White Paper
The phrase “digital health” is no longer just an industry buzzword. The medical device industry has fully embraced digital health initiatives, and the medtech manufacturers who have successfully implemented connectivity in their products have realized a wealth of opportunities, driving tangible patient and healthcare provider (HCP) benefits that will significantly increase their market penetration.
In this white paper, we explore five key ways that connectivity is revolutionizing the world of medical devices and driving real value for medical device manufacturers, clinicians, and their patients. Plus, we’ll take a look at regulatory and cybersecurity challenges in this increasingly interconnected digital landscape.
Traditionally, medical devices were treated as isolated ‘walled gardens,’ where the manufacturer tightly controlled all elements of the hardware, software, and user experience. Designs were developed under strict design control, and the design couldn’t change without robust and rigorous requirements capture and revalidation under an ISO 13485-compliant quality system. Due to individual manufacturers owning all of the technology pieces, many devices were only refreshed on 5- to 10-year product lifecycles.
Today, with increased clinical demand for integration between different medical devices, smartphone/tablet apps, and Electronic Health Records (EHRs), the traditional walled garden approach is untenable.
Releasing a medtech product with a long lifecycle that doesn’t adapt to changing systems and processes simply doesn’t work. Today’s devices and corresponding digital properties must be continuously updated to ensure they are capable of interfacing with the newest systems and processes, and remain resistant to the latest cybersecurity threats. At the same time, these updates can’t be delayed for years, or even months—they must be made quickly, within a strict revalidation framework that ensures patient safety is maintained.
Medical device companies should not allow themselves to be slowed down by their legacy digital capabilities. They don’t need to build their own infrastructures that create data silos. They need to think beyond individual products. To truly create value with your data, you must take an ecosystem approach." — Kal Patel, MD, CEO & CoFounder, BrightInsight
This is a fundamental shift for medical device manufacturers. There are significant risks for regulatory compliance, patient safety, and profit margins if connectivity is implemented incorrectly and without proper foresight across the full product lifecycle.
Key considerations should include:
A key enabler is a standardized and compliant Software as a Service (SaaS) platform that manufacturers can leverage to deliver the benefits of connectivity that their customers and patients are demanding, while at the same time conferring significant enhancements in efficiency and market share for the manufacturers.
The starting line is connectivity. Then it’s about collecting the data and then activating the data—vertically at the episode of care and then horizontally across the continuum of care. Using an open platform allows different medical device companies to collect and share that data among the device makers, as well as with the patient and provider. Breaking down silos will drive higher quality care at reduced costs." — Scott Huennekens, Medical Device CEO, Entrepreneur, Chairman, Board Member
If a new connected medical device is implemented well, the rewards to the manufacturer and benefits for patient care can be significant. In terms of profits, medical device manufacturers who embrace cloud computing are poised to reap big rewards—according to a report by Global Market Insights Inc., the US healthcare cloud computing market is set to hit $55 billion by 2025.1
In the following sections, we explore some of the most successful digital health solutions for medical devices, with particular focus on the benefits delivered and how the key risks described above were addressed.
The advent of clinical genomics and digital imaging has vastly improved patient care in a wide range of therapeutic areas, from prenatal testing to oncology. However, these tools have also significantly increased the volume of data that a device can collect from an individual patient. Condensing these data into a simple, clinically relevant indicator often requires computationally intensive algorithms and access to vast clinical databases that cannot be hosted on a standalone workstation or in the device's embedded software. Instead, these algorithms and databases need to be hosted in the cloud.
As you transition from hosting a process on the device to hosting it in the cloud, it’s important to understand that the process is still regulated as medical device software. While elements of the system can be designated as Medical Device Data Systems (MDDS) in the U.S. (software that only transfers, stores, converts formats, and displays medical device data) or Class I in Europe, the core clinical algorithms hosted on the cloud will almost certainly be regulated at the same classification as the core device.
This leads to some interesting questions: obviously, the manufacturer could build their own cloud infrastructure under ISO13485/IEC 62304, but this requires significant investment in both development and maintenance. A much more attractive approach would be to develop the cloud element within an existing platform environment such as Google Cloud Platform (GCP), Amazon Web Services (AWS), or Microsoft Azure. However, these systems are not built under medical design control and can push up to 10 updates per day to the underlying architecture. These continual updates place a significant burden on the manufacturer to revalidate their cloud solution rapidly and maintain patient safety and regulatory compliance.
It’s not necessary for medical device companies to build the entire solution. You don’t have to build your own cloud. By working with partners who are knowledgeable and experienced in global regulatory, security, and privacy laws, there’s the potential to get ahead of competitors and win a land grab." – Scott Huennekens, Medical Device CEO, Entrepreneur, Chairman, Board Member
In this context, BrightInsight has addressed this challenge by forming a unique partnership with GCP where the underlying updates released by Google are fully tested before release onto our cloud platform. In this way, the benefits of a pre-built cloud platform can be realized for genomic analysis and imaging cloud computing, while maintaining compliance under medical design control.
The ability of a manufacturer to access their fleet of installed devices remotely has significant advantages. By sending real-world operational data (e.g., motor currents, sensor data) back to a cloud service, manufacturers can identify maintenance issues early and schedule service visits to intervene proactively. By combining these data with video conferencing and Augmented Reality (AR) technologies, customer support teams can connect directly with their users either for individual device setup or on-the-fly troubleshooting. A great example of this is Boston Scientific's Ask Angie service, which blends real-time video streams into an interactive environment where users can telestrate, use hand gestures, and freeze images for clinical case support.
Medtech companies that are already utilizing remote device support saw even more benefits during the COVID-19 pandemic, when service visits were necessarily limited, and device uptime was at its most crucial.
As we move into a post-pandemic landscape, remote device support will continue to grow in popularity, as more healthcare organizations, clinicians, and device manufacturers see the efficiency and cost benefits in reducing the number of service visits.
While collecting data from medtech devices is well established, the concept of actually controlling and/or updating devices remotely is relatively new, particularly for higher risk classification devices. However, the availability of compliant, medically regulated cloud solutions is finally enabling this to be done safely and securely.
The ability to update medical device firmware remotely delivers several benefits.
First, it isn't practical or cost-effective to regularly send service engineers to update devices manually in the field, particularly if a device is already networked. Having the ability to roll out packaged updates to a fleet of installed units can dramatically increase efficiency and reduce costs. There are many examples where manufacturers are spending tens of millions of dollars on service engineer visits to maintain software and firmware upgrades, that would effectively be reduced to zero once their devices are enabled for OTA updates.
Second, compliant cloud connectivity can actually increase patient safety by making the system more secure. For many devices, USB ports are used to install updates, which is an inherently insecure method that significantly increases cybersecurity threats. By removing these ports and having a direct, secure connection to a cloud service controlled by the manufacturer, this vulnerability is effectively mitigated.
In this way, OTA updates will become commonplace, and will be highly beneficial from the perspective of patients, HCPs, regulators, and manufacturers.
The connected medical devices segment of the Internet of Medical Things (IoMT) is expected to balloon from being a $14.9 billion market in 2017 to an incredible $158.1 billion market by 2022, according to Deloitte.2
This trend is especially evident in the surgical field, where there is an emerging revolution of smart and connected surgical tools, including robotics. These systems are collecting unprecedented amounts of data about what happens during a procedure—for example, movement/forces data from the device at each step and concurrent images of the procedure being performed. By aggregating these data in the cloud in a clinical database, clinicians can make use of machine learning (ML) algorithms to compare their technique with procedures performed by others and identify areas for improvement. And the accuracy of ML tools is promising.
In a study published in the Journal of Bone & Joint Surgery, participants from four Canadian universities were divided into two groups according to their training level and asked to perform a virtual reality hemilaminectomy. When their techniques were analyzed via machine learning algorithms, the machine successfully identified the participants’ skill level with 97.6% accuracy.3
In time, the adoption of data integration in surgical procedures will facilitate a faster path to best practice and better patient outcomes, as well as providing template procedures for training in surgical simulators. While this practice is still emerging, we believe these clinical databases will become commonplace as devices become increasingly connected.
From the manufacturer’s perspective, it provides a fantastic opportunity to "own" more of the care pathways they serve and gain a significant competitive advantage in the market. Better accountability and more consistency around how a procedure is performed is in everyone’s interest.
There’s discussion in tech of 'data lakes.' In medtech, we have 'data wells.' Our sleep apnea devices contain wells' worth of diabetes, cardiovascular, respiratory, and neurological data. Leveraging data appropriately across disease states could have tremendous impact on chronic disease costs and outcomes." - Mick Farrell, CEO, ResMed
Eight years ago, medical device manufacturers would recoil in horror at the idea of integrating a smartphone or tablet interface into their system, as these are essentially consumer devices with operating systems built without medical design control. However, the sheer utility of these devices, combined with pressure from both patients and clinicians, has made their integration inevitable. With appropriate controls and partitioning of risk, it is possible to safely implement these devices as part of a medical device ecosystem.
According to a 2019 Deloitte crowdsourcing simulation with 38 experts from digital health startups, medtech companies, tech companies, health plans, health systems, and research organizations, most respondents believe that both medtech and consumer tech together will drive innovation in the healthcare landscape.4
Medical device applications for smartphones tend to fall into several categories, in order of increasing risk:
The first two categories are well known and are delivering significant value already. In particular, the interoperability of glucose meters, insulin pens/wearables, and bolus calculators has been impressive and has resulted in significant improvements in patient outcomes. The case for expanding into other drug/device use cases is clear.
The second two categories are emerging use cases. Control system apps are particularly interesting for a new wave of active implantable devices such as neurostimulators. In these use cases, patients can use the app to directly control lower-risk functions like the interruption of the treatment protocol, or changes in the levels of simulation (within tightly controlled parameters set by the implantable device itself). Users can also use the same app to access their own patient information or report symptoms directly to their clinician. Clinicians can even use a commercial tablet to configure higher-risk settings in the implantable (often via an intermediary device to help mitigate risk). In these systems, the patients benefit because they have a convenient and current User Interface (UI) that is controlled from their existing personal device, with no need to carry around separate hardware. Meanwhile, the manufacturer achieves significant savings by avoiding the need to develop, validate, and maintain the legacy interface hardware.
Despite the many opportunities for digital in medtech, there is still apprehension about moving to the cloud. Most of the concern has been around the risk and challenges of remaining compliant with the evolving landscape of software quality, cybersecurity, interoperability, and regulatory guidance documents.
There has been much collaboration to help create standards and frameworks to help manufacturers and platform developers manage that risk in a compliant manner, throughout the entire product lifecycle. Frameworks such as the Health Sector Coordinating Council’s Joint Security Plan (JSP) provide guidance around how to identify and address software quality and cybersecurity risks from concept to end of life. The JSP also allows for the incorporation of other standards, such as AAMI TIR 57 or NIST 800-30, in order to further address the intersection of cybersecurity risk and patient safety risk, tying into traditional hazard analysis standards like ISO 14971.
Another relevant standard is UL 2900, which outlines the testable criteria that manufacturers can use to analyze the efficacy of the risk controls that a manufacturer may implement. UL 2900 ties the testing process back to the risk management process as it encourages manufacturers to take the findings of static code analysis, vulnerability assessments, and penetration testing to ensure that those findings do not pose further risk to patient safety, data privacy, and integrity.
What is the importance of these standards? Ultimately, over the past decade, it has become apparent to international regulatory bodies, such as the International Medical Device Regulators Forum (IMDRF), US FDA, Health Canada, EU, and Australian TGA, that cybersecurity should be a shared responsibility among stakeholders. Stakeholders also recognize that addressing cybersecurity in a harmonized and standardized way is equally important, hence the collaboration to develop such standards and frameworks that can be practically implemented by manufacturers and developers alike.
No longer is it acceptable for manufacturers to shift the burden of cybersecurity onto their end customers through configuration. Now, it is incumbent upon manufacturers to demonstrate an assurance case model for product and platform security, where they make their claims and have risk-based processes to substantiate those claims, along with testable evidence to serve as verification and validation. That assurance case model is becoming required for entry into many international markets. During filings and audits, regulators are looking for that evidence to be presented.
Compliance responsibility have been seen as daunting because it was difficult to decide where to begin when addressing complex issues, such as cybersecurity or regulatory compliance. However, industry experts, research organizations, and government entities coming together to develop frameworks and standards will accelerate adoption of new digital technologies.
Now, rather than fearing risks, manufacturers and developers can confidently address them in a rigorous manner.
That very risk-based rigor is core BrightInsight.
The proven BrightInsight Platform takes the hard work out of building, scaling, and maintaining digital health solutions through its modular cloud-based architecture, pre-built functionality, and commitment to meeting privacy, security, regulatory, and quality requirements. Whether you’re developing a connected medical device, building a companion app for an existing device, or looking to scale your remote device diagnostics program, BrightInsight can accelerate your digital journey in a compliant and cost-effective manner.
After a decade of standards, technology, and platform development, medical device manufacturers can finally leverage a wealth of compliance best practices and connectivity solutions to deliver the genuinely impactful and engaging new products that today’s patients and clinicians demand.
Cloud connectivity will be an essential function of every medtech device soon, and to avoid being left behind in the marketplace, it’s critical that manufacturers adapt quickly. At BrightInsight, we are proud to offer the industry-leading, ready-made regulated SaaS platform that is playing a key role in accelerating this evolution, and we’re excited about the patient care possibilities we can help medtech companies unlock.