In September 2017, the FDA announced a guidance called “Design Considerations and Pre-market Submission Recommendations for Interoperable Medical Devices.” This guidance will help Life Science organizations via considerations for design and development of medical devices to safely exchange information.
Having connected medical devices that can exchange information—known as interoperability—can be a game changer in patient care, but it must be done properly to ensure security and efficiency. Here are 6 considerations the FDA recommends for mitigating interoperability-specific risks:
1. Purpose of the Electronic Interface
In the design phase, manufacturers should clearly establish the purpose of electronic interfaces and consider their purpose and intended use when developing the product and its use instructions. Although these may vary depending on the type of device and its intended use, some elements that should be considered include:
- The types of devices that it will connect to and the type of data exchange taking place.
- The method of data transmission and synchronization.
- The necessary timeliness and reliability of information.
- The possible use scenarios and what functional and performance elements they require.
2. Anticipated Users
Considering anticipated users helps in identifying and addressing potential risk when developing use instructions and limitations. Providing sufficient information allows the users to operate the device safely and securely. Some information anticipated users should know:
- The clinical uses and potential risks of the use.
- The equipment maintenance, performance and security requirements.
- Any applicable instructions for use of the device in a home setting.
3. Risk Management
Medical devices that include a digital interface have additional risk considerations: the actual device, the network and the other interfaced devices they connect with. Managing these risks is a tricky balance between allowing intended access while restricting unintended access.
The FDA recommends that manufacturers take an approach to risk management that focuses on potential hazards and security issues specifically brought on by an electronic interface. A lot of attention should be given to security features and control measures for corrupted data or unintended access as well as what to do in the case of failures or malfunctions.
4. Verification and Validation
Interoperable devices should go through rigorous testing to confirm performance, both on their own and within the context of other devices they should be used with. The FDA recommends that manufacturers test for specific things including:
- That there are functional fail-safe states for critical functions.
- Verification that only authorized users can exchange information.
- That routine use does not interfere with the operation of other networked devices.
- That testing conditions match real-world use of the device.
5. Labeling Considerations
A way to reduce risk for interoperability is to properly and completely label the functional and performance requirements for connecting the device. Device packing, instructions and website content can all help users be informed and use the device safely and securely.
6. Use of Consensus Standards
The FDA recommends using published consensus standards in developing interoperable medical devices. These consensus standards can be used not only by manufacturers, but by other stakeholders including delivery organizations, system integrators, IT professionals and healthcare workers.
These standards provide an in-depth overview of many of the design standards already mentioned, as well as other considerations such as data format or interoperability data architecture design. When manufacturers approach interoperability in a standardized way, there is less room for error since functional, performance and interface requirements are available to all users.
So, What Have We Learned?
What do these recommendations have in common? They are for the design phase. In other words, take a proactive approach and plan for risk before it happens. Taking the time to assess risk in the early stages of development can be the difference between successful and failed devices.