The world is facing a host of challenges in health care including aging populations, rising chronic disease rates, as well as increasing costs and growing demand for affordable, personalized care. These challenges provide opportunities for less expensive innovations, such as cloud-connected medical devices that improve quality of care and outcomes.
In this blog post, we’ll explore the opportunities and pitfalls of integrating connectivity into medical devices, how connected medical devices improve patient care, the benefits of technology in medicine, and the impact of medical technology on society.
What is a connected medical device?
The FDA classifies a medical device as an instrument that is intended for use in the diagnosis or prevention of disease or other conditions, or intended to affect the structure or any function of the body. A connected medical device is an instrument that processes and stores user data within a cloud platform, and where that data is capable of interacting with its users through the internet, applications etc.
The Internet of Medical Things (IoMT) allows connectivity within medical devices and applications, and the cloud is where the information is processed and stored; the device applications allow the user interface. Connected medical devices have been proven to improve clinical efficacy, create new care delivery models, reduce clinical errors, and provide cost savings.
Opportunities for connected medical devices
An ever-increasing number of consumer products leveraging the cloud is making the case for medical device connectivity increasingly self-evident and there are many key benefits, including:
1. Data-driven business opportunities:
Medical device connectivity can help manufacturers monitor the health and status of current devices, help improve and elevate efficacy of future devices, and create new devices or services based on discovered, data-driven opportunities.
2. Data storage and analytics:
By making these devices simply a collection vehicle, the cost and ease of manufacturing and compliance can be greatly reduced. Cloud infrastructure allows for the execution of diagnostic algorithms, data storage and analytics. Because data is collected centrally, engineers and researchers can improve diagnostic algorithms over time. Machine learning techniques can be used to comb through this data and identify new patterns that can lead to new products or services.
3. Improved business efficiencies:
Connectivity can directly benefit both patients and companies. For example, a connected drug delivery device can automatically order refills from the patient’s pharmacy proactively. This reduces the risk that patients will run out of critical medication, while at the same time helping companies meet business goals.
4. Device health monitoring:
Connected medical devices could also help predict potential device failures. As an example, imagine a heart pump manufacturer changed the type of lubricant used for the pump bearings because the original supplier went out of business. The product specification was the same but there was a slight difference in the operating temperature that was not considered an issue. This change resulted in a higher wear pattern on the pump bearings that would go undetected until there was a bearing failure. Instead of having a catastrophic incident in the field, predictive analytics, on the live collected device data, proactively identified perturbations in the pump output. A notification is issued to both the manufacturer and physician, allowing for early intervention and replacement of the soon to malfunction pump and most likely saving the life of the patient and others with the same problematic lubricant.
Medical device health monitoring (source)
5. User tracking:
There is also the “payer” consideration when it comes to compliance. Medicare, for example, requires that for medical device reimbursement, patients must use the device. More and more government regulators and payers are demanding objective evidence that device manufacturers prove their devices are having a positive impact on patient outcomes. A connected medical device can collect and store data about patient use and trace the effectiveness of a particular device and treatment.
6. Software updates:
Connected devices can also help with device traceability and provide ease of software updates when a critical problem is detected in the field.
7. Patient engagement:
Additionally, there is a competitive advantage for connected medical devices: they can improve patient engagement, which can lead to higher usage. Increasingly, users of medical devices expect personalized services. By connecting a medical device and capturing usage data, customized health information, reminders and alerts can be provided that increase patient engagement with the device. Just-in-time training can be delivered that simplifies usage and can provide more seamless familiarity with the device.
Example of connected medical device (source)
Medical device connectivity provides diagnostic benefits, automated alerts, remote monitoring, improved patient outcomes, and has the potential of lowering the overall healthcare costs. In addition, it opens new opportunities for data aggregation and analysis that can be invaluable for improving existing devices or creating new products and services.
Pitfalls of connected medical devices
There are major barriers to connecting medical devices concerning cost, cybersecurity, and data privacy. Cybersecurity and data privacy are critical concerns for every cloud-integrated medical device manufacturer, so knowing how to manage data privacy for your connected medical device is crucial. Connecting devices makes them more vulnerable to both deliberate attacks and undirected malware.
The FDA and other regulatory agencies have issued guidelines on managing cybersecurity risk, and the FDA has decided that manufacturers who have streamlined security upgrades on devices don’t have to repeat the entire regulatory approval process. Companies will still need to retest and, in some cases, recertify their device. This is a non-trivial burden.
Another concern about connectivity is the cost and expertise required. There is the initial cost of developing a connected solution and an ongoing cost for maintenance, storage, and operation of that solution. Often, connectivity infrastructure will become an extension of the medical device and must be designed and operated according to the same regulatory requirements as the medical device. In some cases, the connectivity infrastructure itself is the medical device (Software as a Medical Device, SaMD). The expertise to develop and support a connectivity solution that is compliant to FDA and other regulatory requirements is a highly specific skill set not in great abundance.
Risk management for connected medical devices
As with other aspects of a medical device, a thorough risk analysis should be done to determine the risk posed by connectivity threats. Each medical device has its own risk profile. A heart pump, for example, will have a high risk of patient harm if there is a malfunction, while a blood pressure monitor’s direct risk to the patient is smaller.
Watch Galen Data webinar on the risks and challenges of medical device connectivity
Key points to consider when approaching a connected design are:
- What is the potential harm to the patient or the operator if data is erased or altered?
- What kind of data is stored and/or transmitted? Does it include protected health information?
- What are the business risks of connecting or not connecting a device?
Example of protected health information in connected medical device (source)
Managing cybersecurity risk requires a detailed plan that encompasses every stage of medical device development, from conception to post market security patches and updates. Some strategies to consider:
- Create a list of cybersecurity procedures and guidelines. The National Institute of Standards and Technology (NIST) has developed a cybersecurity framework that can be used as a starting point.
- Train your workforce on good cybersecurity practices. Humans are often the weakest link in cybersecurity defense.
- Identify, prioritize, and track cybersecurity risks as part of product development.
- Ensure good engineering practices by prioritizing secure design and secure coding throughout the product development and maintenance cycle.
- Periodically review known vulnerabilities against third-party libraries or with products focused on design or operation of the medical device.
- Ensure verification includes cybersecurity verification like penetration testing, fuzz testing, and frequent reviews of security controls.
- Limit the data stored and transmitted to what is essential to the operation of the device or service.
- Choose the right type and level of encryption. The greater the risk to patients or operators due to altered, deleted, or stolen data, the higher the level of encryption used. Always use encryption when transferring data between devices or over a network.
- Use appropriate security controls for access to data. Enforce password management practices such as length and complexity restrictions, password expiry, the prohibition on reuse of passwords etc. For added security consider a second factor for authentication like a one-time password, biometric security, or security badges.
- Establish a post-market surveillance program that monitors for newly discovered cybersecurity vulnerabilities and threats. Always conduct assessments, identify mitigating actions and deploy the mitigation after verification of software patches. If you are planning on launching a connected medical device into the European market, not that you must meet their latest MDR cybersecurity requirements.
Another aspect related to the security of a connected medical device is data privacy and data export regulations. Both U.S. and global markets have strong data privacy regulations. The Health Insurance Portability and Accountability Act (HIPAA) and subsequent Health Information Technology for Economic and Clinical Health (HITECH) Act establishes standards that need to be implemented for protecting data privacy for all US providers and their business associates.
Information protected by HIPAA (source)
European Union’s (EU) General Data Protection Regulation (GDPR) requires strong protection measures for data privacy and addresses export of data outside of the EU. GDPR’s protection is much broader than that of HIPAA/HITECH.
Creating a data protection plan that navigates different jurisdictions is essential if the manufacturer wants to sell to the global market. Things to consider are:
- Identify what data elements, collected or stored by the device, are protected by each set of regulatory standards. Keep in mind that GDPR defines a broader protected set than HIPAA/HITECH.
- Ensure patient consent is obtained before processing data and keep records of the consent secure.
- Create data privacy guidelines and ensure your workforce is periodically trained.
- Create and routinely review audit trails to ensure only authorized users have access to view or alter protected data.
- Create a program to notify affected users in case of a data breach. Under GDPR the timeline to report any breach is 72 hours from becoming aware of a breach.
Are you prepared for medical device connectivity?
In a fast-paced world, innovation is becoming increasingly common and the medical field is no different. Risks in terms of security, privacy, compliance, system development, and maintenance can seem daunting and expensive, which begs the question of whether or not medical device connectivity is worth the investment.
If the risks are identified, monitored, and compliance is well understood, connected medical devices can be very beneficial for improving patient health. In most cases, the advantages — in terms of greater convenience, easier adherence, improved insights, and better health outcomes — far outweigh the disadvantages.
The financial cost of connectivity can also be controlled as there are cloud-based, managed services that allow for more efficient cost outlay and removes the need of hiring additional personnel to operate and manage the infrastructure. Advances in global connectivity and cloud technology is making cloud-based solutions increasingly attractive for managing cost, while providing superior experience to clinicians and patients.
Benefits of using Galen Cloud™
About Galen Data
Galen Data provides a turn-key, compliant software platform for device-to-cloud connectivity. The Galen Cloud™ is an FDA/HIPAA compliant platform that accelerates medical device cloud connectivity in a fraction of the time and cost it currently takes. FDA Class I, II, III and CE marked medical devices are currently supported. Built under an ISO 13485 compliant Quality Management System, the platform meets or exceeds design control requirements for both US and global markets. Security is actively managed, and tools are provided to comply with data privacy regulations. The platform provides widgets to intuitively present data to clinicians, patients, and their families.
Galen Data manages the burden of creating and managing IT infrastructure, so companies can focus on device innovation. The platform is modular and fully scalable. The Galen Cloud™ is hosting provider agnostic, requires little to no customization and comes with full audit support. The goal of Galen Data is not just to lower the barrier to entry for medical device connectivity, but to open the market to any size device manufacturer.