Is “hazard” the same as “hazardous situation”?

No. A hazard is a potential source of harm; a hazardous situation is when exposure occurs. ISO 14971:2019 (Clause 3) distinguishes these clearly.

Can I use detectability like FMEA?

ISO 14971 defines risk as severity × probability of harm. You may incorporate detectability when it demonstrably reduces the probability the sequence reaches harm (e.g., alarms, diagnostics). Document the rationale and evidence (Clauses 5–6).

Who signs off on the risk file?

The PRRC (MDR Article 15) should have formal gates to approve risk policy, completeness of analysis, control hierarchy, residual risk statements, and PMS integration.

How should harms be described for audits?

Use standardized clinical terminology such as MedDRA preferred terms and codes across the risk file, PMS trending, and vigilance. Keep severity rationale aligned with clinical evaluation.

Medical Device

Difference Between Hazard and Harm in Medical Device Development

ISO 14971 • EU MDR • Audit-Ready

Understanding the Difference Between Hazard and Harm in Medical Device Development

Confusing hazard with harm leads to weak analyses, missed controls, and audit findings. This guide clarifies the terms using ISO 14971:2019 and MDR 2017/745, shows how they fit into the risk management process, and embeds PRRC oversight so your files withstand regulatory and legal scrutiny.

Copy risk templates Add PRRC review gates Run the audit-ready checklist

Authoritative Definitions (mapped to ISO 14971 & MDR)

Hazard (ISO 14971:2019, Clause 3 — terms & definitions)

Potential source of harm. Examples: electrical energy, radiation, contaminated surface, misleading UI, data integrity failure, algorithmic misclassification, sharp edges. Used throughout process Clauses 5–7.

Harm (ISO 14971:2019, Clause 3)

Injury or damage to health of people (and, where applicable, damage to property or the environment).

Hazardous situation (ISO 14971:2019, Clause 3)

Circumstance in which people, property, or environment are exposed to one or more hazards, typically reached via a foreseeable sequence of events.

Risk (ISO 14971:2019, Clause 3)

Combination of the probability of occurrence of harm and the severity of that harm.

Risk control (ISO 14971:2019, Clause 7)

Measures implemented to reduce risk. Apply in order: (1) inherent safety by design, (2) protective measures, (3) information for safety.

Key point: Hazards exist whether or not anyone is exposed. Harms occur only when a foreseeable sequence of events produces a hazardous situation and someone (or something) is affected. ISO 14971:2019, 5.4; Annex A (guidance).

Hazard vs. Harm — At a Glance

Aspect	Hazard	Harm
Nature	Potential source of damage	Outcome (injury/damage)
Examples	Electrical energy, contaminated surface, misleading display, algorithmic error	Electric shock, infection, wrong clinical action, delayed therapy
When considered	Early in hazard identification (ISO 14971, 5.4)	During risk estimation & evaluation (ISO 14971, 6)
Control focus	Eliminate/reduce exposure or likelihood of hazardous situation	Reduce severity/probability of the resulting harm
Traceability	Hazard → Sequence of Events → Hazardous Situation	→ Harm → Risk Evaluation → Control → Verification → Labeling

Mapping Nuance: Many-to-Many Relationships

In practice, mappings are rarely one-to-one. A single hazard can lead to several hazardous situations; one situation can produce multiple harms; and one harm may arise from multiple hazards via different sequences of events. Your risk file should allow many-to-many links and maintain unique IDs for each node and sequence step. ISO 14971:2019, Clauses 5–7 require traceability across these relationships.

How Hazards & Harms Fit into ISO 14971:2019 Risk Management

Hazard identification — enumerate energy sources, chemical/biological agents, software & data risks (incl. AI/ML), usability errors, cybersecurity threats. ISO 14971:2019, 5.4; IEC 62366-1 (usability); IEC 62304 (software).
Foreseeable sequence of events — credible misuses, failures, environmental conditions that lead to exposure. ISO 14971:2019, 5.4; Annex A (examples).
Hazardous situation — who/what is exposed and under what conditions. ISO 14971:2019, Clause 3 (definition).
Harm & severity — define plausible harms and rate clinical impact using a documented severity scale aligned with CER/clinical evaluation. ISO 14971:2019, 6; MDR Annex I (GSPR).
Probability of harm — estimate likelihood that the sequence reaches harm; consider detectability, protection layers, field data, and diagnostics. ISO 14971:2019, 5–6.
Risk evaluation — compare to pre-defined risk acceptability criteria (policy per ISO 14971:2019, 4.2 “state of the art”).
Risk control — apply 1→2→3 hierarchy; verify implementation & effectiveness (tests, validation, summative usability, cybersecurity verification). ISO 14971:2019, 7; MDR Annex I risk reduction “as far as possible”.
Residual risk & benefit-risk — re-estimate; if still high, add controls or justify with benefit-risk + PMCF/PMS signals; disclose residual risks in IFU if needed. ISO 14971:2019, 7.4; MDR Annex I §23 (information supplied).
Production & post-production — integrate PMS (complaints, trend reports, FSCA, vigilance, literature, registries) and feed back to the risk file. ISO 14971:2019, 10; MDR Chapter VII (Arts. 83–86).

Risk Estimation Beyond “Severity × Probability”

Detectability — incorporate detection before harm (alarms, self-tests, UI affordances). If detection interrupts the sequence, the probability of harm may be lower than the probability of a fault. ISO 14971:2019, 5–6; IEC 62366-1; IEC 62304.
Effectiveness of controls — verify implemented effectiveness (bench tests, EMC/60601-1, verification logs, summative usability). ISO 14971:2019, 7.3–7.4; IEC 60601-1 (electrical limits).
Benefit-risk & state of the art — decisions must reference clinical benefit and current best practice; document rationale and alternatives considered. ISO 14971:2019, 4.2 & 7.4; MDR Annex I.

Concrete Examples (with Control Hierarchy & Verification)

Infusion Pump (Hardware)

Hazard: electrical energy; occlusion pressure; sharp spike

Sequence: insulation defect → exposed conductor → user contact

Harm: electric shock; burn

Controls (1→2→3): (1) double insulation, creepage/clearance; (2) protective earth, fuse, alarm; (3) warning label in IFU

Verification: IEC 60601-1 leakage current & dielectric tests; alarm functional tests; label/IFU review against residual risk

Refs: ISO 14971:2019 (5–7); IEC 60601-1

SaMD / Clinical Decision Support

Hazard: erroneous algorithm output; stale input; confusing UI

Sequence: data mapping error → wrong score → clinician acts

Harm: delayed therapy; incorrect dosing; anxiety

Controls (1→2→3): (1) algorithm constraints, input validation, fail-safe defaults; (2) confidence indicator, plausibility checks; (3) IFU warnings, on-screen advisories “not for standalone diagnosis”

Verification: IEC 62304 unit/integration tests; requirements traceability; IEC 62366-1 summative usability test; simulated clinical workflow test

Refs: ISO 14971:2019; IEC 62304; IEC 62366-1; IEC/TR 80002-1

Reusable Instrument

Hazard: biological contamination

Sequence: inadequate reprocessing → residual pathogens → exposure

Harm: infection

Controls (1→2→3): (1) design for cleanability, materials compatible with disinfection; (2) soil detection markers, reprocessing kit; (3) validated reprocessing IFU, training

Verification: cleaning/disinfection validation protocols; periodic audits; IFU verification against residual risks

Refs: ISO 14971:2019; MDR Annex I §23 (IFU)

Clinical Language: Use MedDRA for Harms

For consistency and audit defense, describe harms using standardized clinical terminology (e.g., MedDRA preferred terms). Align severity definitions with clinical categories and your CER/clinical evaluation. Map each harm in the risk file to a standardized term and code; use the same terms in PMS trending and vigilance reports. ISO 14971:2019 requires consistent definitions and traceability; MDR Chapter VII requires consistent PMS/vigilance reporting.

Copy-Paste Risk Statement Templates

Hazard: [energy/biological/software/usability/cybersecurity]
Sequence of Events: [misuse/failure/environmental]
Hazardous Situation: [who/what is exposed]
Harm (MedDRA PT): [clinical injury/health impact]
Severity: [S1..S5 with definition] · Probability of Harm: [P1..P5 with basis]
Initial Risk: [matrix cell] → Controls: [1 design / 2 protection / 3 info]
Verification of Effectiveness: [test/protocol/report id]
Residual Risk: [matrix cell] · IFU Residual Risk Disclosure: [yes/no + section]

Align with ISO 14971:2019 Clauses 5–7; ensure risk acceptability policy per 4.2 is referenced.

Traceability — From Hazard to Labeling

Element	Record	Owner	Audit Evidence	Notes
Hazard list	Risk analysis (ISO 14971)	RA/Engineering	Approved hazard register	HW, SW (incl. AI/ML), usability, cybersecurity
Sequences & situations	Risk analysis tables	RA	Reviewed scenarios incl. misuse	Use field data & literature where available
Harms & ratings	Risk evaluation	Clinical/RA	Severity scale with clinical rationale	Use MedDRA terms/codes; align with CER
Risk controls	Risk control log	Engineering/QA	Design specs, tests, verification	Apply 1→2→3 hierarchy
Verification of effectiveness	VoE table	QA/Engineering	Test protocols/results, acceptance criteria	Link to standards (e.g., IEC 60601-1, 62366-1)
Residual risk	RM report	QA/PRRC	Acceptability decision & justification	Disclose in IFU as needed (MDR Annex I §23)
Labeling / IFU	Labeling master	RA/PRRC	Warnings/cautions match residual risks	Translate & localize for markets

PRRC Oversight & Review Gates

Article 15 MDR requires the manufacturer to have a Person Responsible for Regulatory Compliance (PRRC) with specific qualifications and protected authority. Embed PRRC checkpoints in your risk lifecycle:

Gate A — Policy & Criteria: Approve risk acceptability policy (ISO 14971:2019, 4.2 “state of the art”).
Gate B — Analysis Complete: Confirm hazard inventory completeness (incl. usability, software/AI, cyber); challenge sequences & misuse coverage.
Gate C — Control Design Freeze: Sign off that the 1→2→3 hierarchy has been applied and verification plans exist.
Gate D — Residual Risk & IFU: Approve benefit-risk justifications; ensure residual risks are disclosed in IFU where required (MDR Annex I §23).
Gate E — PMS Loop: Confirm PMS plan routes harm signals to the risk file (MDR Arts. 83–86; ISO 14971:2019, 10).

Documentation tip: Maintain a PRRC Decision Log with date, device/version, gate, decision, evidence links, and required actions.

Post-Market Surveillance & Harm Signal Handling

Source harm signals: complaints, service records, trend reports, FSCA, vigilance, literature, registries, usability studies.
Classify & triage: map each signal to hazard → hazardous situation → harm (MedDRA term); re-rate severity/probability with clinical input.
Update risk file: revise estimates, add/adjust controls, document benefit-risk; escalate to CAPA as needed.
Update labeling/IFU: if residual risk understanding changes, align warnings/cautions (MDR Annex I §23).
Management review: trend residual risk; verify PMS effectiveness and PRRC sign-offs are current.

Refs: ISO 14971:2019, Clause 10; MDR Chapter VII (Arts. 83–86).

Common Pitfalls (and How to Avoid Them)

Mixing terms: writing “harm” where you mean “hazard” confuses controls — train teams on definitions (ISO 14971:2019, Clause 3).
Skipping sequences: jumping from hazard to harm without a credible sequence; include misuse & environmental factors (5.4).
Evidence gaps: listing controls without verification of effectiveness (7.3–7.4); tie each control to test/report IDs.
Labeling drift: warnings not reflecting residual risks; sync IFU with the risk file (MDR Annex I §23).
Clinical language drift: harms described inconsistently; mandate MedDRA PTs and coding in risk file and PMS.

Audit-Ready Checklist

Approved definitions for hazard, harm, hazardous situation, risk, sequence of events (ISO 14971:2019, Clause 3).
Complete hazard inventory covering HW, SW (incl. AI/ML), usability, cybersecurity; many-to-many traceability to situations & harms (5–7).
Risk acceptability policy approved before analysis (4.2), citing “state of the art”.
1→2→3 risk control hierarchy evidenced; verification of implementation & effectiveness logged (7.3–7.4).
Residual risk decisions justified (7.4); IFU disclosures aligned (MDR Annex I §23).
PRRC sign-offs captured at gates A–E; unresolved critical risks block release (MDR Art. 15).
PMS feeds risk file; trending reviewed by management; CAPA integration proven (ISO 14971:2019, 10; MDR Arts. 83–86).
Harms consistently coded with MedDRA; used in vigilance and PMS trending.

Practical, Audit-Ready Documentation Fields

Risk Acceptability Policy (excerpt)

Policy ID: RM-POL-001  |  Rev: 1.0
Scope: All devices & configurations
Basis: ISO 14971:2019 (4.2), MDR Annex I, state of the art
Criteria: R ≤ ALARP* only if hierarchy 1→2→3 exhausted; 
  benefits outweigh residual risk; IFU discloses residuals if needed.
Governance: Approved by QA Head & PRRC; reviewed annually.
*Use ALARP or company-specific matrix aligned to MDR “as far as possible”.

PRRC Decision Log (fields)

Date | Device/Version | Gate (A–E) | Decision | Evidence links 
| Residual risk statement | IFU impact | PMS trigger | Owner

Verification of Effectiveness (VoE) Table

Control ID | Control Type (1/2/3) | Verification Method | 
Protocol/Report ID | Result | Acceptance Criteria | Approver

PMS Harm Signal Intake

Signal ID | Source | Hazard→Situation→Harm (MedDRA PT) | 
S/P re-rating | CAPA? | IFU update? | PRRC sign-off | Closed date

Trends Impacting Risk & Compliance (SaMD / AI/ML)

Software lifecycle rigor — classify software items, maintain SOUP inventory, and prove risk control effectiveness per IEC 62304; map software hazards through to harms in the RMF.
Use-related risk — formative/summative usability evidence (IEC 62366-1) directly supports detectability and control effectiveness.
Transparency & updates — for data-driven models, document dataset risks, drift monitoring, and update controls; ensure PMS captures algorithm-related harms.

Standards cross-reference: ISO 14971:2019; IEC 62304; IEC 62366-1; IEC/TR 80002-1.

Bottom Line

Hazard is the potential source; harm is the outcome. Robust risk management connects them via credible sequences, prioritized controls, and verified effectiveness—under PRRC oversight with MedDRA-coded harms and PMS feedback. That’s how you stay compliant and protect patients.

Legal & Standard References (Clause Anchors)

ISO 14971:2019 — Medical devices — Application of risk management: Clause 3 (terms & definitions), 4.2 (risk policy), 5–7 (risk analysis/evaluation/control), 7.4 (benefit-risk), 10 (production & post-production information).
EU MDR 2017/745: Article 10 (QMS & lifecycle risk mgmt), Article 15 (PRRC), Chapter VII (PMS, Arts. 83–86), Annex I (GSPR incl. §23 information supplied).
MDCG PRRC guidance: roles, qualifications, and responsibilities under Article 15.
IEC 62304: Medical device software lifecycle processes (risk control & verification).
IEC 62366-1: Usability engineering (use-error hazards & mitigations; formative/summative testing).
IEC 60601-1: Basic safety & essential performance (energy-related hazards; design/test limits).
IEC/TR 80002-1: Guidance on applying ISO 14971 to medical device software.
MedDRA: Standardized clinical terminology for coding harms in risk files, PMS, and vigilance.

Need an audit-ready Risk Management File?

We build ISO 14971 files aligned to MDR GSPR, set up PRRC review gates, and operationalize PMS feedback loops. SaMD and Class I/II devices can start this week.

Copy the template fields Add PRRC oversight