Skip to content

Risk Analysis – CardioMonitor Pro ECG-12

In accordance with ISO 14971:2019 – Risk analysis for medical devices

Document Information

  • Document: Risk Analysis
  • Product: CardioMonitor Pro ECG-12
  • Model Number: CM-ECG-12-2025
  • Version: 1.1.0

  • Gültig ab: 17. November 2025- Erstellungsdatum: 17. November 2025- Letzte Überarbeitung: 17. November 2025- Creation Date: 22 September 2025

  • Letzte Überarbeitung: 19. November 2025- Last Revision: 22 September 2025

  • Nächste Überprüfung: 19. November 2026- Prepared By: [Risk Manager Name]

  • Approved By: [Quality Manager Name]

Table of Contents

  1. Introduction & Purpose
  2. Product Description & Intended Use
  3. Safety-Related Characteristics
  4. Hazard Identification
  5. Hazardous Situations & Sequences
  6. Probability Estimation
  7. Severity Determination
  8. Risk Assessment Matrix
  9. Complete Risk Analysis Table
  10. Conclusions & Recommendations

1. Introduction & Purpose

1.1 Purpose of Risk Analysis

This risk analysis serves to systematically identify, analyze, and evaluate all potential hazards and risks associated with the CardioMonitor Pro ECG-12. It forms the foundation for developing appropriate risk control measures in accordance with ISO 14971:2019.

1.2 Methodology

The risk analysis follows a structured approach:

  • HAZOP Analysis (Hazard and Operability Study)
  • FMEA Elements (Failure Mode and Effects Analysis)
  • Fault Tree Analysis for critical paths
  • Scenario-based Analysis for use cases

1.3 Scope

  • Product Lifecycle: Development through disposal
  • Stakeholders: Patients, users, service personnel, environment
  • Operating States: Normal, fault, and maintenance conditions

2. Product Description & Intended Use

2.1 Product Overview

The CardioMonitor Pro ECG-12 is a medical device for non-invasive acquisition and analysis of cardiac electrical activity via 12-lead electrocardiography.

2.2 Intended Use

  • Medical Application: Diagnostic ECG recording
  • Patient Population: Adults and children ≥2 years
  • User Group: Trained medical professionals
  • Application Environment: Hospitals, clinics, outpatient facilities
  • Application Duration: Short-term use (<30 minutes)

2.3 Foreseeable Misuse

  • Use by untrained personnel
  • Application to patients <2 years old
  • Use as continuous monitoring system
  • Application in MRI environment
  • Use during defibrillation
  • Sole reliance for critical diagnostic decisions

3.1 Energy Sources

Energy Type Characteristics Safety Relevance
Electrical Energy 100-240V AC mains, 14.4V DC battery Electric shock, burns
Thermal Energy Operating temperature up to 40°C Overheating, burns
Mechanical Energy Moving parts, printing mechanism Crushing, mechanical injury

3.2 Materials & Substances

Material Use Potential Hazard
Medical ABS Housing Biocompatibility, abrasion
Silver/Silver Chloride Electrodes Allergic reactions
Thermal Paper Printouts Chemical sensitization
Lithium-Ion Battery Fire hazard, toxic gases

3.3 Operating Environment

Umgebungsfaktor Spezifikation Sicherheitsaspekt
Temperatur +10°C bis +40°C Kondensation, Überhitzung
Luftfeuchtigkeit 15% - 93% rF Korrosion, Leckströme
Elektromagnetische Umgebung IEC 60601-1-2 Störbeeinflussungen
Mechanische Beanspruchung Tragbar, Stöße bis 2G Komponentenschäden

3.4 Software and Algorithms

Softwarekomponente Funktion Kritikalität
EKG-Analysealgorithmus Automatische Interpretation Hoch
Patientendatenverwaltung Speicherung und Abruf Mittel
Kommunikationssoftware Datenübertragung Mittel
Selbstdiagnosesystem Systemüberwachung Hoch

4. Hazard Identification

G001: Electrical Hazards

  • G001.1: Electric shock from mains voltage
  • G001.2: Elevated patient leakage currents
  • G001.3: Electrostatic discharge
  • G001.4: Defibrillation energy impact
  • G001.5: Disturbances from electromagnetic fields

G002: Thermal Hazards

  • G002.1: Device overheating
  • G002.2: Hot surfaces on contact
  • G002.3: Thermal damage from electrodes
  • G002.4: Battery overheating/fire

G003: Mechanical Hazards

  • G003.1: Sharp edges or corners
  • G003.2: Crushing by moving parts
  • G003.3: Device falling
  • G003.4: Unstable setup

4.2 Biological and Chemical Hazards

G004: Contamination Risks

  • G004.1: Cross-infection between patients
  • G004.2: Contamination by body fluids
  • G004.3: Bacterial growth on surfaces
  • G004.4: Virus/spore transmission

G005: Toxic and Allergic Reactions

  • G005.1: Allergy to electrode material
  • G005.2: Skin irritation from adhesives
  • G005.3: Chemical emissions from materials
  • G005.4: Latex allergy (if present)

4.3 Operational Hazards

G006: Malfunctions

  • G006.1: Incorrect ECG readings
  • G006.2: Failure of automatic analysis
  • G006.3: Data loss or corruption
  • G006.4: System crash during recording
  • G006.5: Faulty alarm functions

G007: User Errors

  • G007.1: Incorrect electrode placement
  • G007.2: Mix-up of patient data
  • G007.3: Misinterpretation of results
  • G007.4: Incomplete documentation

G008: Data Security and Privacy

  • G008.1: Unauthorized access to patient data
  • G008.2: Data transmission without encryption
  • G008.3: Data loss from cyber attacks
  • G008.4: Incorrect patient assignment

G009: Communication Errors

  • G009.1: Incomplete transmission of ECG data
  • G009.2: Delay of critical findings
  • G009.3: Misinterpretation of transmitted data

5. Hazardous Situations & Sequences

5.1 Scenario S001: Electric Shock During ECG Recording

Hazard Sequence:

  1. Initialization: Patient is prepared for ECG recording
  2. Hazard: Insulation fault in patient cable (G001.2)
  3. Hazardous Situation: Patient touches defective cable during recording
  4. Harm: Electric shock, possible cardiac arrhythmias

Influencing Factors:

  • Ambient humidity (increases conductivity)
  • Condition of patient cable (age, damage)
  • Patient skin moisture
  • Presence of other electrical equipment

5.2 Scenario S002: Misdiagnosis Due to Software Error

Hazard Sequence:

  1. Initialization: ECG is recorded and automatically analyzed
  2. Hazard: Algorithm error in rhythm analysis (G006.2)
  3. Hazardous Situation: Critical arrhythmia is not detected or classified as normal
  4. Harm: Delayed or incorrect treatment, deterioration of patient condition

Influencing Factors:

  • Signal quality (noise, artifacts)
  • Patient characteristics (age, heart disease)
  • Electrode placement
  • Environmental disturbances

5.3 Scenario S003: Cross-Infection Between Patients

Hazard Sequence:

  1. Initialization: ECG examination on infected patient
  2. Hazard: Inadequate cleaning of device surfaces (G004.1)
  3. Hazardous Situation: Subsequent patient comes into contact with contaminated surfaces
  4. Harm: Transmission of pathogens, secondary infection

Influencing Factors:

  • Type of pathogen
  • Survival time on surfaces
  • Cleaning protocol
  • Time interval between patients

5.4 Scenario S004: Data Loss During Critical Recording

Hazard Sequence:

  1. Initialization: ECG recording on emergency patient
  2. Hazard: Hardware failure of storage system (G006.3)
  3. Hazardous Situation: ECG data lost during recording
  4. Harm: Delayed diagnosis, need for repetition

Influencing Factors:

  • Age and condition of storage components
  • Ambient temperature
  • Mechanical stress
  • Power supply quality

5.5 Scenario S005: Allergic Reaction to Electrode Material

Hazard Sequence:

  1. Initialization: Electrode application to sensitized patient
  2. Hazard: Contact with allergenic material (G005.1)
  3. Hazardous Situation: Allergic skin reaction develops
  4. Harm: Local inflammation, systemic allergic reaction

Influencing Factors:

  • History of known allergies
  • Application duration
  • Patient skin condition
  • Electrode material and adhesive

6. Probability Estimation

6.1 Probability Scale

Level Designation Frequency Description
5 Very High >1:100 Occurs regularly
4 High 1:100 - 1:1,000 Occurs occasionally
3 Medium 1:1,000 - 1:10,000 Can occur
2 Low 1:10,000 - 1:100,000 Occurs rarely
1 Very Low <1:100,000 Practically impossible

6.2 Probability Assessment of Main Scenarios

S001: Electric Shock (Probability Assessment)

  • Based on: Historical data from similar devices, insulation tests
  • Assessment: 2 (Low)
  • Rationale: Double insulation and regular testing significantly reduce probability

S002: Misdiagnosis by Software (Probability Assessment)

  • Based on: Clinical validation studies, algorithm performance
  • Assessment: 3 (Medium)
  • Rationale: Despite 96% sensitivity, 4% error corrections remain

S003: Cross-Infection Between Patients

  • Based on: Hospital infection studies, cleaning protocols
  • Assessment: 3 (Medium)
  • Rationale: Depends on cleaning procedures and pathogen type

S004: Data Loss During Critical Recording

  • Based on: MTBF data of electronic components
  • Assessment: 2 (Low)
  • Rationale: Redundant storage systems and regular backups

S005: Allergic Reaction (Severity Assessment)

  • Based on: Epidemiological data on contact allergies
  • Assessment: 4 (High)
  • Rationale: 2-5% of population has contact allergies

7. Severity Determination

7.1 Severity Scale

Level Designation Impact Description
5 Critical Death Life-threatening injuries
4 Serious Irreversible harm Permanent impairment
3 Moderate Reversible harm Temporary impairment
2 Minor Minor injury No medical treatment needed
1 Negligible Discomfort No physical harm

7.2 Severity Determination of Main Scenarios

S001: Electric Shock

  • Possible Harms: Cardiac arrhythmia, burns, death
  • Assessment: 5 (Critical)
  • Rationale: Electric shock can be life-threatening in cardiac patients

S002: Misdiagnosis by Software

  • Possible Harms: Delayed/incorrect treatment, health deterioration
  • Assessment: 4 (Serious)
  • Rationale: Missed myocardial infarctions can lead to permanent damage

S003: Cross-Infection

  • Possible Harms: Secondary infection, sepsis, possible death
  • Assessment: 4 (Serious)
  • Rationale: Nosocomial infections can have severe consequences

S004: Data Loss

  • Possible Harms: Delayed diagnosis, need for repetition
  • Assessment: 3 (Moderate)
  • Rationale: Time delay may be treatable, mostly reversible

S005: Allergic Reaction

  • Possible Harms: Skin inflammation, local reactions, rarely systemic reactions
  • Assessment: 2 (Minor)
  • Rationale: Mostly local, treatable reactions

8. Risk Assessment Matrix

8.1 Risk Matrix (Probability × Severity)

Critical (5) Serious (4) Moderate (3) Minor (2) Negligible (1)
Very High (5) 25 20 15 10 5
High (4) 20 16 12 8 4
Medium (3) 15 12 9 6 3
Low (2) 10 8 6 4 2
Very Low (1) 5 4 3 2 1

8.2 Risk Assessment of Main Scenarios

Scenario Probability Severity Risk Score Classification
S001: Electric Shock 2 5 10 Conditionally acceptable
S002: Misdiagnosis 3 4 12 Conditionally acceptable
S003: Cross-Infection 3 4 12 Conditionally acceptable
S004: Data Loss 2 3 6 Acceptable
S005: Allergic Reaction 4 2 8 Acceptable

8.3 Risk Classification

  • Risk Score 16-25: Unacceptable (Red)
  • Risk Score 9-15: Conditionally acceptable (Yellow)
  • Risk Score 4-8: Acceptable (Green)
  • Risk Score 1-3: Negligible (Blue)

9. Complete Risk Analysis Table

ID Hazard Hazardous Situation Harm P S R Classification
R001 Electric Shock Insulation fault during ECG Cardiac arrhythmia, death 2 5 10 Conditionally acceptable
R002 Misdiagnosis Algorithm fault Incorrect treatment 3 4 12 Conditionally acceptable
R003 Cross-Infection Inadequate cleaning Secondary infection 3 4 12 Conditionally acceptable
R004 Data Loss Hardware failure Delayed diagnosis 2 3 6 Acceptable
R005 Allergic Reaction Electrode contact Skin inflammation 4 2 8 Acceptable
R006 Overheating Thermal overload Burns 2 3 6 Acceptable
R007 Mechanical Injury Sharp edges Cuts 3 2 6 Acceptable
R008 Privacy Breach Unencrypted transmission Privacy violation 3 2 6 Acceptable
R009 Battery Failure Power supply interruption Incomplete recording 3 2 6 Acceptable
R010 Wrong Patient Assignment User error Data mix-up 2 3 6 Acceptable
R011 Electromagnetic Interference EMC impact Incorrect measurements 3 3 9 Conditionally acceptable
R012 Software Crash Program error System failure 2 2 4 Acceptable
R013 Printer Error Mechanical defect Missing documentation 3 2 6 Acceptable
R014 Display Failure Electronic fault No display 2 2 4 Acceptable
R015 Cable Break Mechanical stress Signal interruption 3 2 6 Acceptable
R016 Condensation Moisture exposure Short circuit 2 4 8 Acceptable
R017 Electrode Detachment Insufficient adhesion Signal loss 4 2 8 Acceptable
R018 Incorrect Calibration System drift Inaccurate measurements 2 3 6 Acceptable
R019 Virus Infection (IT) Malware attack System compromise 2 3 6 Acceptable
R020 Device Falling Over Unstable placement Device damage 3 2 6 Acceptable
R021 User Error Untrained user Incorrect operation 4 3 12 Conditionally acceptable
R022 Alarm Failure Software fault Missed critical findings 2 4 8 Acceptable
R023 Memory Overflow Data volume too large Data loss 2 2 4 Acceptable
R024 Network Interruption Connection failure No data transmission 3 2 6 Acceptable
R025 Time Error Clock synchronization Incorrect timestamps 2 2 4 Acceptable

9.1 Risk Assessment Summary

  • Total Identified Risks: 25
  • Unacceptable Risks: 0
  • Conditionally Acceptable Risks: 5 (R001, R002, R003, R011, R021)
  • Acceptable Risks: 19
  • Negligible Risks: 1

9.2 Priority Risks for Control

Highest Priority (Risk Score ≥ 10):

  1. R002: Misdiagnosis by software fault (Score: 12)
  2. R003: Cross-infection (Score: 12)
  3. R021: User error by untrained users (Score: 12)
  4. R001: Electric shock (Score: 10)

Medium Priority (Risk Score 6-9):

  • R011: Electromagnetic interference (Score: 9)
  • 10 additional risks with score 6-8

10. Conclusions & Recommendations

10.1 Risk Analysis Summary

The systematic risk analysis identified 25 potential risks for the CardioMonitor Pro ECG-12. The analysis shows that:

  • No risk classified as unacceptable
  • 5 risks conditionally acceptable requiring risk control measures
  • 20 risks acceptable or negligible

10.2 Main Findings

Critical Risk Areas

  1. Electrical Safety: Potentially life-threatening consequences
  2. Software Reliability: Impact on diagnostic quality
  3. Infection Prevention: Hygienic safety
  4. User Training: Operational safety

Positive Aspects

  • No risks in unacceptable range
  • Balanced risk distribution
  • Technical safety measures already implemented

10.3 Recommendations for Risk Control

Immediate Measures

  1. Enhanced quality assurance of ECG analysis software
  2. Development of cleaning protocols for infection prevention
  3. Implementation of training programs for users
  4. Additional electrical protection measures

Long-Term Strategies

  1. Continuous monitoring of post-market performance
  2. Regular updates of risk assessment
  3. Algorithm improvement through machine learning
  4. Development of additional safety features

10.4 Next Steps

  1. Development of risk control measures for the 5 conditionally acceptable risks
  2. Verification and validation of implemented measures
  3. Assessment of residual risks after implementation
  4. Creation of risk management report
  5. Establishment of post-market surveillance system

10.5 Document Validation

Completeness: ✓ All relevant hazards identified
Systematic Approach: ✓ Structured method per ISO 14971
Traceability: ✓ Assessments documented and justified
Maintainability: ✓ Living document for continuous improvement

Release for Further Processing: The risk analysis is complete and can be used as a basis for risk control.

Annexes

Annex A: References

  • ISO 14971:2019 - Application of risk management to medical devices
  • IEC 60601-1:2012 - Medical electrical equipment
  • IEC 62304:2006 - Medical device software
  • ISO 13485:2016 - Quality management systems

Annex B: Definitions Glossary

  • Hazard: Potential source of harm
  • Hazardous Situation: Circumstances in which persons are exposed to a hazard
  • Harm: Physical injury or health impairment

Annex C: Change History

Version Date Changes Author
1.0 22.09.2025 Initial version [Name]
2.0 26.09.2025 Format [Name]

Approvals

Role Name Signature Date
Risk Manager [Name] [Signature] [Date]
Clinical Advisor [Name] [Signature] [Date]
Quality Manager [Name] [Signature] [Date]

See also

Anhang D: Änderungshistorie

Datum Version Autor Änderungen
19. November 2025 1.1.0 Unbekannt Automatische Metadatenaktualisierung
17. November 2025 1.0.1 Unbekannt Automatische Metadatenaktualisierung