Adding a network data connection to your medical device may not only promote your device into the echelons of modern connected or ‘IoT’ (internet of things) devices, but it could also push your company into a whole new value delivery model. A move from the presently dominant ship-and-done model to the newer “ship, monitor, and update regularly” model may be required. This is not a new model for gaming apps developers, but it’s radically new for regulated medical devices that require thorough verification and validation (V&V) before changes can be implemented in the field. Adding connectivity to your device also changes your solution from a device to a system with all of the broader system considerations this brings. This article explores some of the benefits and challenges related to connecting medical devices to external networks and provides an overview of how to address many of these challenges.
The use-cases for your device largely determine the number and types of benefits derived from network connections. For devices used outside of a clinical setting, access to the internet is straightforward, either directly via a built-in WiFi transceiver or cell modem, or through a smartphone or connected tablet using Bluetooth. The network connections allow manufacturers to stay engaged with the patient and/or caregiver in a number of ways, throughout the device lifecycle. Collected usage or compliance data can be made available to those concerned with the patient’s care. Questions such as—Did grandpa take his meds? Did Jimmy refill his insulin pump? Did mom do her breathing exercises?— can be answered from anywhere at any time. Usage data can be stored securely in the cloud to prevent loss and allow both individual access and population-wide analytics.
Manufacturers can monitor how the device is used (e.g., menu paths taken, canceled operations) to evaluate the ease of use or potential use errors. Cybersecurity related events can be monitored to enable fast responses and reduce exposure to cyber attacks. Software updates can be pushed to the devices directly from the manufacturer.
For connected devices with no access to the internet there are still benefits. Easy and error-free entry of device data into an EHR is one obvious benefit. Wireless connections to smartphones or tablets enable smaller, easier to use or more comfortable-to-wear devices by simplifying on-device user interfaces (UIs). The smartphone or tablet can perform the device configuration and allow more complex data presentation on the display. Connected devices can also integrate with other medical devices or data sources to enhance treatment or detect ailments. If disposables or consumables are used with a device, then automatic ordering of replacements can be built into the system and help prevent the use of counterfeit consumables.
While the benefits are huge, the challenges are commensurately great.
Cybersecurity. In recent months cybersecurity has topped the news and the worry list for healthcare providers (HCPs). In February, Blue Cross Anthem was hacked and millions of patient records were released. Recent ransomware cases have also made the news.
There are two sides to cybersecurity: Safety and privacy.
On the safety front, to date no one has been physically harmed due to cyber hacking of medical devices. However given the documented vulnerabilities found in medical devices, patient harm remains a real possibility. The FDA issued guidelines that in effect require manufacturers to address cybersecurity, both for new submissions, and in existing products as part of the mandated CAPA and risk management design control regulations.
On the privacy front, personal health information (PHI) is valuable to cyber criminals and sought after by organized crime to aid in their nefarious activities (gaining access to other’s property, and stealing it). Data security is mandated by regulations under the HHS/OCR, specifically the HITECH and HIPAA regulations.
Sensitive to these issues, HCPs put devices through rigorous cybersecurity evaluations and tests before connecting them to their networks. Some HCPs are writing procurement agreements that hold medical device manufacturers responsible for the costs of cyber breaches caused by the manufacturer’s supplied devices. Manufacturers cannot allow hospital networks to be compromised through their devices.
All of the cybersecurity vulnerabilities for a given device cannot be known when the device first ships. Moving forward, the FDA and HCPs expect manufacturers to monitor for newly discovered vulnerabilities and update the affected software to prevent those vulnerabilities from being exploited. These expectations covers all devices with programmable elements, however, connected devices are far more susceptible to cybersecurity attacks and will require more support throughout the device’s lifecycle to address newly found vulnerabilities.
Connecting to EHRs. “Walled Gardens” (a closed model) describes the prevalent model for the healthcare database and electronic health record (EHR) systems in the United States, and most “gardens” are unique. A particular HCP can pull data from external sources into EHRs using middleware, a third party provider, or custom written by the HCP, but there is little standardization as to how the information is presented. As Christina Farup, vice president of DePuy Synthes, stated at the 2016 MassMEDIC Annual Conference, “You’ve spoken to one hospital, and you’ve spoken to one hospital.”
From inside an HCP’s firewall, third-party middleware providers that team up with the major EMR providers can deliver a secure solution. However, they will need to be convinced there is a market for your device before they will invest in writing a conduit for your device.
There are many standards, including some new promising cross platform protocols (keep an eye on the HL7 group’s new FHIR), but we cannot expect consistency from one HCP to another in the near future. One thing is clear: Few HCPs are willing to go to a manufacturer’s website to gather patient data. Furthermore, doctors do not want patient data that they did not ask for: Unsolicited patient data is considered out of context, not therapeutically relevant, and a potential liability. For data resulting from prescribed measurements or metrics, some HCPs are willing to pull data into their EHRs from trusted platforms such as Apple’s HealthKit or Microsoft’s HealthVault, but even these platforms are not established standards yet.
Design. The design of connected device systems requires many special considerations. At the top of this list is keeping the patient safe regardless of what happens to the network connection, or what potentially erroneous signals are sent over a network connection. Smartphones and other external platforms are largely outside of the control of the medical device manufacturer and therefore can be used to augment patient care, but cannot be counted on as a sole means to sustain life or protect a patient from harm.
Human factors and user experiences need to be carefully evaluated early in the design phase. Doctors are not likely to prescribe the use of your device if the reports are not useful to them. Power management for battery-powered devices is critical. Choosing where to store the patient data and how to robustly synchronize the data to the appropriate cloud database is crucial. The architecture and design of the webserver and use of web applications need to be optimized to maintain high reliability for a reasonable monthly web server costs.
Smartphone and tablet apps need to run on multiple platforms (e.g., multiple iOS and Android software versions) and potentially on dozens of smartphone or tablet hardware configurations and platforms. The app development simulators are good, but too “clean” to use for validation of a medical app.
Lifecycle support. Lifecycle support will include software updates and V&V for all of the system components including the device firmware, any smartphone or similar apps, and any server-based web apps. Manufacturers of cloud-connected devices will have to support server management, administration of users, administration of devices, and data management including data access authorization. Code to monitor cybersecurity related events is needed for all of these applications as well.
Even though the FDA has stated it will allow changes to improve cybersecurity to be shipped without the FDA’s preapproval, full design verification is still required before implementing a change in the field; all medical design control regulations still apply.