by

The 3 things we learnt from the Med-Tech Innovation Expo 2019

The annual Med-Tech Innovation Expo is the leading showcase event for the medical device industry in the UK and Ireland.

We visited the Expo at Birmingham's NEC to hear the latest developments and updates from the medical device world.

Here's what we learnt.

 

Med-Tech Innovation Expo

 

1. Cyber security is impacting medical device risk in an unprecedented way

 

What's the first thing you think of when you hear 'medical device risk'?

Faulty implants? Harmful adverse reactions? The Bleeding Edge?

Cyber security doesn't usually spring to mind - but George Strom, Business Development Director of IoT at Intertek, warned medical businesses to ignore it at their peril.

 

George Strom

 

In fact, a computer virus should now be considered on equal footing to a real one in terms of its ability to deal harm to patients. 

As medical businesses increasingly become digitised entities, the impact of malware, ransomware and invasive programming codes has expanded.

Lost records, compromised design processes and unplanned downtime are all recognised as cyber events that can affect patient wellbeing and medical device integrity.

ISO 14971 already focuses on managing risk in the medical device design and manufacture process to prevent physical harm to patients.

But now medical device companies need to begin looking at cyber security standards and working towards their requirements.

These standards include:

  • UL 2900-1
  • ISA/IEC 62443
  • FIPS 140-2
  • The NIST's cyber security framework

If you haven't already, start your reading and start considering the tools you can apply to get your cyber security in order.

Consider:

  • Documenting the lifecycle of any software your business uses, including its end of life - what happens at decommission?
  • Penetration testing
  • Vulnerability assessment
  • Malformed input testing or 'fuzzing'
  • Weakness testing
  • Malware testing

 You probably already apply a risk management process of analysis, evaluation and treatment to your med-tech development. 

Duplicate the process. Run it in parallel for your cyber infrastructure. And consider where your cyber risks might cross-pollinate with your other process risks, and vice versa.

 

   

Risk assessment process

 

 

A computer virus should now be considered on equal footing to a real one in terms of its ability to deal harm to patients. 

 

 

2. Digitisation is changing how medical devices are regulated

 

John Wilkinson, Director of Devices at the MHRA, discussed how regulation of the medical device world has evolved to keep pace with the digitisation of the industry.

Harmonisation of international regulations keeps cost down and improves overall safety - so it's no surprise that it's becomingly increasingly widespread, with the FDA announcing its intention to harmonise CFR 820 with ISO 13485 last year.

But that's not the only development.

The old 'patient in, patient out' healthcare model is becoming obsolete, with more patients preferring to manage their own health outside of the hospital.

And there's an unprecedented amount of digital healthcare data in existence, from electronic genomic sequencing to radiology imagery and electronically managed procedures and test result documents.

That means that regulators are moving to new, higher expectations of the kinds of conformity evidence they need to see both pre- and post-market.

Collections of adverse incident reports will no longer be sufficient by themselves for post-market studies, and medical device companies will be expected to present more and more of the data at their fingertips as part of a data-led proof of conformity.

And the link between data management and press coverage is stronger than ever, with slip-ups making it to the front page quicker than ever before.

All in all, Mr Wilkinson pointed to an 'IT transformation' shaping the next 10 years of the med-tech market.

 

Desktop Issue & Equipment Manager-1

 

Since software entered a 2009 medical device directive, it's become an increasingly prominent component of how med-tech companies operate - Mr Wilkinson predicted medicines, devices and digital health to be the '3 pillars' for the MHRA's regulatory strategy within a decade.

 

Collections of adverse incident reports will no longer be sufficient by themselves for post-market studies.

 

 

3. Legal challenges are evolving

 

The medical device lifecycle covers 5 stages:

  • Concept
  • Prototype
  • Manufacture
  • Marketing
  • On the market

Each step presents its own legal and regulatory challenges, from IP protection to technical file submission and post-market surveillance.

In common with other observations about digitisation changing the market, legal firm Bird & Bird noted that software's entry into the med-tech world had brought new concerns to the forefront.

In particular, a range of third-party software vendors unfamiliar with healthcare are entering the industry.

So there's now a stronger emphasis than ever on med-tech companies to do proper due diligence as they invest in new software systems, considering:

  • How their business continuity models take account of software, and how they'd respond in the event of disruption or downtime
  • If (and how) a new cloud-based software system would guarantee security of data
  • Any security and compliance risks which might be presented with a new software investment

Bird & Bird also presented an ideal '3-layer' model for med-tech software application, with:

1. Interconnected devices pushing 'big data' up to...

2. An analytical platform for trend analysis, and the conclusions added to...

3. A feedback loop for future continuous improvement of the medical device lifecycle.

The opportunities and growing popularity of software were made clear, with Capgemini predicting that 47% of a manufacturer's portfolio would comprise smart 'IoT' products by the end of next year.

But it was also emphasised that med-tech companies need to invest the 'right way', with careful planning of how to apply software in an interconnected and low-risk model that simplifies compliance and patient safety rather than complicating it.

 

A range of third-party software vendors unfamiliar with healthcare are entering the industry.

So there's now a stronger emphasis than ever on med-tech companies to do proper due diligence as they invest.

 

Next steps

 

Learn more about electronic medical device quality management with our ISO 13485 software datasheet:

 

Medical device quality management software datasheet brochure




Tags: ISO 13485, News, GXP, Medical Device