Patient Safety Metrics That Actually Convince Notified Bodies

Written by HATEM RABEH, MD, MSc Ing

Your Clinical Evaluation Expert And Partner

in
S

This happens more often than it should. Teams collect mountains of safety data, build detailed tables, track every conceivable metric. Then they face a basic question during review: which of these outcomes genuinely reflect the safety profile that matters for this device?

The answer is rarely obvious. And when it is not answered convincingly, the entire clinical evaluation loses credibility.

The Gap Between Data Collection and Safety Demonstration

MDR Article 61 requires manufacturers to demonstrate a favorable benefit-risk ratio based on clinical data. Annex XIV specifies that the clinical evaluation must identify and address residual risks. MDCG 2020-13 on clinical evaluation emphasizes that safety outcomes must be relevant to the intended use and target population.

In practice, this means you cannot simply report what studies measured. You must explain why those measurements matter for patient safety in your device context.

Most CERs fail here. They present safety data as if the relevance is self-evident. Device causes no infections, no device-related adverse events, no serious complications. The tables are clean. The statistics look favorable.

But the reviewer asks: were these the right endpoints to measure? Do they capture the actual safety concerns for this device type? Are there known risks that were not evaluated at all?

Starting From Risk, Not From Available Data

The correct sequence is reverse from what most teams follow.

You do not start with the literature, extract safety data, and then declare your device safe. You start with your risk analysis. You identify the hazardous situations. You determine what could go wrong, how it could harm patients, and what evidence would demonstrate those risks are controlled.

Only then do you search for data that addresses those specific risks.

This is not a theoretical distinction. When a Notified Body reviews your clinical evaluation, they have your risk management file in parallel. They are checking whether the clinical data addresses the risks you identified. If your CER discusses infection rates but your risk file highlights mechanical failure, there is a disconnect.

I have seen CERs rejected because the safety outcomes reported in the clinical evaluation did not align with the hazards documented in ISO 14971 analysis. The data was good. The studies were relevant. But the connection between identified risk and demonstrated safety was missing.

The Metrics That Actually Matter

So which safety outcomes should you track?

There is no universal list. It depends entirely on your device, its mechanism of action, the clinical procedure, and the target population. But there are patterns that work across reviews.

Device-Related Adverse Events

This is foundational. Not just serious adverse events. All adverse events that are plausibly related to device use. The challenge is distinguishing device-related events from procedure-related or disease-related events.

Manufacturers often report that zero device-related AEs occurred. Reviewers read this with skepticism. Either the study did not capture device effects properly, or the causality assessment was too lenient. A more credible presentation acknowledges all adverse events, explains the causality assessment method, and discusses which events might be device-related even if causality is uncertain.

Procedure-Related Complications Specific to Device Use

Some complications occur during or after the procedure specifically because this device was used instead of an alternative. These are critical for benefit-risk assessment.

Example: a new vascular access device may reduce infection risk but increase insertion difficulty leading to more vascular injury. If your clinical evaluation only reports infection rates, you miss the trade-off. The reviewer will notice.

Long-Term Safety Outcomes Where Applicable

For implantable devices, short-term safety is not sufficient. MDR Annex XIV explicitly requires long-term data when the device remains in the body. This means tracking outcomes over months or years depending on device life.

Many CERs present 30-day or 90-day follow-up and claim long-term safety is addressed. Unless your device degrades or is removed within that timeframe, this is inadequate. You need evidence that covers the actual duration of patient exposure.

If that data does not exist, you acknowledge the gap and explain how your PMCF will address it. You do not pretend the gap does not exist.

Outcomes Reflecting Specific Hazards in Your Risk File

This is where clinical evaluation connects to risk management. If your risk analysis identifies tissue necrosis as a hazard, your clinical evaluation must present data on tissue response. If thermal injury is a concern, temperature measurements or burn incidence must be reported.

The metric matters because the hazard exists, not because the literature commonly reports it.

I reviewed a CER for an energy-based surgical device. The risk file listed nerve damage as a potential harm. The clinical evaluation discussed efficacy, procedure time, blood loss, infection rates. Nerve injury was mentioned in one sentence: “No nerve injuries reported.”

That is not sufficient. The reviewer wants to know: was nerve injury systematically assessed? What methods were used? What follow-up duration? Were there subclinical nerve effects that did not meet the threshold of “injury” but still matter?

One sentence does not answer these questions.

The Problem of Surrogate Endpoints

Some safety metrics are not direct measures of patient harm. They are markers that predict safety outcomes.

Biocompatibility testing results. Bench test performance. Imaging findings without clinical correlation. These can be relevant, but they are not sufficient on their own.

A coating passes ISO 10993 biocompatibility tests. That is evidence of safety. But it does not replace clinical evidence of tissue response when the device is used in patients. The bench test predicts safety. The clinical outcome demonstrates it.

Reviewers are trained to recognize when clinical evaluation relies too heavily on surrogate endpoints. If your device contacts tissue, they expect tissue response data from clinical use, not just material characterization.

This becomes especially problematic when manufacturers use equivalence. They claim their device is equivalent to a predicate, therefore safety is demonstrated. But if the predicate’s clinical data only reports surrogate endpoints, the equivalence does not bridge to patient safety outcomes. You inherit the gap.

Quantifying Safety: The Magnitude Question

Reporting that adverse events occurred is not enough. The question is: how often, how severe, and compared to what?

A complication rate of 5% might be excellent for one device type and unacceptable for another. Context matters. Your clinical evaluation must provide that context.

This means comparing your device safety profile to:

– Alternative treatments for the same condition
– Previous generation devices
– Published benchmarks for the procedure
– Regulatory precedents if available

Without this comparison, a reviewer cannot assess whether the safety profile is favorable. A 3% infection rate is just a number. Against a 7% rate for standard of care, it looks good. Against a 0.5% rate for an existing device, it looks problematic.

I see many CERs present safety outcomes in isolation. The data is accurate. The metrics are relevant. But there is no context to interpret whether the magnitude of risk is acceptable.

MDCG 2020-13 addresses this explicitly. The clinical evaluation must interpret safety data in context of benefit-risk and state of the art. A table of AE rates without interpretation does not fulfill this requirement.

When Safety Metrics Conflict

Sometimes different safety endpoints point in opposite directions. One metric shows improvement, another shows deterioration. How you handle this reveals whether your clinical evaluation is honest.

Example: a new surgical technique reduces procedure time (good for reducing anesthesia exposure) but increases learning curve complications (bad for early patient safety). Both are legitimate safety considerations.

A weak CER emphasizes the positive metric and minimizes the negative one. A strong CER acknowledges both, explains the trade-off, and discusses how the overall benefit-risk remains favorable.

Reviewers know that no device is perfect. They are not looking for zero risk. They are looking for transparent benefit-risk assessment. When you hide or downplay conflicting safety signals, you lose credibility.

I reviewed a file where the manufacturer’s PMCF data showed increased minor complications compared to pivotal trial. The CER mentioned this in passing, attributed it to “real-world variability,” and moved on. The Notified Body asked for detailed analysis. Why did the rate increase? Is it a device issue, a training issue, a patient selection issue? What is being done to address it?

The manufacturer had to revise the entire safety section because they had not taken their own post-market data seriously.

From Metrics to Conclusions

Collecting the right safety metrics is necessary. Drawing the right conclusions is what matters.

Your clinical evaluation must state explicitly: based on these safety outcomes, is the benefit-risk ratio favorable? Are the residual risks acceptable given the intended benefit? Are there patient populations or use conditions where the risk is unacceptable?

This is not a summary. It is a clinical judgment. It requires you to weigh evidence, consider uncertainty, and reach a reasoned conclusion.

Many CERs end the safety section with a statement like: “The device demonstrated a favorable safety profile.” That is not a conclusion. That is a claim. A conclusion explains why the profile is favorable, what evidence supports that judgment, and what assumptions underlie it.

If your safety data has limitations, the conclusion must acknowledge them. If long-term data is missing, if certain patient subgroups were underrepresented, if rare events might not be captured, say so. Then explain how PMCF will address these gaps.

Notified Bodies read hundreds of CERs. They recognize when a conclusion is carefully reasoned versus when it is generic and defensive. The carefully reasoned conclusion builds trust. The generic one triggers more questions.

Building This Into Your Process

Getting patient safety metrics right is not something you fix at the end when writing the CER. It must be built into your clinical development plan from the beginning.

When you design clinical investigations, the safety endpoints should be driven by your risk analysis. When you search literature, the safety outcomes you extract should map to your hazards. When you establish PMCF, the safety data you collect should address the uncertainties in your pre-market evaluation.

This requires coordination between clinical affairs, regulatory affairs, risk management, and quality. In practice, these functions often work in silos. The risk team does their ISO 14971 analysis. The clinical team does their studies. The regulatory team writes the CER. Then someone notices the disconnect during a pre-submission review or Notified Body audit.

By then, it is expensive to fix.

The solution is not complicated. It is a structured meeting early in development where you align: what are our hazards, what clinical evidence would demonstrate those hazards are controlled, what safety metrics must we track. Document that alignment. Refer back to it during literature review, study design, and CER writing.

I have worked with teams that do this well. Their CERs are shorter, clearer, and face fewer review cycles. Because the logic is built in from the start.

What Happens When You Get This Wrong

The consequences are predictable. Major non-conformities during Notified Body review. Requests for additional clinical data that delay certification. Questions during authority inspections about whether your clinical evaluation actually demonstrates safety.

In some cases, the device is already on the market when the problem becomes visible through PMCF. You discover that the safety metrics you tracked do not capture the actual risks patients experience. Now you need to revise your CER, update your IFU, possibly issue a field safety corrective action.

This is not theoretical. I have seen it happen. A manufacturer tracked device-related infections as their primary safety metric. They had low infection rates. But they did not systematically track device dislodgement, which turned out to be a more frequent problem requiring reintervention. By the time they recognized this through complaints and PMCF, they had to retrospectively analyze clinical data, revise risk analysis, and update their entire clinical evaluation.

All of that could have been avoided if the safety metrics were aligned to actual device risks from the beginning.

The lesson is simple: patient safety outcomes are not whatever metrics are easy to collect or commonly reported in literature. They are the outcomes that reveal whether your device harms patients in ways that matter. If you do not identify those outcomes early and track them systematically, your clinical evaluation will fail to convince reviewers, regardless of how much data you present.