Anura S Fernando
Anura S. Fernando is UL’s Principal Engineer for Medical Software &
• Degrees in Electrical Engineering, Biology/Chemistry, and Software Engineering
• Over 17 years experience at UL with safety critical software and control systems certification;
as well as research across many industries – process automation, alternative energy, medical,
hazardous locations, appliances, optical radiation, nanotechnology, battery technologies, etc.
• Research and publications in Predictive Modeling and Risk Analysis, Cybersecurity, Systems of
Systems, Software, Health IT, Apps, and Medical Device safety.
• Projects with numerous Fortune 500 companies, DoD, DoE, DHS, FDA, FCC, ONC, NASA
and several U.S. National Laboratories
Additional experience relevant for this discussion/audience:
• Contributed to the development of several standards involving software and Functional Safety
as a member in IEC, ISO, ASME committees and Expert Task Force member.
• UL lead for the development of the AAMI/UL 2800 family of eHealth standards for
interoperable medical device interface safety.
• Member of the Federal Advisory Committee FDASIA WG to the Health IT Policy Committee,
FDA Medical Device Interoperability Coordinating Council, Medical Device Interoperability
Safety Working Group, Health Information Management Systems Society, Association for the
Advancement of Medical Instrumentation, and the International Council on Systems
Not too long ago, we were pretty focused on
what could be done in the cloud…
Now we’re equally interested in what is
happening around the cloud…
What do we call this new domain?...the “Fog”
What is “fog computing” (or edge computing)
The fog uses pervasive computing technologies
…with many sensors creating many possibilities
…and new sensor technologies emerging
Nanotechnologies integrated with textiles
H Zhao et al, Nanotechnology 21 (2010) 305502
Combining wearables with network technologies…
In a “microbiome” of wearable sensors…
…we can become the “quantified self”
So what risks may lie ahead?
Understanding new science…What makes fog?
Understanding new science…what makes “fog”
Image extracted from Systems Engineering Fundamentals. Defense Acquisition University Press, 2001
Analyzing Risk: Hazard Based Safety Engineering
…or Data …or Process
HBSE Standard Injury Fault Tree
IDENTIFY MEANS BY WHICH
ENERGY CAN BE
TRANSFERRED TO A BODY PART
DESIGN SAFEGUARD WHICH
WILL PREVENT ENERGY
TRANSFER TO A BODY PART
…or Data …or Process
Analysis Drives UL’s Safety Testing and Certification
Applying HBSE to Wearable Technologies
…or Data …or Process
Are there any hazards?
We can see some WT IoE risks
(LASER, UV, etc…)
Privacy, Security, Performance if used by Dr
(Cryptographic verification, HIPAA)
Acoustic Energy Data Integrity, Usability
Even some unique new problems can
• Eye strain
• Dryness of mouth
• Fullness of stomach
• Vomiting. Viola, SIGCHI Bulletin Volume 32, Number 1 January 2000
Different layers of the IoE system require different
What about “big data” from the IoE…
Where is all this data stored? Is it secure?
Is it correct? Can I trust it?...
Big data problems can be due to little
differences in context
Who should get a reduced premium?
Who is a hacker?
A hacker is…
• Someone who exploits imperfections of the system for personal or
organizational (e.g. nation state) gain.
Different kinds of wearables bring different risks
Created by Beecham Research in Partnership with Wearable Technologies Group
Managing complexity is a key to security
Defense in depth
Managing breaches and elevation of privilege
Architecture can promote safety, security, and
Sensor A and B fail
Sensor A fails
Sensor B fails
Specifications, standards, codes, and regulations
can help guide architects and developers
Case Study – Healthcare
(ASTM F2761 ICE architecture)
FDA Recognized Consensus Standard
New solutions: low cost pervasive technologies
All this data could help improve healthcare
The medical Internet of Things (mIoT)
Digital health devices — defined as “an internet-connected
device or software created for detection or treatment of a
— saved the US healthcare system $6 billion last year in
the form of improved medication adherence, behavior
modifications and fewer emergency room visits. They
predict that savings will grow to $10 billion in 2015,
$18 billion in 2016, $30 billion in 2017 and $50 billion in
UL participates with government agencies to
establish perspectives on risk
FDA Safety and Innovation Act (FDASIA WG)
Regulators are balancing risk and innovation…
FCC Requirements for MBAN and FDA MOU – 24 May 2012
FDA Guidance: RF Wireless Technology…– 13 Aug 2013
FDA Guidance for Home Use Devices – 24 Nov 2014
FDA Draft Guidance: General Wellness (Low Risk) – 20 Jan 2015
FDA Guidance: Mobile Medical Applications – 25 Sept 2013
EC Guidance Document – Qualification and Classification of stand alone
software (MEDDEV 2.1/6) – Jan 2012
FDA Final Rule: MDDS – 15 Feb 2011
FDA Guidance: Medical Device Data Systems, Medical Image Storage
Devices, and Medical Image Communications Devices – 9 Jan 2015
FDA Guidance: Management of Cybersecurity – 2 Oct 2014
Consumer product or medical device?
A medical device1 is "an instrument, apparatus, implement, machine,
contrivance, implant, in vitro reagent, or other similar or related article,
including a component part, or accessory which is:
recognized in the official National Formulary, or the United States
Pharmacopoeia, or any supplement to them, intended for use in
the diagnosis of disease or other conditions, or in the
cure, mitigation, treatment, or prevention of disease, in
man or other animals, or
intended to affect the structure or any function of the
body of man or other animals, and which does not achieve any
of its primary intended purposes through chemical action within or on
the body of man or other animals and which is not dependent upon
being metabolized for the achievement of any of its primary intended
Labeling can make all the difference…
Treat Obesity vs. Manage Weight
The struggle to characterize relative risk
Proposed in 2015 draft guidance on low risk general wellness
Whether a device is low risk for purposes of this guidance is
determined by whether or not the product:
1) is invasive;
2) involves an intervention or technology that may pose a risk to a
user’s safety if device controls are not applied, such as risks from
lasers, radiation exposure, or implants;
3) raises novel questions of usability; or
4) raises questions of biocompatibility.
Consumer products may be regulated too
US Consumer Product Safety Commission
- Consumer Product Safety Improvement Act (e.g. wearable tech considered
- Mechanisms to facilitate recalls
US Federal Trade Commission
- Federal Trade Commission Act (e.g. FTC levies fines against melanoma
detection apps…”lacks adequate evidence to support their claims”…)
- …”unfair or deceptive acts or practices in or affecting commerce; (b) seek
monetary redress and other relief for conduct injurious to consumers”…
Occupational Safety and Health Administration
- Most employees in the US come under OSHA jurisdiction (e.g. NIOSH
recommendations for body-worn RFID)
Not just in the US
EU data protection reform allows penalties up to 100m Euros
Ongoing attempts to strictly regulate cybersecurity in China has
included tight controls of supply chain and significant IP disclosures for
Cyber security is one of Australia's national security priorities under the
Prime Minister's 2008 National Security Statement. Australia's national
security, economic prosperity and social wellbeing rely on the
availability, integrity and confidentiality of a range of information and
communications technology. This includes desktop computers, the
internet, telecommunications, mobile communications devices and
other computer systems and networks.
Standards and regulations can stimulate
thinking about the problem space.
Is the data properly encrypted?
What if my wearable interacts with health IT systems?
Are there new risks to consider?
How secure are my data exchanges?
Has my data been compromised (even a little)?
Single Event Upset or Data Corruption
How do I respond when service is lost?
Reduce the likelihood of breaches
Addressing such system robustness issues in general can minimize
weaknesses that hackers could exploit.
Standards can help establish assurance cases
Regulators Leverage Standards
Aug 6, 2013 FDA Recognized Consensus Standards Support
There are 25 new standards grouped mainly into three categories:
1. Managing risk in a connected and networked environment;
2. Nomenclature, frameworks and medical device specific communications,
including system and software lifecycle process;
3. Cybersecurity including standards from the industrial control systems arena
that are relevant to medical devices.
AAMI / UL 2800 – interoperable medical device safety
Technology is enabling rapid product innovation and
new safety standards and regulations are emerging
Managing innovation and regulatory change
UL supports WT and IoE developers through
supply chain and sustainability services
Throughout the entire product lifecycle to
address safety, security, and performance