The cooperative interplay between risk management and usability in medical devices

In the world of medical devices, safety and efficacy are of the utmost importance. However, developers and manufacturers are engaged in a constant balancing act in which they must master the harmonization between risk management and usability. The interface between the two processes is of paramount importance as it affects not only the reliability, safety and quality of products, but also regulatory compliance and the added value that products bring to healthcare.

In this article, we look at the regulatory framework, the relationship between risk management and usability, and the key question: how can you, as the manufacturer, combine both processes to the best of your knowledge?

What is the regulatory context for both processes?

Risk Management

The European Union's Medical Device Regulation (EU) 2017/745 (MDR) places increased requirements on risk management for manufacturers of medical devices. Risk management is a crucial part of the conformity assessment process for medical devices and must be carried out in accordance with the provisions of the MDR. The manufacturer must implement and maintain a risk management process throughout the entire product life cycle. This includes creating a risk management plan and identifying, assessing, and minimizing potential risks.

The harmonized standard EN ISO 14971 (currently EN ISO 14971:2019+A11:2021) defines a structured risk management process in accordance with the MDR requirements to identify, assess, and mitigate potential risks arising from the technical and clinical performance of the medical device. The standard requires a series of systematic processes that assess the safety and performance of the device to prevent harm to patients, users and even the environment throughout its life cycle.


The MDR also lays down extensive requirements for the usability and ergonomics of medical devices to reduce the risks to patients, users, and third parties due to incorrect use. These include Article 5 and Annex I.

Article 5 of the MDR focuses on taking into account the intended purpose of the device when fulfilling the requirements in Annex I. This leads to the definition of the intended purpose and the aspects to be considered in its description, in particular in relation to the intended user groups and the intended environment of use.

Annex I also contains usability requirements in paragraphs 3, 5, 14, 21, and 22 with regard to
  • the analysis of foreseeable use error with regard to specific risks due to lack of ergonomic features,
  • the definition of measures to eliminate or reduce these errors,
  • the ergonomics and comprehensibility of displays,
  • and the requirements for products intended for use by laypersons.

In accordance with the MDR requirements, IEC 62366-1 (currently IEC 62366-1:2015+COR1:2016+A1:2020) provides a structured methodology for the usability engineering of medical devices and specifies a process for the analysis, specification, development, and evaluation of usability in relation to safety. This process is concerned here with the human factor, that is, how smoothly and efficiently a user can interact with a device to fulfill its intended purpose.

But how do risk management and usability interact?

Where risk management and usability intersect

The usability engineering process enables the manufacturer to assess and reduce the risks associated with normal use. This includes both the correct use of the medical device and the errors that may occur during the use of the medical device and that could lead to a different result than intended by the manufacturer or expected by the user, the so-called "use errors".

As far as abnormal use is concerned, the usability engineering process can be used to identify risks - but not to assess or minimize them.

Risk management, on the other hand, considers both normal use and abnormal use. Here, the hazards and hazardous situations are identified, the risks are assessed, and they are minimized as far as possible.

IEC 62366-1:2020 describes how risk management and usability are interlinked (see Figure 1):

Figure 1 Cf: IEC 62366-1:2020, Figure A.4 – Types of use as described in this document and their relationship to the concept of “reasonably foreseeable misuse” in ISO 14971

In addition, the usability process defines the use environment and the user groups or so-called user profiles, which can help to define the associated risks in the context of risk management.

Or to summarize: the usability process is one of the most important resources to adequately supplement the risk management process.

Similarly, the risk management process ensures that all risks, including those related to usability, are minimized. This is done by identifying appropriate measures in the form of design measures, protective measures, or information for safety and, where appropriate, training to users. These measures can have a direct impact on usability. For example, simplifying a complex operating element can improve usability and at the same time reduce the risk of operating errors.

In a further point, usability testing in the form of a summative evaluation under certain conditions can serve as proof of acceptance of the overall residual risk and be used as an argument in the risk-benefit analysis.

It is clear from the above how closely the two processes are linked. However, the question now arises as to how this interaction can be managed in order to develop a safe and efficient medical device.

How can the manufacturer combine both processes?

To develop a safe and effective device, appropriate risk management must be practiced - but in order to sell the product, its ease of use must also be guaranteed. To this end, it is advisable to consider the following points to the best of one's knowledge:
  • Establishment of an interdisciplinary team:
    To achieve the best possible interaction between the two processes, it is necessary to put together an interdisciplinary team that includes experts from the risk management, usability, production, regulatory and clinical fields.
  • Communication within the team:
    Collaboration and continuous exchange between the various team members serves to comprehensively identify risks, particularly in relation to usability.
  • Regulatory framework and standards:
    Current regulations and versions of standards must be taken into account and the design of processes in accordance with these requirements must be ensured.
  • Risk-based usability:
    • Identification of reasonably foreseeable misuse
    • Planning and implementation of usability tests
    • Identification of usability problems from test results
    • Incorporating results into risk management
    • Implementation of measures to minimize risks
    • Validation of the effectiveness of these measures
  • User-centered design:
    To improve the usability of medical devices, a user-centered design approach is essential. In this approach, end users are actively involved in the design process through formative evaluation to ensure that the device is intuitive, efficient and meets their needs. This significantly reduces the likelihood of user error and associated risks.
  • Continuous post-market surveillance (PMS):
    The risk management process must be constantly maintained. Post-market surveillance, complaints, feedback, and new findings should be used to implement continuous improvement processes, identify new risks, and consider new ergonomic and usability-related aspects.

A proper balance between risk management and fitness for purpose helps to ensure compliance and can also save a lot of wasted effort, time, and cost. But this is not always a clear case without conflicts of interest. There can also be trade-offs in certain cases. For example, increasing the number of safety measures to reduce risks might make it more difficult for a medical device to be usable. Finding the right balance between safety and usability is a challenge that manufacturers must face.


Risk management and usability are closely linked with patient safety at the center. Effective risk management is about identifying and eliminating potential risks, while usability ensures that the device can be used safely and effectively in clinical practice.

Ensuring that the medical device is not only safe and effective, but also easy to use for healthcare professionals or laypersons is essential for regulatory compliance and market success.

What do your risk management and usability processes look like? What are the biggest challenges for your company? Let's talk about your current situation. We are happy to support you with our comprehensive expertise.

Best Regards
Ali Alkhatib

Ali Alkhatib
Regulatory Affairs Expert
Regulatory Affairs & Technical Documentation
Connect via LinkedIn
Our blog posts are researched and created with the utmost care, but are only snapshots of the regulations, which are constantly changing. We do not guarantee that older content is still current or meaningful. If you are not sure whether the article you have read on this page still corresponds to the current state of regulation, please contact us: we will quickly place your topic in the current context.

Subscribe to our newsletter and benefit from our expertise

Regulatory compliance requires in-depth and comprehensive knowledge. Our newsletter provides you with both of these: Every 14 days, it provides you with best practices from our experts in documentation, market access and monitoring. It offers information on current events, topic overviews, and tips for implementation – in short: Our newsletter keeps you up to date.

Subscribe to our newsletter and receive our free information service

Try our Quick Help!

Often all it takes is a little help, a nudge in the right direction, to get back on track. That is what our Quick Help is for: you ask, we answer - FREE, fast and easy.

Are you stuck, going in circles with a question about Technical Documentation, QM, Verification, Validation, Clinical Affairs or Regulatory Affairs? What are you waiting for?

Put us to the test!

Regulatory History: Blog Archive

You can find older posts in our blog archive. Please make sure that this content is up to date before using it; we are happy to help.