×
| qtec-group

Usability, Risk Management, and Design Control – Three Paths, One Goal

Breaking down silos, creating value: Usability meets Design Control and Risk Management.

Three essential disciplines—often viewed separately but deeply interconnected. When strategically aligned, they reduce risks, improve design decisions, and ultimately lead to effective medical devices.

The development of safe and usable medical devices is a team effort. Usability engineering, risk management, and design control play a central role. These three processes are closely linked, often overlapping in their goals and requirements. Their synergies should be deliberately leveraged to meet regulatory requirements while developing high-performing, safe, and user-friendly products. Effectiveness is mandatory—efficiency is the differentiator that saves both time and cost.

 

Chapters
  1. Different Focus, One Common Goal: Effective Medical Devices
  2. Regulatory Requirements: Why an Integrated Approach Is a Must
  3. More Than the Sum of Its Parts: Where Usability, Risk & Design Intersect
  4. User-Centered Design: The Key to Safe and Intuitive Medical Devices
  5. Usability as a Safety Factor: Mitigating Risk Through Design
  6. Validation and Verification: The Final Checkpoint
  7. Practical Tips for Manufacturers: How to Successfully Integrate
  8. Conclusion: Harnessing Synergies – Developing More Efficiently

Different Focus, One Common Goal: Effective Medical Devices

When was your last first aid course? Picture this: you're in an emergency situation and need to use a public AED (Automated External Defibrillator) to perform resuscitation. You turn it on, and the voice prompt says, “Attach pads correctly.” But the electrodes won’t stick, you’re unsure, and precious seconds are lost in the panic.

This scenario illustrates a hazard-related use case—and marks the starting point of a relay race between three disciplines working toward a safer and more user-friendly AED design. Safety begins with…

Risk Management

Together with usability engineering, potential hazards are identified—such as incorrect pad placement—that could result in harm. Corresponding risk controls and the resulting user interface specifications serve as critical inputs for development.

Design Control

Insights from risk analysis and usability engineering are translated into concrete technical requirements. For example, design inputs may include sensors to detect improper pad placement or intuitive voice instructions to guide users.

Usability

Usability engineering supports development through formative evaluations to test and refine design ideas. The final instruction—“Place the electrodes precisely on the marked areas and press firmly to ensure safe contact”—is evaluated in a summative usability test for its effectiveness.

But could it be even more user-friendly to design pads that can't be placed incorrectly in the first place? While this represents an exciting technological challenge, it immediately triggers another round of risk management to assess any new potential risks. The race for innovative and safe solutions continues.

This example illustrates how each discipline’s unique perspective helps achieve a shared goal through collaboration.

 Usability Focus: Safe and Effective Use

Usability engineering aims to ensure that a product can be used effectively and safely by the intended users under expected use conditions. The user is at the center, and risks or errors are minimized through optimized user interfaces. Iterative testing in simulated or actual use scenarios with representative users plays a key role. In the case of the AED, both lay users and professional responders (e.g., EMTs or emergency physicians) must be considered.

Risk Management Focus: Identifying Hazards and Controlling Risks

Risk management focuses on identifying hazards and hazardous situations that could cause harm, and on assessing and mitigating resulting risks. The medical device and its safety-relevant characteristics are at the core. Risks must be controlled through design, protective measures, and safety information. Controls may target the product itself or relevant processes. Fundamental safety requirements, based on the current state of the art, must always be taken into account.

For AEDs, this includes not only the shock delivery system but also the electrodes and visual or auditory user guidance—each of which must be analyzed for safety implications.

Design Control Focus: Systematic Development Oversight

Design control ensures that all requirements—functional, performance-related, safety, usability, and regulatory—are systematically integrated into the development process. The focus is on the design itself, ensuring safe and effective use throughout the entire product lifecycle.

For AEDs, the collateral standard IEC 60601-2-4 defines both specific safety measures and essential performance characteristics. For public use, Annex I of the MDR 2017/745 also imposes additional regulatory requirements that must be considered.

To implement these approaches effectively, it's crucial to embed usability engineering and risk management—both mandated by standards—into the overarching design control process.

| qtec-group

Relevant Standards and Regulations

The following standards and regulatory frameworks explicitly call for coordination between usability engineering, risk management, and design control:

IEC 62366-1

  • Requires the integration of a systematic usability engineering process into the development process as defined by ISO 13485.
  • Refers to ISO 14971 as a complementary and applicable standard.
  • Aims to identify risks arising from use errors and reduce them through user-centered design.
  • Mandates the creation of a Usability Engineering File (UEF) to document the user-focused development process.

ISO 14971

  • Requires the identification of hazards and hazardous situations, including those caused by user errors, as well as the assessment and control of resulting risks.
  • Emphasizes the importance of design verification and validation to confirm that risk control measures are properly implemented and effective.
  • Mandates a Risk Management File, including a risk management plan, risk analysis documentation, and a risk management report.

ISO 13485

  • Demands a risk management process as an integral part of product realization.
  • Expects requirements related to function, performance, safety, and usability to be included as design inputs, which must be validated for their intended use.
  • Requires comprehensive design and development documentation, from initial requirements analysis to final validation.

FDA 21 CFR 820.30

  • Requires the systematic application of design controls to ensure that products meet safety and user requirements.
  • Identifies risk management and human factors engineering as supporting processes. Risk management begins with the definition of design requirements.
  • The risk associated with device use influences the scope of the design input.
  • The results of risk analysis are considered part of the design output.
  • Design validation must include testing under actual or simulated use conditions.
  • Requires the creation of a Design History File (DHF)—similar in purpose to the design documentation required by ISO 13485.

EU MDR (2017/745)

  • Article 10 (“General Obligations of Manufacturers”) requires a structured product realization process and a risk management system in accordance with Annex I, Section 3.
  • Annex I defines general safety and performance requirements, including the obligation to reduce risks related to use errors and ergonomic features.
  • Post-market surveillance (Article 83) places usability improvement on equal footing with safety and performance monitoring.
  • Annex II outlines the contents of the technical documentation, including product description, intended purpose, safety and performance requirements, and information on design and risk management.

Key documents from the Usability Engineering File (UEF), Risk Management File, and Design History File may be interlinked to fulfill the regulatory requirements of IEC 62366-1, ISO 14971, and ISO 13485/FDA 21 CFR 820.30. Shared inputs and outputs allow these files to build upon and complement each other.

Overview of shared or related content across required documentation:

| qtec-group

More Than the Sum of Its Parts: Where Usability, Risk, and Design Intersect

The interaction between usability engineering, risk management, and design control becomes especially clear when looking at how these disciplines contribute to meeting performance, safety, and usability requirements throughout the development process. The following fast-track walkthrough illustrates this synergy:

  • Development begins with the identification of user needs.
  • An analysis of the use context results in the use specification, which forms the basis for defining the intended purpose of the device.
  • The intended purpose serves as a starting point for design control and sets the framework for risk management.
  • During design input, requirements regarding both safety and usability must be taken into account.
  • This requires identifying safety-relevant features of the product and user interface, which also form the basis for hazard identification.
  • The analysis of hazard-related use scenarios provides input for the risk analysis. Potential use errors identified here are part of the event chains that can lead to hazardous situations.
  • Risk control measures are complemented by user interface specifications, which are then fed back into the development process. Designing for inherent safety takes top priority. 

Usability engineering and risk management in particular offer powerful opportunities to jointly address overlapping requirements. The overarching goals of risk management are enhanced and supported by the user-focused results of usability engineering:

| qtec-group

User-Centered Design: The Key to Safe and Intuitive Medical Devices

Identifying and integrating user needs is a critical task that connects all three domains—usability engineering, risk management, and design control. While usability engineering focuses on analyzing user groups and use contexts, risk management identifies potential hazards caused by use errors or misuse. Design control ensures that these requirements are systematically captured and implemented during product development.

A fundamental prerequisite for user-centered design is the ability to empathize with the user. User needs should be formulated in user language, clearly describing the task to be accomplished. Use errors and potential misuse can only be identified if the actual usage is well understood and realistic use scenarios are defined.

Usability tests, interviews, and other usability engineering methods can make real-world conditions—including likely user errors—visible and tangible.

Let’s look at a concrete example where this interplay becomes visible during a risk analysis. The safety-relevant feature under investigation is the tubing system of a blood pump used in extracorporeal circulation—e.g., during ECMO therapy:

Application Context:
An extracorporeal membrane oxygenation (ECMO) procedure is being performed in an intensive care unit on a patient with severe lung failure. The ECMO setup consists of a blood pump, an oxygenator, and a tubing system that draws venous blood, oxygenates it, and returns it to the patient’s circulation.

Safety-Relevant Feature:
(To be specified by the manufacturer—e.g., tubing connectors, flow sensors, clamping mechanism, etc.)
Hazard:
(Example: Air embolism due to improper tubing connection)
Hazardous Situation:
(Example: Venous tubing disconnected while pump is running)
Harm:
(Example: Air entering bloodstream risk of stroke or cardiac arrest)
Risk Controls:
  • Color-coded connectors to prevent misconnection
  • Sensor-based alarms for pressure drop detection
  • Locking mechanism for secure tubing connection
Risk Controls
Schutzmaßnahmen Design:
  • Geeignetes Schlauchsystem (Berücksichtigung normativer Anforderungen z.B. ISO 15676)
  • Undichtigkeitssensoren, die Blutverluste detektieren
Informationen zur Sicherheit:
  • Lagerungsbedingungen und Haltbarkeitsdatum für die Schlauchsysteme
  • Visuelle Dichtigkeitsprüfung vor jeder Anwendung (in Gebrauchsanweisung beschrieben)
Use Scenario related to the hazard (task sequence):
  1. Connect tubing between patient and ECMO pump
  2. Secure tubing and verify all connections
  3. Start pump
  4. Monitor flow and pressure
Sequence of Events leading to the hazardous situation:
  1. Tubing not properly connected
  2. Pump is activated
  3. Air enters the line
  4. Air embolism occurs

Additional risk control measures must be analyzed and implemented accordingly.

What to Keep in Mind When Analyzing Use Scenarios and Event Sequences:

  • Use scenarios are analyzed as part of usability engineering and describe user-centered workflows in real-life application contexts.
  • Not every use scenario leads to a hazardous situation.
  • The sequence of events is part of the risk analysis and includes critical incidents that may lead to harm.
  • Risk analysis assumes the presence of a hazard (i.e., a potential source of harm).
  • A use scenario may include a sequence of events, but not every event sequence qualifies as a complete use scenario.
  • Use errors are part of the event chain. According to the standard definition, a use error only occurs when a user performs an incorrect action or omission.
  • Perception and recognition errors are not use errors per se but are considered contributing causes or root factors that can lead to a use error.

Reasonably Foreseeable Misuse:

In line with regulatory expectations (e.g., ISO 14971 and IEC 62366-1), foreseeable misuse—whether due to poor interface design, stress, inexperience, or misunderstanding—must be proactively considered, assessed, and mitigated.

| qtec-group

Usability as a Safety Factor: Mitigating Risks Through Design

When it comes to safety, usability engineering, risk management, and design control must work in concert. Risk control measures are to be implemented according to the principles of safety—with the highest priority placed on inherently safe design and manufacturing of the medical device, supported by protective measures and safety-related information. For risks related to user interaction, inherent safety can only be achieved through user-centered design. In this context, usability sets the pace:

  • Usability Engineering:
    Iterative testing with representative users helps identify potential sources of error and weaknesses in the user interface design early in the development process. These insights not only enhance usability but also mitigate risks caused by use errors, directly through improved interface design.
  • Risk Management:
    The risk analysis draws on hazard-related use scenarios, including their task analyses, to identify critical steps in the event sequence. Risk control measures are then applied at these critical points, following the required hierarchy of control (inherent design, protective measures, safety information).
  • Design Control:
    Insights from usability testing and risk analysis are translated into technical requirements and specifications. Only by doing so can risk controls be integrated into the design itself. This process also helps to avoid costly late-stage design changes.

A concrete example of this collaboration is the optimization of safety-related information—typically considered the least effective risk control. These controls are only effective when:

  • the right information is presented
  • in the right place,
  • clearly formulated,
  • and delivered through the appropriate medium.

Here’s how the disciplines collaborate:

  • Risk Management identifies safety-critical content that needs to be communicated.
  • Usability Engineering ensures that the information is noticed and understood by users during real-world tasks, through targeted usability tests.
  • Design Control translates these findings into concrete design outputs, such as instructions for use, warning labels, or product markings, ensuring the manufacturer’s information achieves its intended effect.
| qtec-group

To ensure that such measures have a lasting effect, it is crucial to monitor their effectiveness even after they have been placed on the market as part of post-market surveillance and to initiate improvements where necessary.

Validation and verification: the last checkpoint before the goal

Validation and verification are integral parts of the development of medical devices and require close cooperation between usability, risk management and design control:

  • Usability:
    Validates whether the product can be used safely and effectively in real application scenarios. This includes summative evaluations in which it is checked whether users can use the product as intended.
  • Risk management:
     Verifies that all risk minimization measures are implemented and effective. This also includes risk controls for the manufacturing process.
  • Design Control:
     Verifies that the defined requirements are met and validates that the final medical device can be used safely and effectively as intended.

Critical deviations during verification or validation may require design changes or even an adaptation of the intended purpose. In such cases, risk management and usability engineering activities must be repeated accordingly.

If all three domains have worked together effectively, the project is ready to move a major step closer to market launch.

Practical Guidance for Manufacturers: How to Make Integration Work

Integrating usability engineering, risk management, and design control successfully requires technical expertise, but also organizational discipline and strategic alignment. The following best practices can help optimize your processes:

Engage With Users

Ensure that the user is more than just a requirement—they must be actively involved:

  • Leverage existing networks: Ask real users and consult external expert panels.
  • Adopt cross-industry methods: Consider tools like Voice of the Customer from Six Sigma to capture user expectations.
  • Go to where the action is: Apply Gemba Walks (a Lean principle) by visiting hospitals or labs to observe the product in use and understand practical workflows.

Build Interdisciplinary Teams

Teams that bring together experts in usability, risk, and design can tackle challenges holistically:

  • Encourage regular cross-functional communication.
  • Conduct technical reviews between official design reviews to evaluate test results, risks, and design changes jointly.
  • Promote transparency and compromise in decision-making.

Establish Iterative Processes

An iterative development model reduces late-stage changes and design risks:

  • Schedule multiple test cycles at different stages of development.
  • Use prototypes or models early to gather real-world feedback.
  • Make usability a standing item in your design review agenda.

Ensure Efficient Documentation

Avoid redundant effort by using shared content and smart documentation practices:

  • Use modular documentation and a central repository to manage a "single source of truth."
  • Replace duplication with cross-references between the risk management file, usability engineering file, and design history file.
  • Ensure clear interface definitions and use standardized templates to guide consistent documentation across teams.

Use Technology and Invest in Training

Digital tools and team education are key enablers:

  • Invest in requirements and risk management tools that support traceability and cross-functional workflows.
  • Offer regular training on regulatory requirements and industry best practices.

Conclusion: Leveraging Synergies for Smarter Development

The interfaces between usability, risk management, and design control form the backbone of an effective medical device development process. These three disciplines operate like interlocking gears to ensure clinical performance, safety, usability, and regulatory compliance.

Their integration is not only a regulatory requirement, but also an opportunity to streamline development and accelerate time to market.

Key Principles of Integration:

  1. User-Centered Design as a Guiding Principle
    The needs and abilities of the user, combined with the context of use, form the foundation for all decisions—from risk analysis to design specification.
  2. Regulatory Compliance Through Interaction
    Global standards such as IEC 62366-1, ISO 14971, ISO 13485, and FDA 21 CFR 820.30 require close interconnection between the three processes to achieve their shared goal.
  3. Efficiency Through Synergies
    Recognizing overlaps and reusing content avoids duplication and inconsistencies. A structured documentation system and digital tools support this effort.
  4. Continuous Improvement
    Ongoing formative evaluations, iterative risk analysis, and structured design reviews ensure that issues are addressed early and new insights are continuously integrated.

The integration of usability, risk management, and design control is not a bureaucratic exercise—it is a strategic advantage. Manufacturers who align these domains create the foundation for long-term success: faster development, regulatory compliance, and above all—better, safer products that improve lives.

| qtec-group

Unser Expertenwissen für Ihren Erfolg

Wir haben fundiertes Fachwissen bei der Zulassung von Medizinprodukten weltweit. Ich beantworte Ihre Fragen rund um die MDR und stelle auf Wunsch ein Projekt-Team für Sie zusammen.

Kontakt +49 451 808 503 60

 
qtec Newsletter Isometische Figur

Unser Newsletter „qonzentrat“

kompakt, professionell und präzise

Profitieren Sie von unserem Fachwissen.

Jetzt anmelden

Similar posts

| qtec-group
2. July 2025

Scientific Writing for In Vitro Diagnostic Manufacturers

weiterlesen
| qtec-group
27. June 2025

Usability Engineering: More Than Just Compliance – A True Success Factor

weiterlesen
| qtec-group
4. June 2025

AI in medical devices – Principles and requirements of the EU AI Act

weiterlesen