From consumer devices to the enterprise, tech experts agree that connected devices have started touching every aspect of our lives—and IoT’s impact on the medical industry is no exception. People seeking medical care are often faced with the same challenges—affordability, quality and access to healthcare—and the proliferation of connected medical devices is bringing the healthcare industry closer to overcoming these challenges and offering better patient outcomes for the future.

Opportunities with Connectivity

The Internet of Medical Things (IoMT) allows medical devices to collect data and be connected to the cloud or applications. The benefits to the patient and provider are many, namely: Compliance and product impact.

Compliance. One of the biggest opportunities with cloud-connected devices is patient compliance, which directly benefits the patient, payers and healthcare providers. For example, Medicare requires that, for medical device reimbursement, patients must actually use the device and provide evidence of doing so. With an analog device, it often times required door-to-door in-person checks to physically look at device usage, which is neither time efficient or cost effective. A connected medical device, however, can collect the data as it being used and send it to the cloud to be tracked and analyzed.

Connected devices can also help with drug compliance. For example, a connected drug delivery device can automatically order refills from the patient’s pharmacy—without relying on the patient to remember. This reduces the risk that patients will run out of critical medication and be readmitted, while at the same time helping drug companies meet business goals.

Product Impact. Connectivity allows manufacturers monitor both the effectiveness and status of current devices, as well as innovate for future devices. In addition, making these devices a collection vehicle can greatly reduce the cost and ease of manufacturing. Because data is collected centrally, engineers and researchers can improve diagnostic algorithms over time and artificial intelligence techniques like machine learning can be used to comb through the data to identify new patterns.

Can connected technology help predict potential device failures? The answer is yes…down the road. As an example, imagine if a heart pump manufacturer began using a different type of lubricant on the pump bearings. The lubricant specification was the same, but there was a slight difference in the operating temperature that was not considered, resulting in a higher wear pattern until a total bearing failure. With a connected heart pump, on the other hand, live device data collected would prompt a notification to both the manufacturer and physician, allowing for early intervention and replacement of the soon-to-malfunction pump, and most likely saving the life of the patient and others with the same problematic lubricant. This type of predictive analytics in detecting device failures allows for early detection before they become serious adverse events.

Barriers to Mass Adoption

While connected healthcare is being more widely accepted and incorporated in the industry, there are real barriers that exist to achieving mass adoption. The primary barriers are security and cost.

Security. Connecting devices to the cloud makes them more vulnerable to both deliberate attacks and undirected malware—both of which are serious threats to sensitive patient data being moved to and housed in the cloud. The FDA and other regulatory agencies understand these risks and have issued guidelines on managing healthcare cybersecurity, allowing manufacturers who have made security upgrades on devices to have a streamlined regulatory approval process on the upgraded device. This is good news, but companies will still need to retest and, in some cases, recertify their device as attacks become more sophisticated and there are new workarounds for outdated security measures.

Cost. There is both the initial cost of research and development of a connected solution, and the ongoing cost for maintenance, storage and operation of that solution. Often, connectivity infrastructure will become an extension of the medical device and must be designed and operated according to the same regulatory requirements as the medical device. In some cases, the connectivity infrastructure itself is the medical device. Do you have talent on staff with the skill set to manage this complex development and infrastructure? The expertise to develop and support a connectivity solution that is compliant to FDA and other regulatory requirements is a specific skill that most manufacturers do not currently have on staff, and will therefore need to invest quite a bit of capital to hire a new team of people.

Solutions

Can these barriers be overcome? Absolutely. As with other aspects of a medical device, a thorough risk analysis should be done to determine how ready you are to tackle security and cost. Here are questions to get you started:

Things to consider when approaching a connected design:

• If data is accidentally erased or changed, what is the potential harm to the patient or operator?
• Is all data is collected and stored, including protected health information?
• What are the business risks of connecting or not connecting a device? Managing cybersecurity risk requires a detailed plan that encompasses every stage of medical device development, from conception to post-market security patches and updates.

Strategies to consider:

• Develop cybersecurity procedures and guidelines
• Educate your workforce on cybersecurity best practices and formalize the protocol
• As part of product development, identify, prioritize and track cybersecurity risks
• Ensure good engineering practices by prioritizing secure design and coding throughout the product development and maintenance cycle
• Ensure verification includes cybersecurity verification and frequent reviews of security controls
• Limit the amount of data stored and transmitted only to what is essential
• Choose the right type and level of encryption
• Enforce password management best practices—length and complexity restrictions, password expiry and no reuse of passwords
• Establish a post-market program that monitors for new cybersecurity vulnerabilities and threats. Always conduct assessments, identify mitigating actions and deploy the mitigation after verification of software patches.

There is no argument that we live in a connected economy, and—although the healthcare and medical device industries have been slower to adopt—it has been for good reason. Security and cost are real barriers, but cannot be used as excuses to reaching mass adoption. IoMT is not a fad and not going away, making it imperative that each link of the healthcare chain—patients, providers, manufacturers and payers—continue to innovate and invest to meet the changing economy.