce the likelihood of failure by improving device reliability, including testing, quality control, and ensuring proper manufacturing procedures.
  • Evaluation of Effectiveness: After implementing control measures, reassess the risks to verify that they are reduced to an acceptable level. If the risk cannot be reduced to acceptable levels, the device may not be approved by NMPA.

Step 4: Residual Risk Evaluation

• Definition: After implementing risk control measures, some residual risks may remain. These residual risks must be evaluated and documented to ensure they are acceptable for the intended use of the device.
• Key Actions:
  • Residual Risk Assessment: Assess whether the remaining risk is acceptable considering the benefits of the device. For example, a risk that might remain after implementing control measures could be acceptable if the device offers significant therapeutic benefits.
  • Benefit-Risk Analysis: This analysis helps determine whether the residual risk is outweighed by the clinical benefits of using the device. If the residual risk is deemed too high, further mitigation may be needed.
  • Acceptance Criteria: Establish criteria for acceptable levels of residual risk. NMPA requires this analysis to be submitted as part of the technical documentation.

Step 5: Risk Monitoring and Post-Market Surveillance

• Definition: Even after the device has been approved, risk management continues throughout the product's lifecycle via post-market surveillance.
• Key Actions:
  • Post-Market Risk Monitoring: Ongoing collection of real-world data on the device's performance in clinical settings, including reports of adverse events, device malfunctions, and user errors.
  • Corrective and Preventive Actions (CAPA): If new risks or safety issues arise, manufacturers are required to take corrective or preventive actions, which may include product recalls, design changes, or modifications to user instructions.
  • Annual Risk Management Review: The NMPA expects manufacturers to periodically review and update their risk management documents based on real-world usage data.

3. Documenting the Risk Assessment Process

NMPA requires manufacturers to document their risk management activities comprehensively. This documentation is a key component of the Product Technical Documentation (PTD) submitted with the registration application. It includes:

• A detailed Risk Management Report that outlines the entire risk assessment process.
• Evidence of the risk control measures that were implemented to mitigate identified risks.
• A residual risk evaluation, including the final assessment of acceptable risk.
• A post-market surveillance plan, detailing how ongoing monitoring will be conducted once the device is in use.

4. Risk-Based Classification

The level of risk associated with the device plays a key role in determining its NMPA classification (Class I, II, or III).

• Class I devices (low risk) are subject to less stringent regulatory oversight, and risk assessments for these devices may be less detailed.
• Class II devices (moderate risk) may require more thorough risk assessments, including the need for clinical trials and additional risk controls.
• Class III devices (high risk) involve the highest level of scrutiny. NMPA may require extensive clinical trials, factory inspections, and very detailed risk assessments and controls, particularly when the device involves life-sustaining or life-supporting functions.

5. Common Risk Management Tools Used

• Failure Mode and Effects Analysis (FMEA): A systematic method for evaluating potential failure modes and their consequences.
• Fault Tree Analysis (FTA): A top-down method to analyze the causes of system failures.
• Hazard Analysis and Critical Control Points (HACCP): Identifies hazards and implements critical control measures.

Conclusion

The risk assessment process for NMPA registration of medical devices in China is a comprehensive and systematic approach to identifying, evaluating, controlling, and monitoring risks throughout the device lifecycle. It is essential that manufacturers demonstrate robust risk management practices to ensure the safety and effectiveness of their devices. By following the steps outlined in ISO 14971, manufacturers can ensure that their devices meet NMPA’s regulatory standards, ultimately ensuring patient safety and regulatory compliance.

Contact Us：

Whatsapp or Wechat：+86 15816864648；email address：hito.lin@grzan.cn