Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

eHealth - Medical Systems Interoperability & Mobile Health


Published on

The Medical Device industry is rapidly adopting technologies that enable communication and connectivity of health products and systems to improve both speed and quality of care as well as patient safety. The users (i.e. hospitals and others) are demanding an approach that will support interoperability among multiple independently sourced medical devices. Industry will require standardization to support such interoperability. Government and regulators, on behalf of the patients and in compliance with their mission to protect public health, as well as users and manufacturers require that such interoperability is safe. This complementary webinar will introduce the eHealth sector and applications, outline the challenges and risks inherent in connecting heterogeneous equipment into medical device systems, and provide insights to how manufacturers can demonstrate compliance with the rapidly changing regulatory landscape for interoperable medical devices.

This webinar was presented by UL eHealth experts on October 30, 2013.

  • Be the first to comment

eHealth - Medical Systems Interoperability & Mobile Health

  1. 1. eHealth – Medical Systems Interoperability & Mobile Health October 30, 2013 Presenters: Anura Fernando - Principal Engineer, Medical Software & Systems Interoperability Mark Leimbeck – Program Manager, Quality and Training Moderated by: Laura Elan – Program Manager, Global Service Lead - eHealth UL and the UL logo are trademarks of UL LLC © 2013 Copyright © 2013 UL LLC
  2. 2. AGENDA Why Are We Here? New Devices and the Need for Safe Interoperability Using Standards to Support Regulations Conclusion 2 Copyright © 2013 UL LLC
  3. 3. Why Are We Here? RISK! More specifically, from IEC 60601-1, Clause 16.1 .…The MANUFACTURER of an ME SYSTEM that is (re)configurable by the RESPONSIBLE ORGANIZATION or OPERATOR may use RISK MANAGEMENT methods to determine which configurations constitute the highest RISKS and which measures are needed to ensure that the ME SYSTEM in any possible configuration does not present an unacceptable RISK…. 3 Copyright © 2013 UL LLC
  4. 4. Examples ABSENCE OF INTEROPERABILITY PATIENT CONTROLLED ANALGESIA PUMPS1 - VA representatives recently stated that PCA pumps with an integrated CO2 monitor could have prevented 60% of adverse events in 69 root cause analyses related to PCA pumps.15 4 Copyright © 2013 UL LLC
  5. 5. Examples INTEROPERABILITY “INDUCED” ERRORS EHR prompt nearly kills prison inmate2 “An inmate at a California correctional facility nearly received a lethal dose of heart medication last week at the prompting of a newly implemented electronic health record system.” 5 Copyright © 2013 UL LLC
  6. 6. Regulatory Response It Has Come to Our Attention Letter† “It has come to our attention that you are currently marketing the XXXX analyzer … … Since your app allows a mobile phone to analyze the dipsticks, the phone and device as a whole functions as an automated strip reader. When these dipsticks are read by an automated strip reader, the dipsticks require new clearance as part of the test system. Therefore, any company intending to promote their device for use in analyzing, reading, and/or interpreting these dipsticks need to obtain clearance for the entire urinalysis test system…” † FDA Website 5/21/2013 6 Copyright © 2013 UL LLC
  7. 7. Who is Responsible? Manufacturer of any product which is1 “an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article… • intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease… or • intended to affect the structure or any function of the body of man or other animals…” 1. section 201(h) of the Federal Food Drug & Cosmetic (FD&C) Act it will be regulated by the Food and Drug Administration (FDA) 7 Copyright © 2013 UL LLC
  8. 8. And What is the Manufacturer Responsible For? Preamble5 Comment #4 “…In fact the new regulation is less prescriptive and gives the manufacturer the flexibility to determine the controls that are necessary commensurate with risk. The burden is on the manufacturer, however, to describe the types and degree of controls and how those controls were decided upon…” 8 Copyright © 2013 UL LLC
  9. 9. What Decisions are Being Made? 21 CFR 820.302 Design controls. Each manufacturer shall: • establish and maintain procedures to control the design • ensure that the design requirements address the: • intended use of the device, • needs of the user and patient • include software validation and risk analysis, where appropriate… 9 Copyright © 2013 UL LLC
  10. 10. Who is Responsible? Management is ultimately responsible for determining and implementing risk based decisions to ensure the safety and effectiveness of the device 10 Copyright © 2013 UL LLC
  11. 11. The World Today – New Devices and the Need For Safe Interoperability Copyright © 2013 UL LLC
  12. 12. 12
  13. 13. Smart Grid – Even More Heterogeneity Slide 13
  14. 14. Key Common Challenges for Systems Integrators Understanding What Can Go Wrong Lack of Clarity on Design Requirements and Needs Inadequate Risk Controls Time and Cost Responsibility / Accountability (Who Owns the System?) Slide 14
  15. 15. …can result in… Mars Climate Orbiter - Mismatched units Ariane 5 Floating point value too large to be represented by signed integer Therac - 25 - “unlikely” sequence of keystrokes - Integrated re-used sw into incompatible hardware (no interlocks) - Improper V&V – no pre-release integration testing Slide 15
  16. 16. So, Are There Medical Device and HIT Risks? Acute Care Telemedicine Slide 16
  17. 17. A Growing “Ecosystem” of Healthcare Systems Slide 17
  18. 18. …connected via communications technology creates the world of eHealth and mHealth 18
  19. 19. “The Future” is Here Slide 19
  20. 20. Addressing Safety and Security Slide 20
  21. 21. Safety and Security Defined and Evolving SAFETY: freedom from unacceptable risk [ISO 14971: 2007] SAFETY: freedom from unacceptable RISK of physical injury or damage to the health of people or damage to property or the environment [SOURCE: IEC 80001-1:2010, definition 2.30] DATA AND SYSTEM SECURITY: an operational state of a medical IT network in which information assets (data and systems) are reasonably protected from degradation of confidentiality, integrity, and availability. [IEC 80001-1: 2010] Slide 21
  22. 22. FDA “Accessory Rule” – Avoiding Weak Links From FDA Mobile Medical Application Draft Guidance: “Accessories to classified devices take on the same classification as the "parent" device. An accessory such as software that accepts input from multiple devices usually takes on the classification of the "parent" device with the highest risk, i.e., class.”; Final Rule, Medical Devices, Medical Device Data Systems, 76 Fed. Reg. 8637, 86438644 (Feb. 15, 2011). The Medical Device Data Systems (MDDS) Final Rule changes this and allows for ease of innovation Slide 22
  23. 23. Regulations Begin Considering the Risks FDA Final Rule: MDDS – 15 Feb 2011 FCC Requirements for MBAN and FDA MOU – 24 May 2012 Draft Guidance for Home Use Devices – 12 Dec 2012 FDA Draft Guidance: Management of Cybersecurity – 14 June 2013 FDA Guidance: RF Wireless Technology…– 13 Aug 2013 FDA Final Rule: Unique Device Identification Final Rule – 24 Sept 2013 FDA Draft Guidance: Global UDI Database – 24 Sept 2013 FDA Guidance: Mobile Medical Applications – 25 Sept 2013 23
  24. 24. Are You an “App” Developer?
  25. 25. Low Risk – Unregulated?
  26. 26. Higher Risk – Regulated?
  27. 27. Have you considered the uses? VS.
  28. 28. Have you considered the users? VS.
  29. 29. Have you considered the environment? Acme Insurance WWW
  30. 30. What are the risks with safety-related data? 1001010010100101101010
  31. 31. Incorrect Information Exchange EXAMPLE: Single Event Upset or Data Corruption 1001010010100101101010 X 31
  32. 32. Information Not Provided EXAMPLE: No Data 32
  33. 33. Incorrect Timing of Information EXAMPLE: Information provided when app is inactive 1001010010100101101010 33
  34. 34. Premature Termination EXAMPLE: Dropped Signal 34
  35. 35. Have you considered systems safety and security? Acme Insurance WWW
  36. 36. What could go wrong? Acme Insurance WWW 36
  37. 37. Do you test to support your safety claims? Modified from:
  38. 38. Do you test to support your security claims? Cryptographic Verification )) )) ))) 38
  39. 39. Using Standards to Support Regulations Copyright © 2013 UL LLC
  40. 40. Assurance Cases Can Help Support Claims Slide 40
  41. 41. Standards Can Help Guide Assurance Cases Safety Standards Slide 41
  42. 42. Standards for eHealth and mHealth Interoperability Aug 6, 2013 FDA Recognized Consensus Standards Support Interoperability: There are 25 new standards for interoperability grouped mainly into three categories: 1. Managing risk in a connected and networked environment; 2. Nomenclature, frameworks and medical device specific communications, including system and software lifecycle process; 3. Cybersecurity standards from the industrial control systems arena that are relevant to medical devices. Coming soon: AAMI / UL 2800 – interoperable medical device interface safety …and many more are here and coming… Slide 42
  43. 43. UL Works Directly with Government Agencies To Help Inform Health IT Policy FDA Safety and Innovation Act (FDASIA WG) 43
  44. 44. We Have The Technology…We Can Build It… Standards and Regulations are Emerging… Are You Prepared ??? IDEA Managing innovation and regulatory change Mobile Medical Applications PRODUCT & SYSTEM Hospital IT Equipment Providers Wireless Medical Devices 44
  45. 45. Managing innovation during regulatory change IDEA PRODUCT In the Development Cycle or Already in the Field Technological framework UL Safety Framework can be your partner Comprehensive Suite of Services Regulatory Framework Safety Framework
  46. 46. Thank You For Your Interest How can UL help you? More information – Email: Mobile Medical Apps Wireless Medical Devices Hospital IT Infrastructure Advisory services for medical device classification, training navigation of regulations and submission support, • Advisory services for satisfying regulatory guidance • • Testing services using international consensus standards to support regulatory compliance claims: Advisory services for Medical Device Data Systems (MDDS) classification and regulatory strategy • Testing / conformance to global standards (including recent FDA recognized consensus standards for interoperability) • Advisory services for medical device classification, training, and regulatory submission support for system integrators Quality Management System registration Assessment to interoperability standards • Coexistence • Performance • Security • Data integrity EMC and wireless coexistence testing • Quality of service (QoS) Clinical & pre-clinical testing and test planning • Continua Alliance Testing • Safety / EMC Usability advisory services, testing, and certification FDA Submission support including pre-audit services 46
  47. 47. Contact UL Email: Web: 47