Healthcare News & Insights

Opportunities and pitfalls for connected medical devices

Connected health care is poised to solve the challenges the healthcare industry is facing. In this guest post, Abbas Dhilawala, CTO of a provider of a turnkey, connectivity and data analysis, compliant software platform, highlights the major barriers to adoption concerning cost, cybersecurity and data privacy that still exist, and how to manage these risks.

__________________________________________________________

The healthcare industry is facing a host of challenges right now – from aging populations to increasing costs and growing demand for affordable and personalized care. This has opened the door for new, lower-cost technology to displace outdated and troublesome medical devices of the past, all while improving quality of care and outcomes. Medicare estimates $17 billion is spent each year on avoidable readmissions that can be mitigated with early intervention and better at-home care.

Cloud connectivity opportunities

The Internet of Medical Things (IoMT) allows medical devices to be connected to the cloud and to applications. The cloud is where the information is processed and stored, and the applications deliver the user interface. Cloud-connected devices can directly benefit the patient and healthcare providers through improved patient compliance, detecting device failures before they become serious adverse events and collecting data that can lead to more personalized therapy.

Connectivity can help manufacturers monitor the health and status of current devices, help improve and elevate efficacy of future devices, and create new devices or services based on discovered, data-driven opportunities. Connected medical devices can also provide new forms of diagnostic services that may be too resource-intensive for a standalone medical device. By making these devices a collection vehicle, the cost and ease of manufacturing can be greatly reduced. Because data is collected centrally, engineers and researchers can improve diagnostic algorithms over time. Machine learning techniques can be used to comb through this data and identify new patterns that can lead to new products or services. Connected medical devices can also provide portable diagnostics devices that can be used for in-home collection and diagnosis.

Connectivity can directly benefit both patients and healthcare service companies. For example, a connected drug delivery device can automatically order refills from the patient’s pharmacy proactively. This reduces the risk that patients will run out of critical medication, while at the same time helping companies meet business goals.

Connected medical devices could also help predict potential device failures. As an example, imagine a heart pump manufacturer changed the type of lubricant used for the pump bearings because the original supplier went out of business. The product specification was the same, but there was a slight difference in the operating temperature that wasn’t considered an issue. This change resulted in a higher wear pattern on the pump bearings that would go undetected until there was a bearing failure. Instead of having a catastrophic incident in the field, predictive analytics on the live collected device data proactively identified perturbations in the pump output. A notification is issued to both the manufacturer and physician, allowing for early intervention and replacement of the soon-to-malfunction pump, and most likely saving the life of the patient and others with the same problematic lubricant.

There is also the “payor” consideration when it comes to medical device compliance. Medicare, for example, requires that for medical device reimbursement, patients must use the device, and provide evidence of doing so. A connected medical device can collect and store data about patient use and trace the effectiveness of a particular device and treatment to help them do so. They can also help with device traceability and provide ease for software updates when a critical problem is detected in the field.

Cyber security and data privacy

One of the major barriers to adoption of cloud-connected medical devices is cybersecurity and data privacy. Both are critical concerns for every cloud-integrated medical device manufacturer. Connecting devices makes them more vulnerable to both deliberate attacks and undirected malware. The FDA and other regulatory agencies have issued guidelines on managing cybersecurity risk, and the FDA has decided that manufacturers who have streamlined security upgrades on devices don’t have to repeat the entire regulatory approval process. This is good news, but companies will still need to retest and, in some cases, recertify their device.

Cost & expertise

Another concern about connectivity is the cost and expertise required. There’s the initial cost of developing a connected solution and an ongoing cost for maintenance, storage and operation of that solution. Often connectivity infrastructure will become an extension of the medical device and must be designed and operated according to the same regulatory requirements as the medical device. In some cases, the connectivity infrastructure itself is the medical device. The expertise to develop and support a connectivity solution that’s compliant to FDA and other regulatory requirements is a highly specific skill set not in great abundance.

Solutions

So, can these risks be managed? Absolutely. As with other aspects of a medical device, a thorough risk analysis should be done to determine the risk posed by connectivity threats. Each medical device has its own risk profile.

Things to consider when approaching a connected design:

  • What’s the potential harm to the patient or the operator if data is erased or altered?
  • What kind of data is stored and/or transmitted? Does it include protected health information?
  • What are the business risks of connecting or not connecting a device? Managing cybersecurity risk requires a detailed plan that encompasses every stage of medical device development, from conception to post market security patches and updates.

Some strategies to consider:

  • Create a list of cybersecurity procedures and guidelines
  • Train your workforce on good cybersecurity practices
  • Identify, prioritize and track cybersecurity risks as part of product development
  • Ensure good engineering practices by prioritizing secure design and secure coding throughout the product development and maintenance cycle
  • Periodically review known vulnerabilities against third-party libraries or with products focused on design or operation of the medical device
  • Ensure verification includes cybersecurity verification and frequent reviews of security controls
  • Limit the data stored and transmitted to what’s essential to the operation of the device or service
  • Choose the right type and level of encryption.
  • Use appropriate security controls for access to data. Enforce password management practices such as length and complexity restrictions, password expiry, the prohibition on reuse of passwords
  • Establish a post-market surveillance program that monitors for newly discovered cybersecurity vulnerabilities and threats. Always conduct assessments, identify mitigating actions and deploy the mitigation after verification of software patches.

Connected health provides diagnostic benefits, automated alerts, remote monitoring, improved patient outcomes, and has the potential of lowering the overall healthcare costs. In addition, it opens new opportunities for data aggregation and analysis that can be invaluable for improving existing devices or creating new products and services. It can be a very beneficial tool for improving the patient health, if risks are identified, monitored and compliance is well understood. In most cases, the benefits far outweigh the risks.

Abbas Dhilawala, CTO of Galen Data, a provider of a turnkey, connectivity and data analysis, compliant software platform.

 

 

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.

css.php