By Binseng Wang, ScD, CCE, fAIMBE, fACCE

Most readers probably recognize the title of this article as the Department of Homeland Security’s slogan for their campaign to protect communities against acts of terrorism. It’s basically a reminder that everyone is responsible for the safety of the community and, without everyone’s contribution, it is very difficult—if not impossible—to reduce and prevent terrorist attacks.

While the analogy may be a bit overstretched, I believe we have a similar responsibility in protecting patients’ lives and wellbeing. If everyone who works in the health care industry takes responsibility for alerting clinicians, as well as institutional and government authorities, of recurrent, unsafe acts and intentional violations, the amount of patient injuries and medical equipment-related deaths can be significantly reduced.

Government Guidelines

Take, for example, the Request for Comments issued by the FDA in March concerning the possible need for regulating medical device service performed by “third-party entities.” In fact, the FDA stated that it “is taking this action, in part, because various stakeholders have expressed concerns about the quality, safety, and continued effectiveness of medical devices that have been subject to one or more of these activities that are performed by both original equipment manufacturers (OEMs) and third parties, including health care establishments.”

No significant surprises were found among the more than 100 comments submitted to the FDA. The “third-parties” (in-house CE teams and ISOs) advocated against regulation because most are already required by their employers (in the case of CE teams) or customers (ISOs) to comply with accreditation standards (in order to receive substantial reimbursements from Medicare or Medicaid programs) and there is no evidence of a considerable number of adverse events due to service problems.

OEMs provided only anecdotal cases and argued: “It’s impossible to provide a statistically valid analysis of the extent of problems that have occurred when there has been no prior scrutiny or any regulatory oversight of non-OEM service providers and other third parties, which would require reporting of problems.”

This OEM argument is not entirely correct because OEMs are required by the FDA to report not only incidents that “one of their marketed devices may have caused or contributed to a death or serious injury,” but also “[if] the malfunction of the device or a similar device that they market would be likely to cause or contribute to a death or serious injury if the malfunction were to recur.” In other words, if an OEM becomes aware of unsafe service activities performed by a third-party, it is required to report it to the FDA because the malfunction caused by such activity is likely to recur.

If the unsafe activities were detected by a third-party affiliated with a “user facility” (the FDA’s terminology for health care organizations), it must report them to the FDA through the mandatory MedWatch program if a serious injury or death occurred. If mandatory reporting is not required, the third-party can file a voluntary MedWatch report to alert the FDA.

Safety First?

Unfortunately, although mechanisms do exist to report service and other issues to the FDA, it’s undeniable that underreporting is a widespread problem. The Institute of Medicine (IOM) first publicized this fact in 1999 in its landmark publication “To Err Is Human: Building a Safer Health System.” The Joint Commission (TJC) also recognizes this problem in its collection and analyses of sentinel events reported by its accredited organizations. The root cause of underreporting seems to be related to the litigious nature of American society and the lack of political will to reform liability lawsuits.

It is possible to take underreporting into consideration in incident analyses. For example, when my colleagues and I analyzed the TJC sentinel events data in 2013, we used the IOM estimate of 44,000 to 98,000 deaths per year and assumed that serious injuries would be five times higher. These estimates increased the number of incidents caused by service issues from 0.14-0.74/year to 30-349/year for the entire nation. To put these hypothetical numbers in perspective, the total number of medical equipment uses in hospitals is estimated to be around 1.22 billion annually.

So the apparently high values of 30-349/year actually correspond to 0.024-0.286 incidents per million equipment uses—or, for those familiar with Six Sigma, sigma levels of 6.50-6.96—which is comparable to the international civil aviation safety record of seven fatal accidents in 2015 with 33 million departures. Incidentally, my team’s estimates made in 2013 turned out to be slightly excessive when compared to a study published later that year.

Despite the elaborate corrections for underreporting, it seems unlikely that service regulation proponents will accept the basic premise that there is insufficient evidence of service problems to justify additional regulation. This bring us back to the “if you see something, say something” principle. I firmly believe we all have a civic duty to report regulatory violations and unsafe activities, regardless of the responsible party.

Actually, I believe it’s a question of professional ethics. For example, the world’s largest technical professional organization—the Institute of Electrical and Electronic Engineers (IEEE)—opens its Code of Ethics with the following line: “We, the members of the IEEE … commit ourselves to the highest ethical and professional conduct and agree to accept responsibility in making decisions consistent with the safety, health, and welfare of the public, and to disclose promptly factors that might endanger the public or the environment.”

Personal Responsibility

Being part of the health care industry, CE professionals have an ethical duty to “disclose” practices that jeopardize the safety of patients, clinicians, and the general public. This is not to say that everyone is expected to be perfect and never make any mistakes. As the phrase “To err is human” indicates, we all can make mistakes; however, it’s everyone’s duty to learn from those mistakes and try not to repeat them.

More importantly, every organization has the duty to create work processes and provide training and instructions that reduce the impact of individual unsafe acts, as Professor James Reason has been teaching in his famous Swiss-cheese model. Furthermore, the most serious and troublesome issues are not simple human errors, but intentional, willful actions made by individuals and organizations to achieve higher profit without moral and ethical consideration for the safety of patients and users.

If every CE professional and OEM employee reports intentional, unsafe activities, the FDA would have a solid database to determine whether additional regulatory action is justified. For example, if a laser manufacturer refuses to provide service instructions, the requesting third-party should report it to the FDA’s Regulatory Misconduct Branch because it clearly violates FDA regulations.

On the other hand, if a third-party is systematically modifying device specifications when it performs repairs, reconditioning or refurbishing, the owner or purchaser of the device should report it to the FDA because such activity requires the third-party to register as a re-manufacturer and comply with other appropriate regulatory requirements. Finally, servicers who consistently fail to restore the device to its original safety and performance specifications should be reported to the FDA for jeopardizing patient safety, even if their unsafe acts did not initially cause serious injuries or deaths.

Some may question why individual CE professionals need to take such drastic actions into their hands and risk their jobs. Unfortunately, lessons from past disasters (e.g., NASA space shuttle explosions in 1986 and 2003, 1989’s Exxon Valdez oil spill, the Enron scandal in 2001, the British Petroleum Deepwater Horizon oil spill in 2010, the Volkswagen diesel engine scandal, and Wells Fargo’s fake accounts) have shown that sometimes even large and prestigious organizations have shown surprisingly low ethical behavior.

Furthermore, it was clear from the recent FDA Workshop that the vast majority of third-parties—as well as OEMs—are doing a good job when servicing medical equipment. It is a small minority that is systematically putting patients and users at risk. Therefore, it’s against common sense to create additional, redundant regulations on device servicing because of a few unscrupulous individuals and companies. If every CE professional and OEM employee denounces these entities to the FDA, however, and the FDA prosecutes them accordingly, we can help to reduce health care spending and, at the same time, improve patient safety.

I admit that I’m being harsh in advocating for finger-pointing among professional colleagues and business entities. However, when public safety and wellbeing is at risk, I believe we have to stand firm and cannot accept compromises. After all, sooner or later, all of us—as well as our loved ones—will become on the receiving end of care and may need medical devices to recover from illness and, perhaps, save our lives. We cannot evade our civic and ethical responsibility. So, please, please, please: If you see something, say something.

Binseng Wang, ScD, CCE, fAIMBE, fACCE, is director, quality and regulatory affairs with WRP32 Management, Inc. The views expressed in this article are solely those of the author. For more information, contact chief editor Keri Forsythe-Stephens at [email protected]

References and Footnotes

  2. Service is used here to cover the entire range of activities included in the RfC, i.e., refurbishing, reconditioning, rebuilding, remarketing, and servicing but excludes remanufacturing.
  10. Wang B, Rui T & Balar S. An estimate of patient incidents caused by medical equipment maintenance omissions, Biomed Instrum & Techn, 47:84-91, 2013
  12. JT James. A new, evidence-based estimate of patient harms associated with hospital care. J Patient Saf. 0:122-128, 2013
  13. Reason J. Managing the Risks of Organizational Accidents, Ashgate, Publishing Ltd, Surrey UK, 1997
  15. Rogers Commission Report. Report of the Presidential Commission on the Space Shuttle Challenger Accident,1986. Available at Accessed 5/7/2016.
  16. National Aeronautics and Space Administration – NASA. Report of Columbia Accident Investigation Board, 2003. Available at Accessed 5/7/2016.
  17. Alaska Resources Library and Information Services. Exxon Valdez Oil Spill – FAQs, Links, and Unique Resources at ARLIS, 2014. Available at Accessed 5/7/2016.
  18. Thomas CW. The Rise and Fall of Enron. J Accountancy, 2002. Available at Accessed 5/7/2016.
  19. National Oceanic and Atmospheric Administration—NOAA. Deepwater Horizon Oil Spill. Available at Accessed 5/7/2016.
  20. Environmental Protection Agency – EPA. Volkswagen Light Duty Diesel Vehicle Violations for Model Years 2009-2016. Available at Accessed 5/7/2016.
  21. Accessed 10/26/2016
  22. Accessed 10/28/2016.