With healthcare systems facing many challenges, technology can be used to solve some of the problems. Cloud connectivity is one such technology that is becoming an enabler of digital health. Connected medical devices have already been proven to improve clinical efficacy, reduce clinical errors and provide cost savings to users. It is envisaged that connected medical devices may be able to save overall healthcare costs, which we all know is a hot button issue!
So, there are plenty of good reasons for medical device companies to make the shift to connectivity, and potential rewards to the company for doing so. Being able to create new services and tap into new markets are just two of those possibilities.
One thing medical device manufacturers often lack however, is the required FDA knowledge, technical expertise, or even internal resources to create these sorts of solutions. Secondly, building the required connectivity infrastructure, and meeting the regulations can be very costly to the company. In addition, creating a connectivity solution from scratch can add new risks to the project, which not all companies are in a position to take on.
Connecting with a third-party partner in order to provide the connectivity platform for your medical device is a great option to mitigate some of those risks and costs. However, before you select an outside partner, there are six essential questions you should ask:
#1. Is the solution compliant?
Does the connectivity platform meet regulatory requirements? For the US market, that means being compliant with FDA requirements, particularly design controls. For Europe, you look at CE Mark, while Health Canada and other markets also have their own regulatory requirements.
This means that potentially, the platform you need may have to comply with requirements for multiple markets. In addition, the platform should comply with international standards that are generally used for medical device design, for example, ISO 13485, ISO 14971 and IEC 62304.
For many medical device companies, especially young startups, dealing with the regulatory world can be confusing and worrisome. There is a need to familiarize with the exact regulations and guidelines involved, then interpret how those apply. Many aspects of FDA guidelines for example, can be wide open to interpretation. It certainly helps if a third-party has already done the work of applying the regulatory requirements and getting approval for their platform.
[bctt tweet=”Medical device makers: Look for a connected solution that meets regulatory standards” username=”galendata”]
#2. Is the solution cloud-based?
Why is having a cloud-based solution important? Connectivity to the cloud allows the solution to be more scalable overall. It is also a more cost-effective solution due to lower underlying infrastructure costs..
A cloud based solution also gives you more options for other services like machine learning, image/video analysis, big data computing, notifications etc., and the ability to access the system from anywhere. It is very difficult to replicate this outside of the cloud. Another benefit is that you can offload some of the security requirements to the cloud-based solution.
A cloud-based solution is also capable of rapidly deploying any necessary updates. There is no need to be monitoring and downloading, as system updates happen automatically. Improved collaboration and data recovery are also possible benefits.
#3. Is the solution compliant with privacy requirements?
Again, there are various laws across the world that deal with the privacy and security of data. In the US, there is HIPAA, which is a set of national standards to protect all healthcare information.
HIPAA requires you to ensure that data is access controlled, that access is logged, and that only the people who need it have access to the data. You are also obliged to ensure that data is not being stolen, and that you have procedures and policies in place to protect the data.
If you are operating internationally, you’ll need to look at the appropriate standards for the market you are in. For example, Europe recently put the GDPR in place, which requires additional compliance in terms of data privacy. Some of their requirements include; explicit consent must be given for data to be used, and patients must know what specific data is being stored, and how to access it. There is also a “right to forget” part of the GDPR, where data should be deleted upon request.
#4. Is security appropriate?
This is probably the most important factor to look into. Anything going onto the cloud opens up a potential security issue. This can be managed well, but the solution you use needs to have the right controls and tools in place.
For example, platforms should use the right encryption of data in-transit, encryption in storage, encrypting passwords, and any kind of sensitive data. Privileges need to be managed, data needs to be backed up, and security audits need to be happening regularly. Firewalls need to be regularly updated, and separation of data and the application needs to be addressed.
There are a lot of controls recommended by industry groups and government agencies. For example, you can check out the standards of the National Institute of Standards and Technology.
One thing to check is whether the potential provider has any security certifications. These prove that they have met minimum standards for cloud security. For example, HITRUST is a good one to look out for.
The bottom line is that you have to be able to trust that a third-party provider has your back when it comes to security. No medical device company wants to deal with fall-out as a result of a data breach!
#5. Does the platform provide the right features?
Most medical device companies are looking to scale in some way. This means that what you need today in terms of features might change tomorrow. It’s important to find a platform that has the right features for now, and into the future.
What sort of things might you need to grow into? For example:
- Machine learning or artificial intelligence
- Tools for data analysis
- Visualization widgets
- Capabilities for predictive analysis
- Configurable views for different stakeholders (doctors, administrative staff, patients, potentially family members of patients…)
- A smooth user experience to get to the data you need.
A platform that grows with you is ideal as you really don’t want to have to retool later. This is an efficient approach to meeting your needs.
#6. Is the solution managed?
If you have to do the management of the solution yourself, including operating servers and ensuring data is backed-up, this involves time, talent and expertise which your company may or may not have.
A managed solution allows you to offload this sort of technical management. All operational aspects, such as security, privacy, monitoring and backups gets done by the third-party platform.
Product support is also a consideration here. Does the platform have a good, responsive support function? If you experience any issues, you need to be sure that someone will be onto them promptly.
If you’re looking for a platform solution for connecting your medical device, compliance and security are going to be your most important considerations, followed by the actual features and whether the solution is managed.
The idea is that a good third-party provider should be making life easier for your medical device company by taking care of the entire connectivity function and allowing you to meet regulatory requirements.
Once you have chosen the right medical device connectivity solution, read these next steps on connecting your medical device.
Galen Data is a customizable connectivity platform, built for compliance. Contact us today for more information, or to arrange a demo.