FDA Risk Analysis, including Use-Related Risk Analysis (URRA), is no longer optional—it’s essential for medical device compliance. This guide explains URRA, why it’s vital for FDA submissions, and how to initiate effective risk management early in device development.
Whether you’re developing a diagnostic tool, a wearable therapeutic, or an at-home testing kit, the FDA will ask a critical question in your submission: What could go wrong when someone uses this device—and how are you preventing that from happening?
Human error is a major contributor to adverse events involving medical devices. While it is difficult to pinpoint the exact percentage of adverse events in the US directly attributed to user error, we know many of these errors are preventable if risk is evaluated early and often.
Assessing potential use-related risks and developing mitigation strategies ensures that medical devices are not only functional but also usable, safe, and effective in the real world.
What Is Human Factors Risk Management (FDA and ISO 14971)?
Human Factors Risk Management is a systematic process which focuses on identifying, evaluating, and controlling risks that arise from how users interact with a device. Two key resources that can help guide this process are ISO 14971:2019 Medical devices–Application of risk management to medical devices and the FDA’s Human Factors and Usability Engineering Guidance (2016).
Use-related risks might involve:
- Misinterpreting displays, icons, or device feedback
- Skipping or misunderstanding instructions for use
- Environmental distractions that interfere with correct operation
- Reasonably foreseeable misuse—especially by lay users in non-clinical settings
Bottom line: A device that works in theory isn’t enough. It must work safely—in the real world, in real hands.
When to Implement FDA Risk Management for Medical Devices
According to ISO 14971, every medical device manufacturer must implement a risk management process throughout the device’s lifecycle—from early design to post-market monitoring. The FDA considers this part of the design controls (21 CFR 820.30) for medical devices, which are specific requirements that should be met during the design and development of your health product.
The guidance is unambiguous: risk management starts before a prototype is built and continues through development, testing, and market surveillance.
A best practice? While it might feel abstract, begin your preliminary hazard analysis during concept development and update it frequently, especially after user research or testing. Each iteration should inform design changes, usability evaluations, and eventually, human factors validation testing as described in the FDA’s 2016 Human Factors Guidance.
Common analytical tools like Use Related Risk Analysis (URRA), Failure Mode Effects Analysis (FMEA), and Fault Tree Analysis (FTA) are highly effective in systematically identifying potential risks and their root causes.
FDA and ISO 14971 Risk Analysis: Step-by-Step Guide
Both FDA and ISO outline a robust and repeatable process. Here’s a simplified roadmap:
Step 1: Define Intended Use, Users, & Use Environment
- The intended use is the purpose of your device. A clear statement documenting what your device does is a critical first step. Consider who uses the device and where–are they lay users at home, or healthcare professionals in a medical setting?
Step 2: Conduct a Task Analysis
- Map every action a user must take, from unpacking the device to disposal. Identify any critical tasks that, if performed incorrectly, could result in harm. It helps to consider the intended use of the device and foreseeable misuse.
Step 3: Identify Hazards, Hazardous Situations and then Harms
- Systematically identify all possible hazards (i.e., potential sources of harm) and circumstances where people or the environment may be exposed to hazards. Each hazard or hazardous situation may lead to several possible harms.
- Tools such as URRA, FMEA, or FTA can help identify hazards and systematically evaluate potential failure points, strengthening your FDA risk assessment.
Step 4: Estimate and Evaluate Risks
- Once harms are identified, use qualitative or quantitative methods to evaluate the severity of each harm (e.g., from negligible to critical) and likelihood of occurrence (e.g., from improbable to frequent). This is how you estimate risk. For best practices, refer to ISO/TR 24971:2020 Medical devices–Guidance on the application of ISO 14971.
Step 5: Implement Risk Mitigation Strategies
- Use risk mitigation strategies to reduce risk to acceptable levels. Start with improvements to the device design (e.g., add default settings), then determine if additional protective measures can be implemented. Finally, ensure your labelling and/or training instructions are clear and understandable.
Step 6: Evaluate Residual Risk
- Are the remaining risks acceptable, given the benefits? If not, iterate again or justify with a benefit-risk analysis.
Step 7: Validate with Users
- For most Class II or III medical devices in the US, an FDA-grade human factors validation study with a diverse group of typical users must be conducted to prove your device is safe and effective for intended users, uses, and use environments.
Step 8: Monitor Post-Market Use
- Continue to collect real-world feedback to update the risk profile over time and inform future improvements.
Essential Risk Management Terms
- Hazard: A potential source of harm
- Hazardous Situation: When a person is exposed to a hazard
- Use Error: An action (or lack thereof) that leads to an unintended outcome
- Residual Risk: Risk that remains after controls have been applied
- Risk Management File: A documented trail of all risk-related decisions and analyses
- Use-Related Risk Analysis (URRA): Assessment of risks associated with user-device interactions.
- Failure Mode Effects Analysis (FMEA): A systematic method for evaluating processes to identify where and how they might fail.
- Fault Tree Analysis (FTA): A deductive approach to analyzing system reliability and safety.
5 Tips to Get Started Now
- Start with a Plan
Create and document a risk management plan tailored to your device and its intended use. - Build a Multidisciplinary Team
Include clinicians, engineers, human factors specialists, and real-world users. - Consider this a Living Document
Medical device risk management is not static. Treat it as a continuously updated record of assumptions, evidence, decisions, and outcomes. - Design for Worst-Case Scenarios
Think about misuse, distracted users, low literacy, or complex environments. Good design anticipates and mitigates any foreseeable risks. - Don’t Wait for the FDA to Ask
If you’re designing a product, you’re already “in scope” for risk management. Delaying it can derail timelines and increase the chance of the FDA declining your submission based on a lack of crucial data demonstrating your device’s safety and effectiveness. Incorporate URRA and analytical tools like FMEA or FTA early to anticipate FDA review expectations.
For a Strong Submission
When submitting your 510(k), create a strong FDA submission package with a defensible risk management file, validated usability evidence, and a straightforward narrative tying everything together.
Be sure to tell your risk management story from beginning to end, including how it influenced your device design decisions, the experts you consulted when evaluating the severity and occurrence of harms, iterative improvements made to mitigate risk, the results of your FDA-grade human validation study, and how you plan to monitor use-related risks in the post-market setting.
Need a Partner?
Human factors FDA risk analysis isn’t just regulatory—it provides a market advantage. At SoundRocket, our team integrates URRA, FMEA, and FDA best practices to streamline your medical device risk management.
Whether preparing your first FDA submission or refining your tenth, SoundRocket helps you build a rock-solid risk management file that anticipates FDA reviewer expectations and minimizes delays. Make your device safer, smarter, and fully compliant. Contact us to optimize your FDA Risk Assessment today