When reading various comments and initiatives on important issues for the development and placing on the market of medical devices, I am concerned about what seems to me to be an apparent confusion on topics such as clinical evaluation, risk management and state of the art of medical devices, with a separation of activities only for specific processes, that the benefit/risk determination is part of the risk management process or that the analysis of the current state of generally recognized knowledge/state of the art is only necessary for the clinical evaluation) which does not seem to make sense to me. Here are some initial thoughts for my (and possibly your) consideration:

For a variety of reasons that I won’t go into in this post (but may expand on in the future), the two basic aspects that define whether a medical device can be placed and maintained on the market are:

• The device must be safe and effective
• The device must not compromise the health or safety of the patient, user, or others

For the above two aspects to be true, it is also necessary that:

• The potential risks must be compatible with a high degree of health and safety protection, given the current generally recognized state of knowledge
• The potential risks associated with the use of the device must be acceptable when balanced against the expected clinical benefits that the device provides to the patient (seen in another way, the clinical benefits must “outweigh” the potential risks)

For a manufacturer to be able to demonstrate the above, they must, in general:

• Define what it means to be safe for their device
• Define what it means to be effective for their device
• Define and measure the expected clinical benefits of their device
• Define and estimate the potential risks associated with the use of their devices
• Design the device so that any risks associated with its use are compatible with a high level of health and safety protection in accordance with generally recognized knowledge, i.e., the device cannot in principle be more dangerous than similar devices or alternative clinical solutions for the same clinical problem currently on the market
• Compare the expected clinical benefits with the estimated potential risks, including the way in which the device was designed to control such risks, and conclude whether the expected benefits “outweigh” the potential risks

With this in mind, it is important to remember that the entire process related to transforming an idea to solve a clinical need into an industrialized medical device is known as design (or engineering design, using the most common technical term).

• The design process must include the so-called design inputs, design outputs, design verification and validation steps, among others (the related requirements are normally known as “design control”). Furthermore, it includes or interfaces with any other process that performs some activity related to design, such as risk management in general, the usability engineering process, biological safety assessment (biocompatibility) or clinical evaluation

When defining the so-called “design inputs” (which are the requirements that the product must meet), the manufacturer must define various requirements, such as safety requirements, performance requirements, usability requirements, marking requirements, packaging requirements, etc. In addition, he must also decide how to verify that these requirements are met (by bench tests, on animals, or another type of evaluation).

• In order to define these design requirements, it is common for manufacturers to analyze both the history of the clinical problem and similar devices on the market, including their evolution. I do not know of a manufacturer that has not done this in some way, even if simple. On the other hand, this assessment is precisely an assessment of the current state of generally recognized knowledge. Most of the time, this assessment is done before the project is even started, as part of the project feasibility analysis
• In the case of clinical benefits, this analysis should also be one of the first activities of a project; in the case of safety requirements, these must be identified, in addition to the aforementioned analysis, also by applying the risk management process

The risk management process is the process that analyzes (identifies potential risks), evaluates (concludes whether the risks are acceptable or not), controls (defines how to control unacceptable risks) and monitors (the acceptability of all) potential risks of using the device. The risk management process can be understood as a decision-making process, not an implementation process. For example, identifying potential risks primarily uses the analyses made during the design, including in particular the design inputs, to conclude which risks may arise from the use of the device. Even in the case of risk controls defined in risk management, the one who actually implements the controls is the more general design process.

• The risk management process in general does not include a process for identifying, measuring and concluding on clinical benefits. Although a standard such as ISO 14971 includes some possibilities related to the justification of certain risks versus benefits (this is another historical confusion that may be expanded in the future), these benefits should be identified and measured in a separate process. The so-called “benefit/risk determination” of the device as a whole is therefore a general design activity

The clinical evaluation process is a process of generating, collecting, analyzing and determining clinical data on the device (which is defined as safety or efficacy data that comes from the clinical use of the device in humans). And where do the definitions of what data will be generated, collected, analyzed and determined come from? Again, from the more general design process. In