3 Non-negotiables for Managing Business Risk as a Medical Device Company

November 11, 2021

3 Non-negotiables For Managing Business Risk As A Medical Device Company

How seriously do you take risk management? This may seem like an inane question, especially for a professional in the medical device industry.

Creating a medical device - from napkin drawings to market debut - is a journey defined by managing risk at all turns. We see risk management take form in our painstaking design processes, through the watchful eye of regulatory authorities, and beneath the mountains of required documentation and paperwork.

But what about the business itself? Risk can come in many forms, and the success of your medical device product and your medical device company are often intertwined. 

Do you have financial protection from potential accidents or losses that may occur? Is capital being allocated throughout the organization efficiently? Are opportunities within the regulatory landscape being leveraged or missed?

When done correctly, risk management is a total life-cycle process.  You need to be certain you’re not just fending potential threats to the livelihood of your company, but avoiding them before they can appear. 

And while every company and product is unique, there are some definite must-haves for controlling risk that are not up for debate. Let’s take a closer look at the top three non-negotiables for business risk management as a medical device company.

BONUS RESOURCE: Click here to download your free copy of our Checklist for Protecting your IP throughout the MedTech Lifecycle.

Manage risk the right way by incorporating design controls early on

69% of first time 510(k) submissions are rejected. Regardless of the cause; ultimately, the result is an expensive delay to market with new risk and pressure unnecessarily added to the business with getting it right the second time around.

This pressure can have residual impacts on marketing, cashflow, sales, and even talent acquisition. The fact is that no matter how ingenious the idea, a device that fails to meet safety requirements for clearance can cause major issues in the company’s ability to thrive.

Enter the need for design controls, one of four distinct parts of a quality system

Connecting design controls to your risk management process is one of the most effective ways to avoid setbacks during your journey to market. Bridging together your design controls and risk management processes can ensure the devices you design, develop, manufacture, and market are as safe and effective as possible. 

Unfortunately, many companies treat design controls and risk management as being separate entities. In fact, this need for quality control throughout processes should be another element of your business’ risk management strategy. 

A great place to start is by carefully examining your device's intended use. Intended use defines the scope for design and development, as well as the application in a device, and it should be integrated into your risk management process.

Remember, risk management doesn’t start during product development. It is product development. It may sound reductive or hyperbolic, but remember that patients' lives are literally in the same hands as our devices.

Protect your intellectual property the right way

Medical devices, especially those that fall into the software as a medical device (SaMD) category, are rife for reverse engineering tactics from competitors. 

Whether you’re in the early stages of design and development, or you’ve crossed the threshold into market approval, protecting the ideas behind your device truly comes down to due diligence and the development of a proactive legal strategy for intellectual property (IP).

First up, and I cannot stress this enough: consult with industry-specific legal counsel before you disclose any element of your invention. These are the pros and can evaluate the legitimacy of your device from an IP perspective. 

This point of view is hugely important during all stages of a product life cycle. Are you infringing on any existing patented technology? Are you looking to improve upon a predicate device? Does your 510(k) submission reflect that? The answers to these questions can present real risk to your business if not properly addressed and managed.

Additionally, you should be considering how to best utilize two avenues in IP protection: 

  • Patents

  • Trade secrets

Patents are worded to legally protect your device as well as any and all manufacturing components included therein. The process for obtaining a patent, however, is lengthy and time-consuming. 

For many medical device companies, particularly medtech startups, this may not be a viable option. Even for larger companies, patents only have a 20-year lifetime, meaning you’ll still need to publicly disclose your IP once the patent has expired.

Trade secrets, on the other hand, represent a much more cost-effective and immediate solution to intellectual property strategy. 

These are obtained by way of employment NDAs and confidentiality agreements with third-party vendors, as well as documentation and marking of all materials as secret. This is a free route and is indefinite; for example, the recipe for Coca Cola, invented in 1892, is still unknown thanks to trade secrets.

One limitation of trade secrets you should note is that they do not protect against “parallel thought.” Quick-moving medtech fields like SaMD tend to operate using an iterative process, and even if you're keeping something as a trade secret, somebody can develop it independently of you. 

This kind of competitive business intelligence tends to work best with a strategy that utilizes a combination of these approaches. 

For instance, novel elements of your medical device that could be reverse-engineered if disclosed during public fundraising rounds or a commercial launch would be best protected by patents. 

For other aspects like internal processes or SOPs that will inevitably be discovered by competitors, it probably makes more sense to use a trade secret and avoid the costly path of patents. 

In summation: there’s a lot of important considerations to make when it comes to protecting your IP, which is why I want to ingrain into your head once more those two golden words: lawyer up.

Protect the livelihood of your medical device business with insurance

We can’t talk about risk without mentioning insurance. Though it’s often an afterthought, particularly in the early stages of your device, your product will soon become an actual manufactured device used in a real world setting on patients. 

If even the slightest mishap occurs, this could cause massive liability concerns for your business. I don’t know about you, but I’d hate for that to be the time to ask, “Are we covered for this?” 

This is especially true for high-growth, scale-up companies. During periods of rapid growth, distribution models and selling strategies become increasingly complex, as each has its own unique set of contracts and risks that need to be assessed and recommendations to be taken into consideration. 

Much like with actual product risk, this contractual liability can be a serious threat to the livelihood of your business. Luckily, there are specialty firms for medical device-related insurance who can do more than just sell you a plan, they can actually help you plan. 

These niche services include consulting services like charting lifecycles for products and company growth, as well as advising on all things risk management. 

Identifying risks and mitigating them with liability insurance only enables your medical device company to stay focused on what you do best: designing, manufacturing, and marketing a safe and effective product.

BONUS RESOURCE: Click here to download your free copy of our Checklist for Protecting your IP throughout the MedTech Lifecycle.

Act proactively, not reactively to managing your medical device business risk

Risk management is a deceptive term. Management of risk suggests a reactive approach akin to controlling damages after a public mishap. But best-in-class risk management is all about anticipating potential risks to your business and financial health and implementing proper mitigation measures.

Greenlight Guru offers the only dedicated Risk Management Software solution that aligns with ISO 14971:2019, allowing teams to integrate the latest risk management best practices into every area of your QMS, providing you with a complete and accurate picture of all known risks across not just your product, but your entire organization. Take the first step now, get your free personalized demo of Greenlight Guru →

Looking for a design control solution to help you bring safer medical devices to market faster with less risk? Click here to take a quick tour of Greenlight Guru's Medical Device QMS software


Taylor Brown is a Medical Device Guru, certified Lead Auditor for ISO 13485, and a card-carrying Quality Nerd. She got her start in the industry as a technical writer and quickly became an audit readiness and support specialist, traveling around the United States to establish ISO 13485 compliant quality systems. She...

Free Checklist:
Protecting your IP throughout the MedTech Lifecycle
Download Now
Checklist for Protecting your IP throughout the MedTech Lifecycle - Slide in Cover
Search Results for:
    Load More Results