MEDICAL ELECTRONIC DEVICE SOLUTIONS
avigating the Maze of N Intellectual Property An RTC Group Publication
evice Vulnerability: D Diplomacy in Dealing with Vendors
A Supplement to RTC magazine
ew Technologies N Boost Patient Monitoring
GO FURTHER WITH UL As healthcare evolves, so does UL. We understand the regulatory environment is a challenge and global regulatory approvals are the number one concern for your business. UL’s dedicated Health Sciences industry team provides the support you need to gain regulatory approvals in global markets. And we have added technical expertise and services to support inactive, implantable and ophthalmic devices.
For more than 118 years, the UL business and brand has been built on trust. Find out more about just how much farther you can go with UL.
LEARN WHERE YOU CAN GO WITH UL, VISIT US AT WWW.UL.COM/GLOBAL-MEDICAL UL and the UL logo are trademarks of UL LLC © 2012. BDi 01/12 111210
LOCAL SERVICES TO SUPPORT GLOBAL REGULATORY APPROVALS:
• ISO 13485
• Brazil INMETRO
• CMDCAS
• ISO 14971
• CE Marking
• IEC 60601
• CRO–ISO 14155
• CB Scheme
• Biocompatibility
• IEC 61010
• Usability
• Packaging & Shelf Life
• Software • Japan PAL
• Application Assistance
MEDS CONTENTS
MEDICAL ELECTRONIC DEVICE SOLUTIONS
august 2012 UP FRONT
PULSE
6
18
EDITORIAL
Ten Truths about Building Safe Software for Medical Devices Yi Zheng and Chris Hobbs, QNX Software Systems
Telemedicine: Big Potential if Done Right Tom Williams
8 PUBLISHER’S LETTER
The Challenge of Interoperability – With or Without Wire John Koon
FOCUS 10 NEWS & PRODUCTS
A Collection of What’s New, What’s Now and What’s Next
24 Issues with Embedded Device Disclosures: Helping Vendors Improve Their Security Jerome Radcliffe, Mocana
28 New Technologies Fuel Growth in the U.S. Patient Monitoring Market Dr. Kamran Zamanian and Sara Whitmore, iData Research
32 What Medical Device Companies Need to Know about Intellectual Property Jarom Kesler and Irfan Lateef, Knobbe Martens Olson & Bear
36 Amendment 1 to IEC 60601-1:2005 on Safety and Performance Published Charles Sidebottom, IEC/SC 62A
38 How Wireless Technologies Impact the Future Development of Healthcare John Koon
42 Interview with Doug Busch of Intel-GE Care Innovations John Koon
M
edical Electronic Device Solutions (MEDS) uncovers how embedded technology will bring the biggest breakthroughs in electronic medical device design. Whether large or small—MEDS is the most influential source of information for engineers, designers and integrators developing the newest generation of complex and connected medical devices. MEDS is currently a supplement of RTC magazine, distributed in print to 18,000 engineers, and electronically to 12,000 in the embedded computing market. Learn more about MEDS at www.medsmag.com.
SPONSORS ACCES I/O Products..............................22 Advanced Micro Devices................43 Axiomtek..................................................................34 congatec.....................................................................11 Continua Health Alliance................15 Digia................................................................................. 30 Express Manufacturing, Inc.......44 Freescale Semiconductor............ 17 Green Hills Software................................5 Health 2.0 2012..................................................31 Medical Development Group.....26 Medical Devices Summit Midwest.....................................................................35 MEPTEC...................................................................... 30 Microsoft Windows Embedded Evolve 2012.............................................................13 One Stop Systems...................................21 PowerGate LLC................................................ 9 RTECC............................................................................37 Sterling Medical Devices.....................7 STMicroelectronics..................................23 Trenton Systems.......................................27 UL............................................................................................2
digital subscriptions available
www.medsmag.com
August 2012 MEDS Magazine
3
GET MORE MEDS MEDS publishes articles, interviews, product news and other relevant MEDS related information in print and online. Medical electronic device-specific article topics come from contributed articles written by industry leaders and the MEDS publisher and editorial staff. Interviews are conducted based on the relevancy of the organization’s products in the medical industry. We have interviewed many companies, such as Continua, AAMI, Intel-GE Care Innovations and others, to find more in-depth information about their innovative products for the medical device industry. Additionally, MEDS online publishes conference reports, company press releases and product news to keep our readers informed. While the print version of MEDS is a quarterly publication, the online version is updated regularly. The following contents are online only articles/interviews: MEDS Interviews:
• Mary Logan, President of the Association of Advancement of Medical Instrumentation (AAMI) • Chuck Parker, Executive Director of Continua Health Alliance • Doug Busch of Intel-GE Care Innovations • Ed Hill, Director of Medical for Intel’s Embedded and Communications Group on Medical Vision
MEDS MEDICAL ELECTRONIC DEVICE SOLUTIONS
PRESIDENT
John Reardon, johnr@rtcgroup.com
PUBLISHER
John Koon, johnk@rtcgroup.com
EDITORIAL EDITOR-IN-CHIEF Tom Williams, tomw@rtcgroup.com MANAGING EDITOR/ASSOCIATE PUBLISHER Sandra Sillion, sandras@rtcgroup.com COPY EDITOR Rochelle Cohn
ART/PRODUCTION ART DIRECTOR Kirsten Wyatt, kirstenw@rtcgroup.com GRAPHIC DESIGNER Michael Farina, michaelf@rtcgroup.com WEB DEVELOPER Justin Herter, justinh@rtcgroup.com
ADVERTISING/WEB ADVERTISING VP OF MARKETING Aaron Foellmi, aaronf@rtcgroup.com MEDS SALES ACCOUNT MANAGER Jasmine Formanek, jasminef@rtcgroup.com (949) 226-2004
BILLING
Cindy Muir, cmuir@rtcgroup.com (949) 226-2021
Press Releases:
• July 2012: DocCom secures contract with Guy’s and St Thomas’ NHS Foundation Trust to transform the delivery of critical safety information to frontline clinicians. • June 2012: DocCom secures contract with Guy’s and St Thomas’ NHS Foundation Trust to transform the delivery of critical safety information to frontline clinicians. • May 2012: Nokia Sensing X CHALLENGE – Searching the World for the Most Powerful Digital Health Sensors to Transform the Healthcare Industry • January 2012: Nokia Sensing X CHALLENGE – Searching the World for the Most Powerful Digital Health Sensors to Transform the Healthcare Industry • May 2012: Isansys Introduces the Patient Status Engine • April 2012: Continua’s 2012 Design Guidelines currently in testing • January 2012: Robotic Surgery with One Small Incision, U.S. First
4
MEDS Magazine August 2012
To Contact the RTC Group and MEDS Magazine: HOME OFFICE The RTC Group, 905 Calle Amanecer, Suite 250, San Clemente, CA 92673 Phone: (949) 226-2000 Fax: (949) 226-2050, www.rtcgroup.com EDITORIAL OFFICE Tom Williams, Editor-in-Chief 1669 Nelson Road, No. 2, Scotts Valley, CA 95066 Phone: (831) 335-1509
Published by The RTC Group Copyright 2012. The RTC Group. Printed in the United States. All rights reserved. All related graphics are trademarks of The RTC Group. All other brand and product names are the property of their holders.
SAFE RELIABLE SECURE
TRU S T ED S O F TWA RE FO R ME D I C AL E L E C TRO NI CS For 30 years the world’s leading medical companies have trusted Green Hills Software’s secure and reliable high performance software for life-critical and safety-critical applications. From infusion pumps and defibrillators to ventilators and anaesthesia systems, Green Hills Software has been delivering proven and secure underpinning technology. To find out how the world’s most secure and reliable operating system and software can take the risk out of your medical project, visit www.ghs.com/s4m
Copyright © 2012 Green Hills Software. Green Hills Software and the Green Hills logo are registered trademarks of Green Hills Software. All other product names are trademarks of their respective holders.
UP FRONT EDITORIAL
Telemedicine: Big Potential if Done Right
W
Tom Williams Editor-in-Chief
6
MEDS Magazine August 2012
ireless connectivity for medical devices is, of course, now all the rage, and its potential is enormous. Still, from where I sit, the application of connectivity fits into a number of fairly distinct scenarios. One is the hospital, where it eliminates the use of wires to connect to the hospital network, increasing convenience and mobility. In this arena, patient monitoring is moving from the critical to use in less acute wards, thus expanding the use of connected devices to the advantage of patients, doctors and administrators all around. It is, however, the expansion of wireless connectivity beyond the hospital environment where things get both interesting and a bit tangled in terms of concept. This is the realm broadly termed “telemedicine.” One vision of telemedicine centers around what has been called the “body gateway,” which involves a worn wireless device that collects the data from other sensors also worn on the body such as ECG sensors, oximeters and the like. There are a number of designs for making the wearing of such devices convenient for the patient, including such things as body corsets. One of the big hurdles, however, seems to be actually getting the patient to wear such things in their daily lives, presuming they are not homebound and can get around well enough to lead a normal existence. They really don’t want to wear such things both for reasons of comfort and due to a sense of social stigma—which is short for appearing weird. For these reasons, such body gateway apparatus appears to be limited to situations where the choice is either confinement to the home or facility, the risk of a sudden attack or putting up with the inconvenience and social discomfort. One alternative is a dedicated sensor that is both unobtrusive and/or looks like something normal like a watch. One such device from SmartMonitor looks and acts like a watch (you can tell time with it), but also is able to detect seizures and send alerts via the 4G network by way of a phone carried by the patient. An alternative scenario is one where the patient can live at home, live a relatively normal life, and be responsible for supplying data on a daily basis to the caregiver. This usually involves the same kind of devices, which need not be ultra-compact, but which are used in the home and are wirelessly connected to a PC or a gateway connected to the Internet. Here, the patient periodically applies the device to get a reading, which is transmitted to the care center. Of course, this approach will not work for an emergency condition such as a heart attack or a seizure. If the center fails to receive data from a patient at the expected time, appropriate action can then be taken, either by phone or by a visit if needed. Still, there is a whole different concept that makes up one of the larger areas of telemedicine. One of the most frequent words bandied about at the recent American Telemedicine Association conference in San Jose was “rural.” Here the idea is to expand the reach of medical expertise into geographically less accessible places, for example, from small Midwest farming communities to the deepest jungles. A patient who would otherwise have to drive 150 miles to a medical center for an appointment can go to a regional center. That center has technology consisting of a high-speed gateway that includes high-definition video along with all the devices that might be used in the home plus a number of other capabilities that can be managed by a sufficiently trained technician. These could include otoscopes that can send HD images of ear canals—often with attachments for other orifices—, cameras that can scan wounds or the surface of the skin in HD, and in some cases can even take HD images of microscope slides for pathology evaluation. This and more. These gateway centers can come in the form of carts with a nice big HD video display, or in the form of compact, portable systems equipped with 4G cellular and even satellite communication capabilities. The combination of sophisticated medical sensing, HD video and sufficient technician skill to competently utilize these systems has enormous potential for not only extending specialized medical expertise to areas where it would have been virtually unavailable, but also for greatly reducing the costs to both patient and provider. To be really successful, of course, this latter model of telemedicine will depend on the evolution of a wellcoordinated infrastructure consisting of properly located, staffed and equipped regional centers along with a large and sufficiently varied mix of general practitioners, specialists and trained technicians. The technical foundation already exists; the financial incentives are definitely present. It is a very good bet that we can expect to see the professional aspect of this ecosystem rapidly evolve like a species proliferating in a new and favorable habitat.
Experience Matters Since 1998, Sterling Medical Devices has specialized in the development and testing of medical devices — from design and prototyping to commercially ready software and hardware. With over 300 medical device projects under our belt, our engineers bring clarity to a wide range of software and hardware environments, issues, and solutions. Our full-service development process delivers quality products while controlling costs, reducing risk, and staying on schedule. Our ISO 13485-registered quality system will facilitate your FDA and EU approvals. Contact Sterling today. Because experience matters.
17 Legion Place, Rochelle Park, NJ 07662 (201) 227-7569 x2 | www.sterlingmedicaldevices.com
UP FRONT PUBLISHER’S LETTER
The Challenge of Interoperability – With or Without Wire
R
JOHN KOON Publisher
Figure 2
Figure 3
8
MEDS Magazine August 2012
ecently I came across a product that helps diabetics monitor their blood glucose level. It is more than a simple glucose meter you can buy off the shelf from a drug store. The device actually communicates with distant loved ones or caregivers who need to know the information. The Telcare BGM device, introduced in February 2012, is a cellular-based smart glucose meter that displays the data with time tags and simultaneously transmits it. Moreover, the caregiver can provide feedback and/or instructions, if necessary, to the user. This allows the family members to know the condition of the user at all times. SSL encryption is used to add security to the two-way communication (Figure 1). Another device, called the ViSi Mobile and developed by Sotera Wireless, is a small wearable device about 1 x 2 x 3.5 inches with a color display. Figure 1 It will be able to monitor the vital signs of a patient on a continual basis. The readings of blood pressure, heart rate/ECG, blood oxygen saturation (SpO2), respiratory rate and skin temperature are displayed on the unit and transmitted via Wi-Fi, using WPA2 encryption, to a remote Windows- XP or Windows 7 device (Figures 2 and 3). Both products have received FDA clearance and are very unique and useful. In the first case, the patient communicates with the remote users via cellular signals to a similar device or to a smartphone with a downloadable app. In the latter case, the data is read from the display or remotely from a Windows-based tablet or device using Windows XP or Windows 7 via Wi-Fi. In the last 12 months alone, I have seen a lot of medical devices coming out with their own unique way of connection. I could not help but wonder if ten years from now the caregivers working in an institution such as a clinic or hospital will be using one standard platform to communicate with hundreds of available medical devices. Or will it be like the fragmented mobile phone market? Once I owned a phone supplied by T-Mobile. When I decided to switch over to another carrier, Verizon, they told me the phone I had would not work with the Verizon network. “But it is a perfectly functional phone,” I protested. “Why don’t you just change the SIM card?” “Sorry, I cannot help you!” was the response. I had to buy a new phone. Do you remember USB 1.1? It went through many Plugfest tests and “blue screens” (indicating a system crash) before USB finally worked flawlessly thanks to the success of Windows XP. Today, we don’t have a single Windows solution in the medical market. We have many platforms: Windows (desktops, notebooks, tablets, smartphones), Apple (iPhone, iPad), Google (Android phone and tablets) and many proprietary ones. We not only have the computers to wrestle with, but we also have many Class II devices, smartphones, tablets, desktops, point of care units and custom controllers; each with its own operating system and silicon. Some support Wi-Fi, others 3G/4G. Some gateway units that connect the Class II medical devices with the outside world may communicate with the devices via Bluetooth, ZigBee, Ant+ and other RF protocols. I think by now you can envision a far more complicated “network” than what the computers had to deal with. Look at the ecosystem in a different way. Wireless healthcare is an attempt to move massive personal medical data around via the Internet, wireless 4G or any network connection. The challenge of connecting many devices together is faced by the device manufacturers, hospital institutions and the users. Simply put, both the sending and the receiving ends of these medical devices want to access the useful medical information securely and reliably when it is needed. I imagine that to achieve this we need to have an ecosystem with its massive devices interchangeable with each other. Recently I visited an organization called the Medical Device “Plug-and-Play” (MD PnP), a non-profit organization based in Cambridge, MA. Their mission, as the name suggested, is to take on the challenge of helping the ecosystem to solve the interoperability problem. This is indeed a noble call. We need this interoperability…the sooner the better.
LEADING EDGE, COST-EFFECTIVE POWER SOLUTIONS
Medical Power Supplies just Got a Lot Smaller! y 150-600 Watt Products y Industry’s Smallest Footprints y UL60601 3rd Edition Approvals y Highest Efficiencies y Cost-Effective and In-Stock
150 Watts
4.00 x 2.00 x 1.28”
x Green Power / Efficiency Level V x High Efficiency Operation up to 91% x 12V @ 200mA Aux Output x 12/15/18/24/28/36/48 VDC Single Outputs x Details: powergatellc.com/med150
350 Watts
6.50 x 4.00 x 1.51”
x High Efficiency Up to 93% x Remote Sense & ON/OFF Control x +5VSB @ 300mA Stand-by x 12V @ 300mA Aux Fan output x 5/12/24/48VDC Single Outputs x Details: powergatellc.com/med350
300 Watts
x Green Power / Efficiency Level V x High Efficiency Operation up to 90% x 12V Aux @ 150mA Output x Remote Sense Compensation x 12/15/18/24/28/36/48 Single Outputs x Details: powergatellc.com/med300
400 Watts
|
7.00 x 4.00 x 1.5”
Southwest Region 2102 Business Center Dr. Suite 203A Irvine, CA 92612
www.powergatellc.com
300 Watts
5.00 x 3.30 x 2.08”
x Green Power / Efficiency Level V x High Efficiency Operation up to 90% x Integral DC Fan - Top Mount x Remote Sense Compensation x 12/15/18/24/28/36/48 Single Outputs x Details: powergatellc.com/med300c
x U Channel or Fan/Cover assembly x Operating Efficiency up to 92% x 5VSB @ 100mA Stand-by x DC OK and Inhibit Functions x 12/15/18/24/28/36/48 Single Outputs x Details: powergatellc.com/med400
Western/Midwest Region Corporate Headquarters 2390 Owen Street Santa Clara, CA 95054
(866) 588-1750
5.00 x 3.00 x 1.28”
600 Watts
5.06 x 3.02 x 1.61”
x Highest Power Density of 25/in3 x High Efficiencies approaching 90% x I2C & Analog Status & Control x Remote Voltage & Current Programming x Up to 8 Configurable Outputs (2.5~48 VDC) x Details: powergatellc.com/med600 Eastern Region 1900 West Park Drive Suite 280 Westborough, MA 01581
|
sales@powergatellc.com
FOCUS
NEWS & PRODUCTS
A COLLECTION OF WHAT'S NEW, WHAT'S NOW AND WHAT'S NEXT California Telehealth Bill Signed into Law California Governor Jerry Brown has signed AB 415, giving California even more of a leadership role in the area of telehealth technology. The new law, named the Telehealth Advancement Act of 2011, will make specialty healthcare more accessible to those in need, and is projected to save costs to the state. This news was welcomed by providers, as well, who are thinking of adding telehealth services to their practices. With Americans demanding easier access to health care with lower costs, the Telehealth Advancement Act is seen as providing one solution toward that goal by decreasing regulations and changing definitions so they match the technology available today. With the state taking the lead, it is more likely that broader coverage for telehealth will follow through private insurance companies. Telehealth software solutions, like those offered by California LiveVisit, are now in great demand. Patients typically have the necessary computer equipment at home for these sessions, even in rural areas. They are already wearing monitors and seeing specialists via telehealth technology. So there is no better time than now to add video conference consultations to both group and private practices. Among other things, AB 415 will replace the outdated legal terminology of “telemedicine” with “telehealth,” update the definition of telehealth to reflect the broader range of services in use today, and apply the definition to all licensed health professionals. It will change the need for an additional written patient consent specifically for telehealth services to a verbal consent, and remove the Medi-Cal rule requiring documentation of a barrier to an in-person visit before a beneficiary can receive telehealth services. In addition, the new law will eliminate restrictions on reimbursement of services provided via email or telephone as well as eliminate restrictions on the physical location, such as doctors’ offices or hospitals, where telehealth services may be provided. And it will allow California hospitals to use new federal rules to more easily establish medical credentials of telehealth providers. AB 415 does not replace the health care provider with technology. Rather, it preserves and enhances the provider-patient relationship, and enables healthcare professionals to make use of available technology to better serve their patients. Health plans/ insurers and providers retain the ability to make decisions regarding appropriate utilization controls and procedures.
Custom Medical Extrusion Plant Opens in Ireland Kelpac Medical, a leading manufacturer of medical device tubing and packaging, announced the opening of a new custom medical extrusion plant in Tullamore, Ireland. The new facility location provides regional logistics efficiencies to medical device manufacturers in Ireland and throughout Europe. This expands Kelpac Medical’s global footprint to seven locations worldwide. The 35,000 sq. ft. (3,521 sq. m.) Tullamore facility features an ISO 9001:2008-compliant Class 8 (100,000) clean room and state-of-the-art extrusion lines along with inhouse tooling and equipment design. It includes an in-house laboratory for on-premise testing plus product and process R&D capabilities. The plant has implemented a 100% on-line inspection system with off-line automated optical measurement, among other facility features. “As a global partner to leading medical device companies throughout the world, Kelpac Medical recognizes the value of local supply solutions to our customers,” said Matt Brejcha, account manager for Europe. “Our new facility in Ireland provides local manufacturing capabilities, customer support and inventory management services that lower overall cost of ownership and increase speed to market.”
10
MEDS Magazine August 2012
BIO-key and Medflow Partner for Authentication in Ophthalmology Practices BIO-key International has announced the launch of its twenty-seventh integration of TruStaf fingerprint biometric login for secure access to Medflow Electronic Health Records. The partnership with Medflow expands the BIO-key footprint in the healthcare industry. BIO-key technology is implemented within leading hospitals, blood centers, transfusion facilities and now eye care practices. To date, BIO-key and Medflow have deployed solutions for Canton Ophthalmology, East Michigan Eye Center, Charles Retina Institute, Eye Centers of Texas, Nashua Eye Center, Ophthalmology Consultants of Ft. Worth, Providence Eye Center, Southwestern PA Eye Center, American Optical, Central Plaines Eye Center, Delaware Eye Center, Del Negro & Senft Eye Center, Florida Eye Center, Inland Eye Specialists, University Ophthalmology and others. “As we all know CMS and HIPAA require strong password identification, which has a significant impact on a clinic’s busy workflow. The BIO-key solution eliminates that overhead and makes it simple to identify yourself. Our clients love how easy it is to switch from one user to the other using BIO-key,” said Jim Riggi, president and CEO of Medflow, Inc. Medflow is installed in over 450 practices nationwide and is being used by 2,000 plus eye care physicians daily to record over 70,000 patient visits a day. Medflow’s training process is designed to get users proficient within days, and as a result the company has the highest rate of successful implementation in the industry. Its users were the first to receive payments for Meaningful Use, further testament to the deep understanding of the inner workings within eye care practices.
Does beating your competition to market matter? We think so! Get your medical product to market quicker with congatec’s conga-TS77. congatec...we are Computer-On-Modules.
conga-TS77 3rd Generation Intel® Core™ processor-based platform COM Express® Type 6 Module with PCI Express®, SATA, USB, 3x HDMI / DisplayPort Improved Graphics Performance, DirectX®11
FOCUS
NEWS & PRODUCTS
A COLLECTION OF WHAT'S NEW, WHAT'S NOW AND WHAT'S NEXT GE Microsoft Joint Venture for Health Management With a leadership team in place and a set of goals alongside, Caradigm is ready to take its first steps toward the change it was created to drive. The General Electric/Microsoft 50-50 joint venture, first announced on Dec. 7, 2011, has now become official, with regulatory approvals having come in from the first round of countries in which the company will operate. Caradigm is aimed at enabling health systems and professionals to use real-time, organization-wide intelligence to enhance healthcare quality and the patient experience. The new company will develop and market an open healthcare intelligence platform and collaborative clinical applications focused on enabling better population health management to help improve outcomes and the economics of health and wellness. The Caradigm board of directors and leadership team, announced in February, is composed of executives from both parent companies and other healthcare information technology companies. “The combination of people and technology from GE Healthcare and Microsoft will allow us to drive the dramatic change that is needed in healthcare,” Chief Executive Officer Michael Simpson said in the announcement. “By forming Caradigm, we can offer innovative healthcare solutions including an open platform and tools that enable software developers around the world to address the complexities of population health today. Caradigm will be located at City Center Bellevue in Bellevue, WA, with significant presence in Salt Lake City, UT and other cities around the world.
12
MEDS Magazine August 2012
Dell’s Unified Clinical Archive Cloud to Power Aperio ePathology Network Aperio, a provider of digital pathology systems, announced a strategic collaboration with Dell to create the world’s first scalable, secure medical cloud network for pathology. Through its secure cloud-based Unified Clinical Archive solution, Dell manages nearly 5 billion medical images and studies for healthcare organizations. And now, Dell will host the existing suite of Aperio’s industry-leading solutions for digital pathology. Fortified by Dell’s standards-based technology and storage capabilities, Aperio’s ePathology Network solution will provide secure, compliant, worldwide access to pathology consultations via the cloud.
Telemedicine Portable Case Station Takes Exams into the Field A lightweight carry-on case enables a provider to examine patients outside a clinic or doctor’s office and teleconference with a remote physician via wireless, 3G/4G, Ethernet or SAT phone connection. The Transportable Examination Station (TES) from GlobalMed recognizes the need for mobility to take healthcare beyond the static installation. GlobalMed has miniaturized a telemedicine cart into a lightweight, interactive and fully mobile examination device that fits into an impact-, dust- and weather-resistant rolling case. TES is an integrated platform for telemedicine, utilizing a tablet PC, speaker, microphone and an array of cameras and peripherals that enable a remote clinician to deliver quality healthcare. A main control panel makes it easy for the mobile provider to quickly set up TES and connect with distant healthcare practitioners via the Internet. TES applications include: Remote Healthcare, First Responders, Emergency Services, Tactical Field Operations, Command Posts, Construction Sites, Home Health, Wound Care and Field Research & Education. Included is a TotalExam 2 Examination Camera, which is a video camera that has the size and feel of a dry erase marker and includes three manual focus settings to allow macro to wide angle focus. The CapSure Store-and-Forward Image Automation is for general exam, dermatology, triage & trauma, pathology, physical abuse, first responders and all other areas where saving and annotating on visible light images is needed. Also included is a USB Video Otoscope with internal light and video source along with an electronic Stethoscope, a real-time, digital electronic stethoscope. TES is centered around an HP Elitebook 2760p Tablet PC running Windows 7 Professional. This PC is designed to meet tough military standards (MIL STD-810G)1 for vibration, dust, humidity, altitude and high temperature. The display is a 12.1-inch diagonal LED-backlit WXGA UWVA anti-glare, multi-touch (1280 x 800). Memory DDR3 SDRAM, 1333 MHz, two slots supporting dual Wireless Support is with an Intel Centrino 802.11a/b/g/n, HP Integrated Module with Bluetooth v2.1 plus EDR Wireless Technology. GlobalMed Telemedicne, Scottsdale, AZ. (480) 922-0044. [www.globalmed.com].
Microsoft to Introduce Intelligent System Strategy With Windows Embedded 8 YOU ARE INVITED: 34 CITIES ONE POWERFUL TECHNOLOGY AMERICAS
Mountain View, CA - Nov. 1 Redmond, WA - Nov. 6 Irvine, CA - Nov. 8 Denver, CO - Nov. 13 Chicago, IL - Nov. 27 Columbus, OH - Nov. 29 Philadelphia, PA - Dec. 4 Manhattan, NY - Dec. 6 Dallas, TX - Dec. 11 Boston, MA - Dec. 13 Atlanta, GA - Jan. 29 Melbourne, FL - Jan. 31 Montreal, QC - Feb. 5 Toronto, ON - Feb. 7
ASIA & JAPAN
Tokyo, Japan - Nov. 16 Osaka, Japan - Nov. 20 Shenzhen, China - Nov. 22 Shanghai, China - Nov. 27 Beijing, China - Nov. 29 Taipei, Taiwan - Dec. 4 Seoul, Korea - Dec. 6 Mumbai, India - Dec. 11 Bangalore, India - Dec. 13
EMEA
Paris, France - Nov. 6 Moscow, Russia - Nov. 8 Stockholm, Sweden - Nov. 13 Milan, Italy - Nov. 20 Lyon, France - Nov. 22 Nuremberg, Germany - Nov. 27 Madrid, Spain - Nov. 29 Tel Aviv, Israel - Dec. 18 London, United Kingdom - Jan. 17 Munich, Germany - Jan. 22 Cologne, Germany - Jan. 24 *Dates and locations are subject to change
evolve2012tour.com
Windows Embedded Summit What Is It? A half-day technical brieďƒžng highlighting the Microsoft intelligent system strategy and how engineers and technology leaders can leverage existing WES7 and upcoming WES8 technology to increase embedded OEM business more effectively. Who Is Invited? Business leaders and technology decisionmakers will be invited to join Microsoft and key partners at over 30 global locations. Questions Answered: How can existing WES7 enabled design gain from new features and advances? What game-changing technology does WES8 bring to embedded design? How to best select an embedded software platform for next generation intelligent systems?
FOCUS
NEWS & PRODUCTS
A COLLECTION OF WHAT'S NEW, WHAT'S NOW AND WHAT'S NEXT Early Skin Cancer Detection with Mobile and Stationary Digital Dermoscopy
HD Exam Camera Gives Clarity to Remote Consults
A new development in early skin cancer detection is the connection of a mobile dermatoscope for the iPhone with an online web space where doctors can request a second opinion on suspicious moles. Digital dermoscopy is the best technology to detect melanoma at an early stage. Handyscope, the digital handheld dermatoscope for mobile skin cancer examinations from FotoFinder Systems, enables doctors to capture and save microscopic pictures of moles using their iPhone, the Handyscope device and the corresponding app. Handyscope gives a magnified, polarized view of the skin, combining skin surface microscopy with mobility and communication technology. Unlike conventional handheld dermatoscopes, doctors can keep a comfortable distance during the skin check and evaluate moles on screen. Now, the new online-platform “Hub” allows doctors to upload Handyscope pictures to their private web space in the cloud-like web database via a secured connection, to store them and request a rating from international skin cancer experts. Photos of suspicious moles can be immediately sent to the expert team for second opinion. This opens up new possibilities for teledermatology: even patients without access to specialists can get the best diagnostic quality in case of skin cancer suspicion. They can benefit from their doctor’s network and count on an accurate and fast diagnosis. Thanks to the early skin cancer detection, the chance of healing can be improved substantially. Doctors who work in a practice or mole clinic use stationary mole mapping systems to monitor moles with video documentation. These special systems allow the digital documentation of moles over time. Overview and microscopic images of each lesion are saved in a database along with the localization and additional information. First, a digital mole catalog of the patient’s skin is made with the help of a Full HD-video camera. The overview pictures serve as mole maps. Then the doctor decides which moles have to be observed microscopically and checked regularly with a digital dermatoscope—a special video camera for epiluminescence microscopy. An additional analysis of suspicious lesions gives an instant second opinion with malignancy score. Regular follow-up exams show change or growth of every single mole. Even slight differences are visible with this technology. The continuous check gives patients more safety and avoids unnecessary excisions of harmless moles. FotoFinder Systems, Bad Birnbach, Germany. +49 8563 97720-0. [www.fotofinder.de/en].
Weighing in at just four ounces, the TotalExam HD from GlobalMed is a true HD video examination camera for use in telemedicine. It offers video technologies that until now were only available to professional studios and HD television stations. The TotalExam HD exam camera was built from the ground up to meet the needs of clinicians in telemedicine. It is faster and easier to acquire the best freeze frame images because the camera’s count back frame analysis automatically selects the clearest view among 17 frames. Still images obtained from the camera’s superior resolution are six-times the clarity of standard definition cameras, making features crystal clear upon enlargement. All the camera’s function buttons are located on top, making image acquisition and adjustment a simple one-handed operation. A patent-pending variable polarizing derm hood reduces the glare from light reflected off skin during dermatology examinations. The skin images obtained are more true-to-life. In addition, the integrated auto-focus takes the guesswork out of capturing the clearest images and, when desired, can be turned off. It provides superior color and clarity to more accurately assess a patient, and thus the physician on the receiving end of a consult can see clearer images for more nuanced recommendations. Color and clarity is further enhanced with the camera’s on¬board 8-LED light carousel. The TotalExam HD has two independent HD outputs. Each output can be set to 1080p, running at 30 or 60 Hz, or at 720p, at 30 or 60 Hz. The dual outputs provide the user with the flexibility to view the crystal clear images at the same time on different monitors in different formats. The two camera outputs can be connected to both a video hardware codec that can support 720p-30 and to a professional video capture card running 1080p60. GlobalMed’s CapSure 2.0 software can then be used to draw, annotate, date stamp and save gathered HD images for later review and/or consult. GlobalMed Telemedicine, Scottsdale, AZ. (480) 922-0044. [www.globalmed.com].
14
MEDS Magazine August 2012
Imagine How Device Connectivity Could Improve Real-Time Care Better Data, Better Care Continua Health Alliance is an international not-for-profit industry organization of healthcare and technology companies working together to enable comprehensive plug-and-play connectivity of devices and service solutions used in personal health and healthcare delivery. We are fueling a revolution of personal connected health to facilitate better care, empower consumers and connect healthcare providers to their patients.
To learn more about Continua Health Alliance go to: www.continuaalliance.org
FOCUS
NEWS & PRODUCTS
A COLLECTION OF WHAT'S NEW, WHAT'S NOW AND WHAT'S NEXT Motion Monitor Disguised as a Watch Can Remotely Alert to Epileptic Seizures An easy-to-use, portable movement monitor specifically designed to detect and send alerts of epileptic seizures is dubbed the SmartWatch from SmartMonitor. While it does also tell time and is worn on the wrist, the SmartWatch can analyze movements and send wireless alerts when it detects excessive repetitive movement. The look and feel of the device makes it easier for patients to wear constantly and in public and avoid embarrassment. SmartWatch works in conjunction with an Android smartphone. The manufacturer recommends the Nexus S 4G. The SmartWatch user needs to carry one of these phones with them or have it within a 3-5 foot range. When the SmartWatch detects movement outside a normal spectrum it wirelessly signals the smartphone within seconds, which in turn alerts caregivers. It can simultaneously alert multiple devices. The SmartWatch has the ability to track and record movement patterns plus the time and duration of any unusual occurrences. Users can securely access their private information and archived reports for later review. This information can be used to adjust patient medication and establish a record that can reveal trends in seizure patterns over time. SmartMonitor, San Jose, CA. (408) 754-1695. [www.smart-monitor.com].
16
MEDS Magazine August 2012
Digital Scope System Captures HD Images for Multiple Disciplines A multi-discipline HD imaging system is designed for capturing images of the human body for telemedicine applications. The Multi integrated imaging System (MiiS) is an easy-to-use, handheld imaging system designed for a wide range of medical disciplines including but not limited to ENT, ophthalmology (general and fundus viewing), dermatology, general exam, women’s health and audiology. This new system, which is designed specifically for telemedicine, is a handheld video system used for capturing images of the body. It utilizes interchangeable attachments making it suitable for multidiscipline medical applications. Attachments for ear, nose and throat; dermatology; ophthalmology; audiology; women’s health; and general examinations are just a few of the potentials of the system. The HORUS System incorporates High Definition (1080p) camera technology and offers multiple video output options for connections to your codec. Still images and videos can also be captured with just the touch of a button and transferred seamlessly to a laptop or PC for store and forward applications. Each specialty attachment can be quickly and easily changed just by twisting the optic and removing it from the scope handle. This unique feature allows you to have just one system with multiple uses. Conveniently located controls make the system extremely user friendly. Most functions can be controlled with just your thumb. Illumination is provided by powerful integrated LEDs while the 1080p High Definition images are captured and displayed on the full color LCD display. JEDMED, St. Louis, MO. (314) 845-3770. [www.jedmed.com].
Handheld 3D Imaging System for Medical Applications A handheld 3D imaging system for use in medical applications has been developed to meet the need for the accurate measurement and clinical characterization of hard-to-heal wounds such as diabetic and pressure ulcers. The Eykona Wound Measurement System, created by Eykona Technologies, provides clinicians with an objective and repeatable measure of the volume of wounds, allowing comparison and monitoring of the healing process. Existing techniques estimate the volume of wounds—the change of which is an important indicator of the healing process—by multiplying an area estimate with a depth measurement obtained from a probe. This method is both inaccurate and difficult to replicate. Eykona used patented technology, based on research at the University of Oxford, to develop a handheld imaging system that produces a full color 3D model of a wound that can be stored in the patient’s treatment record and shared to enable remote assessment. Eykona Technologies, Oxford, UK. +44 (0) 1865 784 789. [www.eykona.com].
make it
LIBERATING Freeing people to live a fuller, healthier life is inspiring the next generation of home medical devices, displays and connectivity technology. In-home diagnostics and therapy devices, remote monitoring and telehealth empower patients and enable better access to health care. Improved access to medical records and more efficient health care team collaboration help optimize patient outcomes. It all translates to better health care for everyone. And we’re here to help you make it happen. A safer, healthier, more connected world. Let’s make it. Learn more at freescale.com/make-it-liberating
Free Fr ee esc sca alle an a and d tth he Fr Free eesc ee scal calle lo ogo o are e tra rade ad de ema ark rks of of Fre ees e ca c le le Semic emicco on nduct duc orr, In du Incc., R Re eg. g U.S. Pa Pat. at & Tm. Off. © 2011 Freescale Semiconductor, Inc.
PULSE
Ten Truths about Building Safe Software for Medical Devices Obtaining premarket approval for a medical device is arduous. Manufacturers must look beyond the strictly technical challenges and focus on the needed environment and culture. They must consider ten fundamental truths—truths that we must tell and truths that we must face—about building and gaining approval for medical devices. by Yi Zheng and Chris Hobbs, QNX Software Systems
T
he first truth applies most broadly. Without a company-wide safety culture, it is unlikely that a safe medical product can be built. A safety culture is not only a culture in which engineers are permitted to raise questions related to safety, but a culture in which they are encouraged to think of each decision in that light. A programmer might think, “I could code this message exchange using technique A or B, and I am not sure how to balance the better performance of A against the higher dependability of B,” and know with whom that decision should be discussed. The culture that encourages the programmer even to consider the question must be nurtured.
Truth 2: Experts Safe systems must be simple. And creating a simple system is the hardest challenge for any engineer. For this we need experts. It takes specialized training and
18
MEDS Magazine August 2012
experience to define what a safe system must do and to verify that it meets its safety requirements. Ultimately, it is the relevant experts—domain experts, system architects, software designers, process specialists, programmers, verification specialists, among others—who determine the requirements, select appropriate design patterns and build and validate the system. Such expertise is expensive because it must be based on experience rather than training: few university undergraduate courses in computer engineering cover embedded software development, and even fewer teach the elements of creating embedded systems with sufficient dependability. No system is absolutely dependable, and so we must understand what our system needs in order to be sufficiently dependable. Accepting sufficient dependability reduces development cost and gives us the measures against which we can validate our safety claims. Without an understanding
of what dependability is sufficient, we are likely to produce a system that is complex, and hence fault-ridden and prone to failure. Software design patterns and techniques have moved significantly since the mid1990s, but many designers have not been exposed to these changes. Figures 1 and 2 show graphical illustrations of some of the newer development tools and methods.
Truth 3: Processes Good processes are a measurable proxy for something that is currently largely unmeasurable. It is relatively easy to measure whether a process has been followed; it is much more difficult to assess whether good quality design and code are being produced. While no one claims that a good process guarantees good product, it is generally recognized that good product is unlikely to result from a poor process. The medical device software standard IEC 62304 is about processes, and without good processes we will never be able to demonstrate that the system meets its safety requirements. IEC 62304 sets out the processes required in developing a medical device, not because these guarantee the production of a safe product, but because they provide the environment within which development parameters can be assessed. For example, having a good test process allows statistical claims to be made about test coverage. Without the process, this would be impossible. In addition, they provide the structure within which the chain of evidence in the safety case is pre-
PULSE
served. Retrospectively producing a safety case is possible but expensive and would almost certainly require the re-generation of evidence that existed during the project development but which was not preserved.
Truth 4: Making Claims Explicit Safety claims must explicitly state dependability levels, and the limits within which these levels are claimed.The FDA has recognized that “indirect process data showing that design and production practices are sound” is not adequate to demonstrate that software is safe, and that “device assurance practices […] focused on demonstrating product-specific device safety” are also required. This demonstration is included in a safety case and reflects the observation above that the purpose of a high-quality process is not to guarantee a high-quality product but to provide the environment within which evidence can be assessed. Every safety case has at its heart claims of this sort: “This system will do A with level of dependability B under conditions C and, if it is unable to do A, it will move to its design safe state with probability P.” This claim with its attendant caveats are laid out in the system’s Safety Manual so that they can be incorporated into the safety case of a higher-level system. A system’s dependability is its ability to respond correctly to events in a timely manner, for as long as required: a combination of availability—how often it responds to requests in a timely manner—and reliability—how often these responses are correct. The safety case states the system’s dependability claims and provides the evidence that it meets these claims. The limits of the dependability claims are as important as the claims themselves. For example, a medical imaging system may be designed to meet IEC 61508 SIL3 requirements for continuous operation not exceeding 8 hours, at which time the system must be reset (rejuvenated). Since imaging sessions
log overflow (0.1%) VM PMU failure 99%) N_OR
BC Log overflow, no alarm sounding (0.0005199%) AND 100%
detected sensor ee (5e-05%) AND
100%
sucessful security er (0.02%) AND
100%
and range entered (5%)
100%
database incorrect (0.1%)
50%
FF Database Incomplete (0.5%)
100%
CC System failure (1.51475%) N_OR
CB Patient ill (20%)
CD Inappropriate range entered (14.5171%) N_OR
CE Inappropriate range accepted (1.09898%) N_OR
10%
BA Patient ill, no alarm sounding (0.30295%) AND
BB Bad range permitted (0.159539%) AND
BD External power failure, no alarm (5e-06%) AND
100%
100%
AA PMU does not meet its FSRs (0.960114%) N_OR
100%
CE Power fail or not
Figure 1 Detail from a diagram showing the probability of failure per hour for a medical monitoring device reference design. Great expertise is required to identify risks and correctly calculate probabilities of failure.
Fault Error Failure
A mistake in the code, which may or may not cause undesired behavior. Undesired behavior caused by a fault in the code. A system failure caused by an uncontained error.
Table 1 Faults, errors and failures.
are typically brief, this limit will pose no inconvenience, even for a system being used 24 hours a day.
Truth 5: System Failures No system is immune to bugs, especially Heisenbugs—mysterious bugs that “appear,” then “disappear” when we look for them. Failures will occur. Build a system that will recover or move to its design safe state. Accepting that all systems will contain faults, and that faults may lead to failures, a safe system must include multiple lines of defense (Table1). These include the isolation of safetycritical processes. It is critical to identify safetycritical components, and design so that they cannot be compromised by other components. While the ideal solution is to
identify and remove faults from the code, this is impractical. It is necessary to prevent faults from becoming errors. Beware the Heisenbug and design so that faults are caught and encapsulated before they become errors in the field. The next level is to prevent errors from becoming failures. Techniques such as replication and diversification are less suitable to software than to hardware but can still be valuable if used carefully. The final line of defense then is detection and recovery from failures. In many systems it is acceptable to move to the predefined design safe state and leave recovery to a higher-level system (such as a human). In some systems this is not practical and either recovery or restart will be needed. In general, the crash-only model followed by a August 2012 MEDS Magazine
19
PULSE
Note: noisy OR to allow for leakage (not all FSRs included). Could also be used to priotitize failures: not signaling patient ill perhaps more important than not signalling log overflow Legend
AA: PMU does not meet its FSRs
AND
BB: Bad range permitted
t ill, nding
CD: Inappropriate range entered
CB: Patient ill
cted ure
DC: Successful Security Breach
BD: External Power failure: no alarm
CE: Inappropriate range accepted
DD: Bad range entered
NOISY-OR
CF: Power Failure not detected
DE: Database incorrect
CG: External Power Failure
DF: Database incomplete
DG: Unnnn database nnnn
Covers misreading keyboard bounce, etc.
Figure 2 Detail from a system-level fault tree for a medical monitoring device. The fault tree uses a Bayesian network and can be seamlessly integrated into a safety case, if the case is also prepared using Bayesian techniques.
fast reset may be preferred to an attempt to recover in an ill-defined environment.
Truth 6: Validation Testing is designed to detect faults in the design or implementation indirectly by uncovering the errors and failures that they can cause. Testing is of primary importance in detecting and isolating Bohrbugs—solid, reproducible bugs that remain unchanged even when a debugger is applied—but is of less use when faced with Heisenbugs because the same fault manifests as different errors each time it occurs. However, to demonstrate that our system meets its safety claims, we must use testing as just one of many techniques because testing is insufficient to prove dependability. Other methods are required including formal design, statistical analysis, retrospective design validation and more. Among these, static analysis is recommended by agencies such as the FDA because it is invaluable for locating suspect code. Static analysis can include syntax checking against coding standards, fault probability estimation, correctness proofs
20
MEDS Magazine August 2012
against assertions in the code, and symbolic execution (static/dynamic hybrid). In addition, proven-in-use and prior-use data are essential for building dependability claims. The in-use hours and failures resulting from this use should be gathered throughout the product lifecycle. The larger the sample size, the greater the confidence we can place in our claims. Other techniques include fault injection. This means deliberately introducing faults that can be both test code designed to handle error detection and help estimate the number of remaining faults. As with the analysis of random tests, the results of fault injections require careful statistical analysis. Formal and semi-formal design verification are traditionally done before implementation, and design verification can also be performed retrospectively.
Truth 7: COTS and SOUP The best way to build a safe software system is usually not to build everything oneself as that will entail more risk than building a system with selected commercial off-the-shelf (COTS) components. Building OSs, communications stacks and data-
bases requires specialized knowledge, and the COTS equivalent may have the advantage of tens of millions of hours of in-use history. So it is permissible to use COTS and even software of uncertain provenance (SOUP), if these components come with sufficient evidence to support the overall system’s safety case. That said, COTS software is usually SOUP as far as the developer of the medical device is concerned, and should therefore be treated with appropriate caution. Both IEC 61508 and IEC 62304 assume that SOUP will be used. The trick is to ensure that sufficient documented evidence is available to be able to quantify the implications of the SOUP for our system, meeting its safety requirements. This evidence will include proven-inuse data, fault histories and other historical data. We should request the source code and test plans so we can scrutinize the software with static code analysis tools. The vendor should also make available the detailed processes used to build the software or a statement from an external auditor that those processes were suitable for an IEC 62304 device.
PULSE Truth 8: Certified Components and Their Vendors Components with safety certifications, such as an OS certified to IEC 61508, can speed development and validation, and facilitate approvals. If COTS is used, there is an advantage to employing components that have received relevant approvals. Agencies, such as the FDA, MHRA, Health Canada and their counterparts in
other jurisdictions, approve not the components but the entire system or device for market; nonetheless, components that have received certifications, such as IEC 61508 or IEC 62304, can streamline the approval process and reduce time-to-market. In order to receive certification, these components must be developed in an environment with appropriate processes and quality management. They must undergo the proper testing and validation, and the
COTS software vendor must provide all the necessary artifacts, which in turn support the approval case for the final device.
Truth 9: Auditors The auditors are our friends. Engage them early on. In the world of safe software development, certification auditors are our friends. They understand how we need to establish our processes to obtain the certifications, and they can help us structure our safety case. The earlier we bring the auditors in to help us, the less we’ll have to revise, and the more efficient our development cycle will be. It is particularly useful to explore the proposed structure of the safety case argument with the auditor before evidence has been added to it. If a notation such as GSN or BBN is used to express the argument, clearly separating the structure of the argument from the evidence, we can ask the auditor: “If we present the evidence for this argument, would you be satisfied?” This reduces the chances of surprise during an audit.
Truth 10: It Doesn’t End with the Product Release Our responsibility for a safe system does not end when the product is released; it continues until the last device and the last system are retired. The following numbers are a little dated but eloquent: updates to software can compromise its integrity. In a study the FDA conducted between 1992 and 1998, 242 out of 3,140 device recalls (7.7 percent) were found to be due to faulty software. Of these, 192—almost 80 percent—were caused by defects introduced during software maintenance. In other words, the faults were introduced after the devices had gone to market. Hence, the processes we use to ensure that our software meets its safety requirements must encompass the entire lifecycle of the software, including fixes and updates. QNX Software Systems Ottawa, ONT. (613) 591-0931. [www.qnx.com].
22
Untitled-18 1
MEDS Magazine August 2012
5/2/12 2:03:25 PM
PULSE
Issues with Embedded Device Disclosures: Helping Vendors Improve Their Security Device vulnerability in the medical field is often a fact of life. Dealing with it when it is discovered by third parties such as researchers can be a delicate issue, but there are ways to deal with it and minimize damage. by Jerome Radcliffe, Mocana
T
he issue of vulnerability disclosure is not new. For well over twenty years we have been discovering problems in software and networks that can cause disruptions to personal and business computer systems. We have grown in dealing with these problems and companies have a wealth of experience in the best way to handle problems associated with vulnerabilities. Now there is a new group of companies that, while well established in their primary industries, have little to no experience in dealing with vulnerabilities associated with computer systems. These companies produce devices that utilize embedded processors with unique proprietary software. These devices are used seemingly everywhere in the world around us. They control the water that flows to your house, the natural gas used in industry, deliver oil from remote areas of the world, and keep those that are ill alive, among other things. In addition to that, the marketplace
24
MEDS Magazine August 2012
is demanding more connectivity from all of their devices. Our new cars will email us when it’s time for an oil change, smart meters will contact us when there is an unexpected spike in energy usage, and our refrigerators will tweet when we are low on milk. The pressure to accommodate these demands means less testing and less time developing fully mature features. Security researchers are starting to look at these devices in a new light. The discovery of vulnerabilities in these connected devices will continue to rise at a rapid pace (Figure 1).
Current Problems with Vulnerability Disclosure The process of vulnerability disclosure is fraught with problems and difficult decisions. The debate over how much to disclose, to whom and when, will be endlessly debated. There is no single correct solution. Each vulnerability has a unique set of factors that need to be addressed when considering how to proceed. Companies also
have many different directions they can take, and each of them has advantages and consequences. Let’s look at some examples: Company A has been notified by a researcher of a vulnerability in their product. Upon notification, the legal department immediately takes over the situation and issues a strongly worded Cease and Desist letter to the researcher. They do this without consultation of the engineering group. The goal of the letter is to intimidate the researcher into not publically disclosing the information, or talking about the security of the product at all. Company B gets notified by a security researcher of a vulnerability in their product via email. They have no experience in dealing with security issues with their product and are not sure what to do. The company makes a decision to not contact or acknowledge the researcher or vulnerability, even after the researcher has sent multiple emails. They are going to try and handle the issue internally with the small amount of information the researcher provided in the original email. Company C gets notified by a security researcher of a vulnerability in their product. The company does respond initially to the researcher, but is not sure who the researcher should talk to. Over the course of multiple months, the researcher gets directed to multiple people in the company,
PULSE
none of whom believe that they are the ones to deal with vulnerabilities. Quite often it takes weeks to get these individual responses. There are several conflicting interests in the debate on the topic of vulnerability disclosure, but the primary one is the relationship between the public having knowledge of the vulnerability (so they can better prepare and protect themselves against those that can leverage the vulnerability), and limiting the number of people that know about the vulnerability (to prevent the risk of the vulnerability actually being used). There is no correct answer here. Usually it is going to be some kind of balance between the two.
How Security Researchers Can Help Security researchers as individuals might often be confused on the process of how to contact a vendor about a vulnerability found in a product, especially if the researcher has limited experience. Conversely, companies might be resistant to an unknown individual claiming to have found a vulnerability in one of their products. This is a situation where an intermediary should be brought in to work with both the company and the researcher. There are some well established groups such as USCERT, ICS-CERT and as of late the U.S. Department of Homeland Security. The use of a high profile intermediary lends credibility to the process and makes both parties feel more secure in exchanging information on the vulnerability. One of the biggest turnsoffs, when walking into a new company, is the “what were you thinking” talk. We have all been in that situation, where part of your mind is screaming at the last IT “professional” who set up their network, the hack who should never have been given access to anything with a keyboard, the person who set up this mess that you are now charged to fix. Rather than engage in the rant that is forming quickly in your mind, it is our job as professionals to calmly discuss the holes
A Good Scenario • Traditional Vulnerability Found • Company is well established, offers $500 bounty on vulnerabilities found, has PSIRT team. • Disclosure found vulnerability to company, not publically. • Company asks for 2 months to address problem, works with researcher to understand vulnerability. • Company releases patch to fix vulnerability in 1.5 months. • Easy Decisions, Good Results Figure 1
in their security, the tweaks that can make them safer, less vulnerable, and to offer suggestions of how to close the gap from where they are to where they need to be. It is also important, while making these suggestions, to take into consideration what is realistic for this company. In a perfect world, we rip down all the parts of the structure that get in the way of our ability to secure a device, a system, a network; we remove all the current technology that just does not meet the current standards for security from the market and out of the hands of the current users; we are free to tell them how “stupid” they were for setting up their technology to not accept upgrades. Instead, as professionals, we engage in a discourse that recognizes that the company cannot do many of these things; that every person has had shortsighted thinking in the past; and we offer real world, respectful suggestions on how to fix these issues. This is what professionals do. This is what will gain us respect as a person, as a professional and as a field.
How Companies Can Help As a company in this field, you are going to make a mistake. Even the most trusted, most thoughtful and most thorough companies make errors; they cannot visit every factory, they rush a product to market, or they did not find the bug that others had found. It is important that as a company you accept that someone else is going to find a mistake that you have made and that you plan ahead for the scenario.
You should know how you and your people will respond, and the plan should include some level of respect for your user and some amount of grace in how you deal with the issues presented to you. Here are some suggestions on how to set up a protocol for how to respond to vulnerability. One form of a favorable scenario is outlined in Figure 2. Use well tested processes. Many embedded device companies shy away from using publically known and published standards in their equipment. This policy amounts to “security through obscurity.” The thinking is that the less people know about how the device works, the less likely it is for a vulnerability to be found. This concept is quite often proven to not be reliable. The problem is that one or two developers that do not specialize in security cannot create the same strength security methods as large groups of experts using peer reviewed methods. This is especially true in key exchange and encryption methods. Companies should try to take advantage of these widely used, peer reviewed methods when possible rather than trying to reinvent the wheel. Establish an IRT or policy. Security researchers often struggle with not only how to contact companies about vulnerabilities, but also what to expect from companies when they are faced with these vulnerability disclosures. Companies should create an Incident Response Team (IRT), or at a minimum a policy on who to contact and behaviors associated with vulnerability disclosures. This will not only save quite a August 2012 MEDS Magazine
25
PULSE Mo’ Devices, Mo’ Problems • Market demands devices be more connected • Tweet, e-mail, status updates, Bluetooth • Explosion of Data • Data Mining, Smart-Grid, Environmental • Everything has a CPU, Everything is connected • …Everything is vulnerable Figure 2
bit of time for the researcher, but also set a foundation for expectations on the behavior of the company. For example, part of your policy might be a moratorium on public disclosure of the vulnerability for a set period of time. Have a plan. Companies have pushed really hard in the past ten years to develop business continuity plans. These plans are used to keep the business operational in the event of unforeseen disasters and problems. Quite often this includes physical destruction of the building, natural disasters or other events that would significantly derail the standard operation of business. These plans are tested multiple times a year in order to make sure everyone knows their role
in the plan, and how to act in the event that the plan has to be put into action. The same thing should be done for vulnerability disclosure. There are many different groups that need to act in handling a disclosure: PR, Legal, Engineering and Executives all have a role in the process. Having a plan and practicing it from time to time will help when the time comes to handling a vulnerability. Make friends with researchers. Often companies have a negative association with security researchers. Typically they are stereotyped as “hackers” or egotistical nerds who only care about destroying devices and doing damage. While this can be the case, it often is not. Professional security re-
searchers are more concerned with learning how things function and making the world a safer place to live. They will usually happily talk to your engineers about how they discovered the problem, and often have several ideas on how to fix it. Respecting them and having an open dialogue with them will be much more productive then shunning them. The problem of vulnerabilities in embedded devices, especially in the medical field, is going to get worse before it gets better. Companies can prepare themselves in many ways by acknowledging that security issues exist and by working closely with researchers. Mocana San Francisco, CA. (415) 617-0055. [www.mocana.com].
You’re Invited We invite subscribers of MEDS magazine to attend an upcoming MDG program Summer/Fall 2012 Events Aug 15 Networking Program: Transitioning Into the Medical Device Industry Sep 19 Forum: Clinical World is the Critical Partner for New Products and Technology Oct 3
Forum: CE Mark: Global Market Access and U.S. Perspective
MDG holds monthly forums and regular networking events. Check our website for times and locations of our exciting programs.
meddevgroup.org 26
Untitled-2 1
MEDS Magazine August 2012
celebrating
2001-2012
New England’s premier organization for individual professionals in the medical device and related fields
About MDG
MDG’s mission is to contribute to the continuing development of medical devices and other medical technologies by enhancing the professional development of its members, fostering and supporting entrepreneurial thinking, serving as a forum for exploration of new business opportunities and promoting best practices in enterprise management.
8/6/12 11:44 AM
RELIABLE INSIDE RUGGED OUTSIDE
Systems tailored to your requirements Long-life system configurations reduce certification costs Designed to meet various industry certifications Stable system hardware and firmware BIOS 5-year factor warranty for Trenton SBCs, backplanes and motherboards Flexible designs provide expanded system I/O functionality Custom board and system design and manufacturing capabilities
770.287.3100 The Global Leader in Customer-Driven Computing Solutions™ www.TrentonSystems.com
PULSE
New Technologies Fuel Growth in the U.S. Patient Monitoring Market As patient monitoring moves from critical to low-acuity areas within hospitals, and as telehealth increasingly lets patients be monitored in the home, the market for an expanding number of devices is expected to experience rapid growth. by Dr. Kamran Zamanian and Sara Whitmore, iData Research
T
he total U.S. patient monitoring market is expected to grow at a compound annual growth rate of 4.1% by 2018. Traditional monitoring products including multi-parameter vital signs, telemetry, fetal and neonatal are stable and well established within hospitals and will continue to grow to replace outdated systems. In addition, monitoring is becoming ubiquitous in all hospital departments, especially in low-acuity areas such as wards where patients were previously unmonitored. Sales of wireless ambulatory telemetry monitors and low-acuity vital signs monitors are expected in high volumes to help monitor previously unmonitored patients. Meanwhile, healthcare reform policies are expected to result in an additional 50 million people receiving some form of health insurance. This will lead to a growing number of people seeking treatment, which they previously may have deferred due to the high out-of-pocket expense. The increase in the in-patient population is expected to cause a surge in demand for
28
MEDS Magazine August 2012
patient monitoring. Proportional representation of some of these market segments as of 2011 is shown in Figure 1. Finally, all segments in the patient monitoring device market will experience growth through 2018. However, there will be a shift from the use of more invasive to less invasive device types as well as a dominant shift in the use of low-acuity patient monitoring devices from hospitals to alternate care and home sites. Notably, this shift will be driven by cost cutting at the hospital level and will be most prominent where home and alternate care reimbursement is granted or cost avoidance measures prove effective.
Telehealth for Chronic Conditions to Experience Double-Digit Growth Telehealth, also referred to as remote monitoring or telemedicine, consists of two parts: synchronous (real-time) and asynchronous (store-and-forward). It is the process of transferring medical information via telephone, Internet, or networks for use in examinations, diagnosis and procedures.
This market is seen to be on the verge of significant growth within the patient monitoring device market as shown in Figure 2. In 2011, the telehealth for the chronic conditions segment exhibited high growth at 14.5% over 2010. This was due to the growing awareness of the benefits of remote monitoring. In addition, large purchase volumes by the Department of Veterans Affairs helped drive growth in the chronic conditions segment, as they try to reach their goal of 100,000 patients using telehealth by 2014. Telehealth systems may be purchased or leased to various customer groups. The purchase market model is driven by sales within the Veterans Affairs (VA) customer group and disease management companies. Telehealth in VA helps ensure veteran patients get the right care in the right place at the right time, and aims to make the home into the preferred place of care whenever possible. The VA purchased a large volume of units in 2011, which resulted in a surge in market growth. Meanwhile, disease management companies provide healthcare to their patients with a focus on prevention. These customer groups have recognized the benefits that telehealth can provide, and will continue to purchase new units over the forecast period. In most of the U.S. there is no formalized reimbursement policy for telehealth monitoring. Medicare, as well as certain insurance providers, will pay for telehealth solutions, but this is assessed on a caseby-case basis and is only valid for certain
PULSE
Adoption of remote monitoring for cardiac implantable electronic devices (CIEDs) has been steady over the last several years, as most manufacturers of pacemakers and implantable cardioverter defibrillators (ICDs) include remote monitoring systems as part of the cost of the implantation surgery and provide them to their patients for remote follow up. Remote monitoring systems were provided for approximately 75% of patients with ICD implants in 2011.Meanwhile, among patients with pacemakers, only 30-35% receive telehealth systems. As new clinical trial results are published, awareness of the benefits of remote monitoring of the pacemaker population will grow and drive adoption within the pacemaker patient population. Although unit sales and placements have been growing at a rapid rate, patient compliance is not guaranteed. The majority of the population using telehealth is over the age of 65 and did not grow up using computers and cell phones. Learning how to use new technology can be complicated and confusing. When patients have difficulty operating their telehealth system, they are less likely to comply with taking regularly scheduled measurements. Meanwhile, among younger generations, the prevalence of cellular-only households is affecting market growth. In 2011, most remote monitoring systems operated over landlines, and could offer service over cellular networks for an additional fee. As cellular-only households become more common, manufacturers who can offer monitoring using this technology will experience strong sales. The leading competitors in the cardiac implant markets include Medtronic, St. Jude Medical, Boston Scientific and Biotronik.
Peripheral Pulse Oximetry Monitoring Market
Wireless Ambulatory Telemetry Monotoring Market Fetal & Neonatal Monotoring Market
Telehealth Market
Figure 1 Total Patient Monitoring Device and Equipment Market by Segment, 2011.
$300
20%
$250 15% $200 10%
$150 $100
5%
Annual Growth Rate (%)
Remote Monitoring of Patients with Pacemakers
Multi-Parameter Vital Signs Monitoring Market
Market Value (US$M)
conditions. There is also reimbursement provided for the doctor or caregiver who is responsible for tracking the information sent through telehealth systems and guiding patient treatment remotely.
$50 0%
$0 2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
Year
Figure 2 Chronic Conditions Total Telehealth Monitoring Market, U.S., 2008 - 2018.
Smartphone Compatible Monitoring: Device Adoption in a New Demographic In 2011, several pulse oximetry and blood pressure monitoring products that connect to smartphone devices became available or were announced in the U.S. market. Products typically include a peripheral device, such as a blood pressure cuff or oximeter sensor, which connects to the smartphone. Data is then stored, displayed and analyzed using downloaded applications or “apps.� Systems also offer the ability to send results to the patient’s
physician or other care provider, or to display results on personal social media sites. In 2011, the average selling prices for smartphone-compatible pulse oximeters and blood pressure monitors ranged from approximately $100 to $150. Factors that will drive the uptake of smartphone-compatible monitors include convenience of monitoring, ease of use, familiar platform for smartphone users, new and exciting method for measuring blood pressure, and the ability to share and analyze results. In addition, by making monitors compatible with a smartphone device, the market will become more attractive August 2012 MEDS Magazine
29
PULSE to a different and potentially younger demographic, who may not have previously shown interest in blood pressure or pulse oximetry monitoring. However, the majority of iPhone users are under the age of 45 and come from affluent households. Conversely, the majority of patients requiring blood pressure or oxygen saturation monitoring are lower income and over the age of 45. This demographic disconnect will be a barrier for device adoption. As healthcare professionals become increasingly reliant on medical smartphone apps, the FDA will need to determine protocols to help regulate them. In 2011, market participants were unsure whether smartphone-compatible pulse oximeters would become a novelty item, or if they would go on to prove useful in rural areas or countries where immediate medical care is not readily available. Pulse oximetry products include the Phone Oximeter from Electrical and Computer Engineering in Medicine Research Group at the University of British Columbia, as well as the Tinke from the Singapore-based Zensorium. Blood pres-
sure monitoring products include the BP3 Blood Pressure Monitoring System from iHealth Lab and the Withings Blood Pressure Monitor. The information contained in this article was taken from a detailed and comprehensive report published by iData Research entitled “U.S. Patient Monitoring Device and Equipment Market.� iData Research Vancouver, BC. (604) 266-6933. [www.idataresearch.net].
SYMPOSIUM
MEPTEC&SMTAPRESENT MicroElectronics Packaging and Test Engineering Council
Surface Mount Technology Association
2012
Medical Electronics Symposium
Technology, Personal Health and the Economy Wednesday & Thursday, September 26 & 27 Arizona State University, Tempe, Arizona R E G I S T E R O N L I N E TO DAY AT W W W. M E P T E C . O R G Corporate Sponsors
30
Untitled-1 1
MEDS Magazine August 2012
7/11/12 10:27Untitled-1 AM 1
Association Sponsor
8/1/12 10:32 AM
Join 1,500+ innovators and industry leaders for four days of 130+ live demos, 70+ speakers, workshops, and 4 pre-conference sessions.
AT THE HILTON HOTEL, UNION SQUARE
HEALTH2CON.COM/EVENTS
PULSE
What Medical Device Companies Need to Know about Intellectual Property As innovative devices and creative ideas proliferate, the need to properly protect intellectual property becomes an increasingly vital aspect of both the design process and the business strategy. by Jarom Kesler and Irfan Lateef, Knobbe Martens Olson & Bear
I
ntellectual property rights are key to securing exclusivity and the ability to profit from a company’s innovations. This can be seen in the so-called “smartphone wars” where mobile phone companies are suing each other on patents in an attempt to secure marketplace dominance or in order to monetize their inventions. Likewise, medical device companies have relied on patents to help their company grow. The American patent system is authorized by Article One, Section 8(8) of the U.S. Constitution, which states, “The Congress shall have Power...To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries.” Generally, in the U.S., a patent is a right to exclude others from making, using, selling, or offering an invention for sale for a limited time. In addition, a patent can be used to exclude others from exporting components to be assembled into an infringing device outside the U.S., importing the product of a patented process practiced outside the U.S., inducing others to infringe, offering a product specially adapted
32
MEDS Magazine August 2012
for practice of the patent, and a few other specific categories. Often, however, companies focus first on developing the next big product or solution and put off legal assessment of their innovation position, only to discover too late that significant hurdles to robust protection have arisen. The story is often the same: an ounce of early prevention can save a pound of painful cure. What, then, should every medical device company or start-up know from the outset? The list of the most common pitfalls is actually quite short, but the threats they pose are too significant to be ignored. First, confirm that the company actually owns its valued intellectual property. Employers commonly assume they own intellectual property rights developed by employees and consultants, but in the United States, sometimes the creator is the presumptive owner. Companies must therefore use agreements to require employees and consultants to assign any and all intellectual property rights to the company. In addition to assigning the intellectual property rights, these agreements should also obligate employees and consultants to safeguard confidential information. Joint venture agreements (with
other companies or universities) should also be carefully scrutinized to establish proper ownership. Finally, prior employment obligations of employees could affect who owns certain intellectual property. In some situations, a current employee’s “inventions” may be owned by a former employer. Second, because medical device companies and start-ups are almost always based on a brilliant idea or solution, the nuclear option of intellectual property must be deployed: patent protection. Typically, trade secrets, copyrights and trademarks do not rival patents for the ability to prevent others from making or using an invention. Without patent protection, once the idea is publicized there is no way to stop an often larger, better-funded company from simply taking or copying your inventions. This is particularly true once FDA approval has been granted. The awful truth is that FDA approval is expensive and time-consuming. To use a cycling analogy, a competitor can lurk in the peloton while your company leads the struggle to gain FDA approval, and emerge from the pack just in time to claim substantial similarity and gain streamlined FDA approval for its competing product. Without patents in place, this tactic may be perfectly legal, granting the competitor a significant financial advantage. Venture capitalists certainly know the value of a patent portfolio. Venture funding often hinges on the strength of a start-up’s patent portfolio and how effectively that portfolio protects the ideas behind the startup. A family of strong patents is often the
PULSE
most persuasive and alluring ingredient in a sophisticated venture funding proposal. For example, Figure 1 illustrates the relationship between patents and start-ups. From this we can see that start-ups have a higher percentage of patents in part because funding possibilities increase with the number of patents. There are, however, some important pitfalls when seeking patent protection. The most important pitfall is a partial or complete forfeiture of rights caused by undue delay in filing a patent application. A patent application must be filed as early as possible and before a public disclosure or commercial activity. Avoid the trap of assuming that filing a patent application automatically results in enforceable rights: obtaining an enforceable, issued patent typically requires multiple rounds of negotiation with the Patent Office and can take two to five years. Another pitfall is the assumption that a single patent filing is sufficient. In fact, multiple patent families or groups are typically required for effective protection. Patents, no matter their size, hinge on a few words found at the end of the patent in the “claims.” The claims define the scope of the invention and, consequently, what one company can prevent another from doing. Thus, competitors can use the information in a patent and nevertheless avoid infringement if they figure out a way around the language of your claims. The more patents and the more claims you have, the more difficult this will be. A large patent portfolio in and of itself often scares away would-be competitors simply because of the expense of figuring out how to get around the volume of protection. Third, patents are not like off-the-shelf, form contracts. Each patent is specifically tailored to the new idea it is meant to cover. In the world of patent drafting, the quality of your patent is driven by the quality of the drafter. It is possible to find attorneys who will lower costs by cutting corners, but more often than not your patent will suffer for it. Serious protection is not inexpensive and requires significant attention and care from your attorney. For example, a skilled patent
Percentage of Start-Ups Holding U.S. Patents & Applications 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0%
97% 82%
94% 76%
75%
67%
39% 24%
All respondents
Biotechnology
Medical Devices
Overall population of companies (D&B)
Software/Internet
Venture-backed companies
Figure 1 Source: High Technology Entrepreneurs and the Patent System: Results of the 2008 Berkeley Patent Survey, Graham et al., Berkeley Technology Law Journal, Vol. 24:4 (2008).
Patent Scope
Relevant Market
Commercial Product Figure 2 The scope of a patent should be considered with a view to protecting the potential market, not simply the specific product.
drafter will strive to obtain not only strictly “defensive” patents—those that cover their own products in various ways, but also to obtain patents that cover the relevant marker and competitive alternatives, as in Figure 2. Here, the hypothetical patent scope covers the commercial product that a company wants to market, but not the entire relevant market for that product. That means that another company could avoid the patent claims and enter the market. In this case, the company should have spent more time, and money, considering
a broader patent claim scope to secure better protection. The goal of a robust patent portfolio is to protect a market space, not just a product. For example, consider the case of a hypothetical ECG device. There are many aspects of it that could be patented. Figure 3 illustrates the varying aspects of the device that can be potentially patented. Because various aspects of a new product can be patented, companies should evaluate their patent strategy in light of their business plans. For example, if disposAugust 2012 MEDS Magazine
33
PULSE
User Interface ECG signal processing
Sensor connection
Sensors
Figure 3 Careful consideration should be given to aspects of a product that may be of particular value and/or subject to potential infringement if not properly protected.
able sensor sales are going to drive profits, then it may be beneficial to invest more resources on patenting aspects of the sensors so that others cannot jump into that business. On the other hand, if the signal processing is the key to success, not only the company’s current implementation, but also variations should be patented. Fourth, search for patents that may pose potential infringement issues to you. A patent provides the right to stop others from using your invention, but it does not grant your company permission to actually use that invention. You may have a great idea to improve a product, but if that product is still covered by a valid patent, then your improved version may nevertheless infringe another patent owner’s rights. This can and often does result in expensive litigation and costly settlements that a small start-up typically cannot afford. So, before marketing a commercial product, do the necessary diligence to discover what claims others may have made in that space. Typically this entails performing a search of patents that may cover aspects of your product. After gathering those patents, the company and the attorney can determine if there are any issues. If there are, then the company can
34
Untitled-2 1
MEDS Magazine August 2012
8/1/12 10:40 AM
consider design alternatives to alleviate any infringement issues or by potentially obtaining a license to the patent. Finally, companies should systematically and reflexively employ robust nondisclosure agreements. Start-ups often talk to vendors, investors, suppliers, etc. about their innovations. However, these discussions can divulge intellectual property. Because these discussions cannot be avoided, companies should use non-disclosure agreements to preserve the confidentiality of trade secrets, pending commercialization, patent strategy, etc. Companies should not forgo negotiating NDAs in order to gain an audience. While the above discussion is not exhaustive, following its suggestions and identifying potential intellectual property issues early can save significant expense later on. When the time comes to consult a reputable intellectual property attorney, this knowledge will put your company several steps ahead of the competition. Knobbe, Martens, Olson and Bear Irvine, CA. (949) 760-0404. [www.knobbe.com].
PULSE
Amendment 1 to IEC 60601-1:2005 on Safety and Performance Published On July 13, 2012, the International Electrotechncial Commission (IEC) published the first amendment to IEC 60601-1:2005, Medical electrical equipment - Part 1: General requirements for basic safety and essential performance. by Charles Sidebottom, P.E., Secretary, IEC/SC 62A
T
he objective of IEC 60601-1 is to specify general requirements applicable to medical electrical equipment and systems and to serve as the basis for other standards in the IEC 60601 series that specify requirements for particular types of medical electrical equipment or systems. IEC 606011 details general and test requirements, a classification scheme and requirements for marking the documents that the manufacturer must provide for the medical electrical equipment or systems. The standard contains requirements for protection against electrical and mechanical hazards, against unwanted and excessive radiation hazards, and against excessive temperatures and other hazards from the medical electrical equipment or system. IEC 60601-1:2005 also introduced or further integrated development process requirements for those aspects of the medical electrical equipment or system that are not amenable to classical pass/fail testing requirements. Examples
36
MEDS Magazine August 2012
are software and user interface design (usability). The third edition of IEC 60601-1 also relies heavily on the risk management process described in ISO 14971. During the final phases of the development of IEC 60601-1:2005, the National Committee members of IEC Subcommittee (SC) 62A identified a short list of issues that emerged too late in the process to be included in the third edition. With the agreement of the National Committees, these comments were deferred to a future amendment or revision of the standard. Within a year of its publication, SC 62A began receiving feedback from manufacturers and conformity assessment bodies (test houses) on the practical challenges they were facing in implementing and testing to the third edition. Also in 2007, the European Union revised its Medical Devices Directive to incorporate certain essential requirements from the Machinery Directive and apply them to medical electrical equipment and systems that qualified as ma-
chines within the scope of the European Machinery Directive. An examination of IEC 60601-1 found that some of these safety concerns were not as thoroughly dealt with in the standard as was needed to use a claim of compliance with the third edition to support the full presumption of conformity with the Medical Devices Directive. By the spring of 2008, IEC Technical Committee (TC) 62 was ready to begin work on the first amendment to IEC 60601-1:2005. A four-year development plan was approved by SC 62A and formal work began in the fall of 2008. In addition to dealing with the deferred issues and new safety requirements arising for application of the European Machinery Directive, the Technical Committee instructed SC 62A to specifically address and clarify the way in which risk management has been introduced into IEC 60601-1:2005 and the way the concept of essential performance is used in IEC 60601-1:2005. This first item involved a thorough review of all the places in the standard where risk management is referenced to make sure terminology was correctly used, i.e., not referring to a hazard when what is meant is a hazardous situation. In the process, several references to risk management were removed because the standard already contained a verifiable requirement and the reference to risk management was unnecessary. Subclause
PULSE
4.2 was substantially revised to clarify how the risk management process in ISO 14971 is to be applied within a product standard. This included clarifying that some aspects of the life cycle process described in ISO 4971 are not applicable within a design verification (i.e., type test) standard. The concepts of functional safety embodied in the requirements for essential performance have proven challenging for many of the users of the third edition. To help address these concerns, the definition has been revised to stress that essential performance is about the performance • of a clinical function, • other than that related to basic safety, and • where operation outside the limits specified by the manufacturer results in an unacceptable risk. Subclause 4.3 has been expanded to outline a process the manufacturer can use to identify and document the essential performance of their medical electrical equipment or system within its intended use. The third edition incorporated the requirements for Programmable Electrical Medical Systems (PEMS) introduced in IEC 60601-1-4:1996 into Clause 14 of the general standard. Although it is often assumed that the requirements for PEMS are just for software, they are not. The PEMS requirements apply equally to any programmable element regardless of how it is implemented. However, recognizing that software presents common problems affecting many, perhaps most, medical electrical equipment and systems, SC 62A, in partnership with ISO/TC 210, developed a medical device software lifecycle standard—IEC 62304:2006. IEC 62304 was not mature enough to be made a normative reference in IEC 60601-1:2005. However, Amendment 1 adds a normative reference to some requirements in IEC 62304 when the PEMS includes software.
Amendment 1 also includes some much-anticipated improvements to the requirements and test procedures in Subclause 9.4 on instability. Now that Amendment 1 has been
published, a consolidated edition of IEC 60601-1 incorporating Amendment 1 is currently in preparation. Publication of IEC 60601-1 Ed. 3.1 is expected shortly.
REAL-TIME & EMBEDDED COMPUTING CONFERENCE WWW.RTECC.COM W
ATTEND RTECC REGISTER NOW IT’S ALL COMPLIMENTARY! COMING TO: DETROIT ON SEPT. 11 CHICAGO ON SEPT. 13
Untitled-2 1
MARK YOUR CALENDAR AR & MEET WITH SEVER UP A EX AL XPE ERTS ON-H AND GET INFO F ON THE NEW M2M PLATF ORM, PARAL LEL PROCESSIN G TECHNOLO GY, PCIEXPRES S CATCH THE KEYNOTE AN D BRING BACK INSID ER KNOWLE DGE OF WHAT’S H APPENING IN THE INDUSTRY, AN D R&D FOR THE BOSS! VEHICULAR CONT
ROL/MAINTE CONTROL – NANCE – IN MILITARY/AE DUSTRIAL ROSPACE – INSTRUMENT MEDICAL ATION – TELE COM/TELEPH DATACOM – ONY – PROCESS CO NTROL – EM APPLIANCES BEDDED – CONSUMER ELECTRONICS
8/7/12 August 2012 MEDS Magazine
37
1:56 PM
PULSE
How Wireless Technologies Impact the Future Development of Healthcare The concept of telehealth is transforming the practice of medicine. Among its benefits, it is bringing people in remote locations in touch with medical expertise that is otherwise unavailable to them. It is also helping people with treatable conditions live longer and more comfortably in their homes. by John Koon, Publisher, MEDS
T
he advancement of electronics in the last decade enables electronic design to be more compact, portable and easier to use. The smaller footprints of individual components, advanced manufacturing and packaging techniques enable medical devices to be very compact. Devices such as ultrasound units, insulin pumps, ECG monitors, blood pressure monitors and glucose meters are more portable than ever. Additionally, new wireless protocols such as Bluetooth, ZigBee, ANT and 4G further fuel the growth of new applications unthinkable before. Prevention and fitness has become a category all by itself with devices to monitor the conditions of athletes.
Future Trends
Telehealth, mHealth will grow at a rapid rate Telehealth has become the wave of the future. Even in its infancy, more and more health organizations, including
38
MEDS Magazine August 2012
Highmark, Inc., one of the largest insurance companies on the east coast, are starting to use remote service to help patients cut down on doctor office visits and travel time. Developers are working on many new products to enable telehealth. One product is a remote stethoscope that will transmit the heart rhythm to the doctor remotely, allowing the caregiver to do basic diagnostics. Another product in its early stage is an iPhone with a special case design that turns it into an ECG device to measure heart rhythm. A caregiver can remotely receive and view the heart signals. Multiple organizations including Qualcomm have been promoting the concept of wireless health and how it will enable “access” via mobile technology such as smartphones or other wireless devices, both in the USA and other countries. For example, Qualcomm initiated a program called Wireless Reach, which
invests in projects that use mobile technology to benefit underserved communities by enhancing the delivery of health care and other areas such as education. Erica Whinston, senior manager Wireless Reach, Qualcomm, said, “3G and nextgeneration mobile technologies allow for connectivity anytime and anywhere. If harnessed appropriately, these technologies can be especially beneficial for remote communities that do not have access to the advanced health care that is available in urban centers. Health monitoring is not limited to a fixed location. Ford Motor Company recently introduced Ford In-Car Health and Wellness, which is a concept of health on-the-go. The minivan equipped with a Ford SYNC AppLink has a built-in sensor in the driver’s seat to monitor the vital signals of the driver. This information is transmitted via Bluetooth to the driver’s 3G/4G cell phone, which connects with the caregiver. The Telehealth concept has transformed the practice of medicine. It has shortened the distance between the caregivers and those in need. “Access to services” is now a bit easier. Telehealth is expected to grow along with wireless technologies. Expect to see more connected healthcare devices come out. Note that devices will become smaller and more
PULSE
Figure 1
wearable, in some cases implantable. While access is easier, the need for reliable and secure end-to-end connection will remain a challenge.
High-tech home healthcare will evolve The wireless home healthcare market is expected to reach $4 billion in 2013 in the U.S. alone (http://mobihealthnews. com/7270/). So what applications make up the revenue? When a stroke patient is admitted to the emergency room in the hospital, the doctors will first attempt to save the person’s life and keep him or her in a stabilized condition. The patient is now under observation to make sure there is no other complication. Depending
on whether it is an Intensive Care Unit (ICU) or regular room, the daily cost can run between $500 and $10,000. So how long should the observation period be? If the patient is discharged from the hospital too soon, complications may occur and he or she will be readmitted to the ER again, a common problem today. The best solution is to proactively monitor the patient after discharge. Isansys recently developed a LifeTouch Patient Surveillance system, which includes a compact, wearable ECG sensor/device that can be attached to the patient and allows the caregiver to monitor the heart ECG signals remotely. The device communicates using the ANT protocol, with the nearby gateway
unit connected to the Internet. Other portable and home-use devices (for glucose/blood/ oxygen monitoring) and ultrasound units are expected to grow rapidly, and all these are contributing factors for the projected revenue growth. Wireless technologies offer the aging population the chance to live independently with safety. For example, Grandcare Systems is a server (sometimes referred to as Point-of-care) connected to many sensor devices, which can be installed at a home via wireless communications including Bluetooth, ZWave and X.10. Depending on the configuration, the system can link with a blood pressure monitor, digital weight August 2012 MEDS Magazine
39
PULSE
Figure 2
scale, motion sensor, mattress weight sensor, door sensor, pulse oximeter (by prescription only), and even a pair of shoes with built-in GPS. This comprehensive solution will be able to track and graph the day-to-day activities of the user and report to the caregiver an alert of any unusual pattern. The sleep pattern, blood pressure and weights are measured regularly; the system will know if the user locks the door or not as well as their whereabouts. Other assisted living facilities may use an alarm system such as the IntelGE Care Innovations’ Link system. The home base station communicates with the wearable personal Link button via RF radio. When the senior needs help, he or she simply pushes the help button on the wearable unit and the caregiver will be informed of the request. A trained professional will provide a voice response via the home base unit. Reimbursement is a very important part of healthcare. The paying parties
40
MEDS Magazine August 2012
such as the insurance companies and Medicare want to make sure the services are indeed performed before they are paid out or reimbursed. One of the reasons for CellTrak’s growth is they offer a tracking solution to the healthcare professionals and agencies to schedule and communicate, making sure eligible services are paid. The solution provides a connectivity platform within the home that brings together various sources of data about a patient and ensures that the care to be delivered was indeed delivered. Expect more of these types of services to become available.
Wireless technologies will propel use of mobile devices in healthcare The use of handheld devices in healthcare is growing rapidly. Many new applications are coming out that use smartphones to measure various vital signs including ECG signals and glucose levels. In the U.S. alone, there are approximately 26 million people with diabetes
costing $174 billion a year. Smart handheld devices including phones are used to manage diabetes. A smart wireless device that can remotely deliver insulin with accuracy to the body without a tube has also become available. Many more handheld smart devices will be developed in the upcoming years. In terms of tablet use, the enthusiasm is equally great. The iPad already has many healthcare software apps today. Many medical schools actually use the iPad for their training and make loaners available from their medical libraries. While iPads seem to be getting all the attention these days, there are strong arguments that the Android tablet will be more successful in healthcare in the long run because of its open platform. Finally, another one to watch is the Windows 8 tablet, which has generated a great deal of interest in the healthcare market. Each platform will carve out its own niche in the market. The question is, over time, which will become the tablet of choice?
PULSE Records (EMR). In some doctors’ offices the tablets are stationed in the form of a kiosk similar to the systems used in fast food restaurants. As more and more handheld devices become available, the need for seamless connection remains a priority. The reason that the iPad became a breakthrough product was because of its ease of use. Expect to see other tablets start to catch up. Finally, uses of wireless services will demand a more reliable solution. In a medical application, dropping calls is not acceptable.
Conclusion Wireless technologies in the medical device market will continue to expand in the next several years. Telehealth, home healthcare, and new use of smart handheld devices will drive the growth of healthcare in general. More devices will be connected together as reliable and secure end-to-end connection slowly evolves. Home healthcare will remain a fast growing market to meet the demands of our large aging population. And finally, point-of-care and handheld devices may go through what was experienced when the PC was first introduced—a lot variety and volume.
Figure 3
Figure 4
The use of tablets by doctors and patients in hospitals and clinics is expected to grow. More doctors are turning to tablets as the device of choice. Accenture, a leading consulting firm, predicts that tablets will become even more widely used in the healthcare environment over time. Many patients complain that when they visit their doctor’s office the time is short and they don’t get the attention they deserve. They state that their doc-
tors don’t even look at them; during the visit doctors are busily entering data into their desktop computers. But this will start to change. The portable tablets enable doctors to face and interact with their patients while doing touchscreen entry. For patients, tablets allow them to enter personal information directly when they check in, which will save the steps of data entry normally required when converting data to the Electronic Medical August 2012 MEDS Magazine
41
PULSE
Interview with Doug Busch of Intel-GE Care Innovations by John Koon, Publisher, MEDS The medical electronic market continues to heat up as more and more people demand medical electronic solutions. Intel and GE, the two electronic giants formed a joint venture called Intel-GE Care Innovations. MEDS wanted to find out how it came about and what they wanted to accomplish. Our publisher John Koon interviewed Doug Busch, Senior Vice President, Chief Operating Officer, Intel-GE Care Innovations. Publisher: What is Care Innovations’ vision? DB: Our mission is to create technology-
based solutions that give people confidence to live independently, wherever they are.
Publisher: Intel and GE created this joint venture for a common purpose, how did it all happen? DB: The idea behind Care Innovations began forming several years ago, when top executives from Intel and GE got together and realized that they shared a common vision of how technology solutions can transform healthcare and independent living. In 2009, the two companies created a joint alliance to market and develop home-based health technologies that would help seniors live independently. This began a strong relationship between Intel and GE, which culminated in the creation of Care Innovations in 2011. The new company combined assets and people from Intel’s Digital Health Group and GE Healthcare’s Home Health Group. Publisher: What are the biggest challenges in the healthcare industry today? What specific solutions does Care Innovations provide? DB: The biggest challenge for healthcare is the acceptance of the status quo. Today’s healthcare system operates in the same way that it did back in the late 1700s, when the first hospital was built in Vienna. We accept that we should be traveling to the hospital for care, that we don’t need to be proactive about managing our
42
MEDS Magazine August 2012
health, that we react to a crisis instead of trying to prevent it from happening, that face-toface visits are the only way to see a doctor. It’s time to shake up the healthcare status quo, to start rewarding providers for better health outcomes instead of the number of visits, and to deliver care wherever it makes the most sense. Care Innovations offers a range of technology-based solutions addressing complex needs in healthcare, senior living, and education. Our four flagship products today are below: • Care Innovations Guide is a virtual care coordination solution that provides an online interface allowing clinicians to monitor patients and remotely manage care. • Care Innovations QuietCare is an advanced motion sensor technology that learns the daily activity patterns of senior community residents and sends alerts when certain outof-the-ordinary events occur. • Care Innovations Connect is a new wellness communications tool and social networking hub designed to address social isolation in older adults. • Care Innovations Reader is a mobile device that transforms printed text to the spoken word for those with readingbased disabilities or impaired vision.
Publisher: What is your experience with the FDA 510K clearance process? Any advice to make the clearance process easier? DB: Our experience with the FDA has been straightforward and easy to navigate. We’ve always approached them as a partner in creating new innovations, not as an obstacle to overcome. There are three key things to remember when working with the FDA: • Understanding the process should be the first step. The FDA hasn’t changed its basic rules, even though new technologies are constantly changing the market. The FDA also has a lot of good information available on its website to help new companies. • Companies should stay focused on the problem they’re trying to solve and the end users of the technologies, instead of getting sidetracked by the technology itself. Too many companies try to dazzle the FDA with their technical capabilities, when the real key is to focus on what the technology will do to safely improve public health. • Establishing an early dialogue with the FDA is key; this way, companies can quickly understand any potential issues, and can work through these collaboratively.
Publisher: What do you think the biggest change will be in the next few years? DB: I believe we’ll see a major shift toward models of care and new technologies that can address the full continuum of a person’s healthcare and independent living needs. Today, services and products are too segmented and one-size-fits-all. The coming years will show that technology has the flexibility and openness to adapt to a person’s full range of evolving needs, from social interaction to education to chronic disease management to advanced senior care, in the right place and at the right time. Engaging a broader team of care providers to address these needs in a coordinated way will need to become easier.
Publisher: The demand for medical products is much greater in Asia as their large aging population will demand care. What is Care Innovations’ international strategy? DB: The entire world is facing the impact of a rapidly aging population; it’s not just a U.S. problem. At Care Innovations, we’re enthused to see the Chinese government taking steps to shift care to the home, where it can often be delivered at a lower cost with better results. We’re exploring a variety of opportunities in the Asian market to support the needs of their aging population. We also already have a strong presence in mature Europe and Australia, where customers are using both the Guide and the Reader.
YOU DESIGN. WE BUILD.
MAKE EMI YOUR MEDICAL MANUFACTURING PARTNER. We offer: UÊ ià } ÊÛiÀ v V>Ì ÊEÊ«À Ì ÌÞ«iÊ Û> `>Ì UÊ*>V >}i *>V >}iÊ* *®Ê ÌiV }ÞÊv ÀÊ } Ê`i à ÌÞÊ * UÊ iÀ V> Ê Ü i`ÊEÊ «iÀ>Ìi`Ê v>VÌ À ià 1- Ê> `Ê >®ÊÆ ÃÌÀ }i ÌÊ *Ê«À ÌiVÌ UÊ/ÕÀ iÞÉ * Ê-iÀÛ ViÃÊ V Õ`i\Ê i } iiÀ }ÊÛ> Õi >``]Ê «À `ÕVÌ ÊÃÕ«« ÀÌ]Ê«>V >} }Ê > `Ê} L> Ê À`iÀÊvÕ v i Ì UÊ,i >L ÌÞÊ >LÊV>«>L ÌÞÊv ÀÊ Ì iÀ > Ê> `ÊÃÌÀiÃÃÊÌiÃÌà UÊ+Õ V ÊÌ iÊÌ Ê >À iÌ UÊ -"Ê£Î{nx\ÓääÎÊViÀÌ v V>Ì UÊ -"Ê ää£\ÓäänÊViÀÌ v V>Ì
CALL US TODAY: Ç£{° Ç °ÓÓÓn ÜÜÜ°i V°V
8