SPECIAL REPORT: CONNECTED HEALTH SUMMIT 2017 TIME TO GET YOUR UPDATES: FDA 510K, HUMAN FACTOR, CE & IEC ONE-ON-ONE WITH TONY FREEMAN: THE FUTURE OF MEDICAL TECHNOLOGY
Real World Connected Systems Magazine. Produced by Intelligent Systems Source
Vol 18 / No 8 / August 2017
What is the Future for Medical Tech and Connected Health?
An RTC-Media Publication RTC MEDIA, LLC
Ultra-High Bandwidth Recording Solutions
Get There in Record Time! Turnkey Recording Solutions Record at up to 10 GB/s Up to 96 TB SSD Storage
StoreRack Low Cost Turnkey Prototype Platform
StoreBox Compact, Rugged, Deployable
StorePak & StoreEngine VPX Blades for Customized Recording Platforms
www.criticalio.com
CONTENTS
Real World Connected Systems Magazine. Produced by Intelligent Systems Source
COMPLIANCE AND REGULATIONS UPDATES: FDA 510K, HUMAN FACTOR, CE, IEC 24
2.0: H uman Factors and Medical Device Development Virginia A. Lang, PhD
28
2.1: Engineered Success: The Engineer’s Contributions to FDA Medical Device Market Commercialization by Russ King, MethodSense
32
by Charles Sidebottom, PPO Standards LLC.
06
36
Special Report: Connected Health Summit 2017 DEPARTMENTS 05
EDITORIAL
SECURITY FOR (CONNECTED) MEDICAL TECHNOLOGY 38
In Search of the Best Healthcare System
06
42
16 20
by John W. Koon
1.3: The Crisis in Electronic Medical Records (EMR) – Implications for Medical Software Development by Jerry Krasner
23
1.4: Cool Product by Evolve Refrigeration
3.2: Software Defined Networks (SDNs) Align Industrial Network Security with Plant Production Goals by Larry O’Connell, Microsemi Corp., & Roger Hill, Veracity Security Intelligence
1.1: One-on-One with Tony Freeman on The Future of Medical Technology 1.2: Innovative Medical Products
3.1: Achieve Embedded Security for Mobile-Connected Devices by Enrico Carrieri, Intel Corporation
by John W. Koon
by John W. Koon
3.0: It is Paramount to Achieve Security for Medical Technology by Richard Fetik, Data Confidential
40
1.0: Special Report: Connected Health Summit 2017
2.3: The value of adhering to the Medical Device Single Audit Program (MDSAP) by Peter Rose, Maetrics
CONNECTED HEALTH INSIGHTS
12
2.2: Get Ready for the Major Updates of IEC Standards for Electromedical Equipment
MAKING MEDICAL TECHNOLOGY WORK 46
4.0: Overcome the Challenges of Designing Battery-Powered Medical IoT Devices by Kah-Meng Chew, Keysight Technologies, Inc.
49
4.1: The Many Flavors of Low-power Wide Area Network (LPWAN or LPWA) by Derek Wallace, MultiTech
RTC Magazine AUGUST 2017 | 3
RTC MAGAZINE
PUBLISHER President John Reardon, johnr@rtc-media.com Vice President Aaron Foellmi, aaronf@rtc-media.com
EDITORIAL Editor-In-Chief John Koon, johnk@rtc-media.com Contributing Editor Jack Davis, jdavis@rtc-media.com
ART/PRODUCTION Art Director Jim Bell, jimb@rtc-media.com Graphic Designer Hugo Ricardo, hugor@rtc-media.com
ADVERTISING/WEB ADVERTISING
Integrated Rack Level Systems Elma integrates 19� COTS components from Cisco, Dell and others into our equipment racks, providing fully configured and tested turnkey systems. As your single source supplier, Elma provides component life cycle management, documentation, spares support and design services.
Western Regional Sales Manager John Reardon, johnr@rtc-media.com (949) 226-2000 Eastern U.S. and EMEA Sales Manager Ruby Brower, rubyb@rtc-media.com (949) 226-2004
BILLING Controller Cindy Muir, cindym@rtc-media.com (949) 226-2021
TO CONTACT RTC MAGAZINE: Home Office RTC-Media, 940 Calle Negocio, Suite 230, San Clemente, CA 92673 Phone: (949) 226-2000 Fax: (949) 226-2050 Web: www.rtc-media.com Published by RTC-Media Copyright 2017, RTC-Media. Printed in the United States. All rights reserved. All related graphics are trademarks of RTCMedia. All other brand and product names are the property of their holders.
4 | RTC Magazine AUGUST 2017
EDITORIAL
In Search of the Best Healthcare System by John Koon, Editor-In-Chief
Which country has the best public healthcare? According to US News and World Report, the top five were New Zealand, Austria, France, Australia and the Netherland. But International Living had a different list. They were Malaysia, Costa Rica, Columbia, Mexico and Panama. I decided to do my own investigation at the Connected Health Summit in San Diego. My question was: Which country has the best healthcare system? • At the network lunch table, I asked two people. The person, who was only familiar with the US system, thought USA was the best. The other person did not know. • I asked a person at breakfast. The person told me definitely France. “Why?” I asked. “Because in France even though you are a traveler, they take care of you. They don’t want you to get sick.” • At the network lunch table the next day, I had a conversation with a manager on assignment to the USA (from Japan). The manager has been here for a few years. In Japan, a citizen pays 30% of the healthcare cost and the rest of the costs are picked up by the system. If the cost exceeded certain amount, a different formula would be used. The premium was collected as part of the income taxes. The person told me the system was better in Japan. How about Canada? I had a conversation with a marketing manager who used to live in Canada before coming to the USA. He told me that Canada had a much better healthcare system and he recalled his grandpa’s experience on how easy it was to get medical treatment. The national electronic health record (EHR) kept track of everyone’s history. “There is no need to transfer your record if you decide to see a new doctor after relocation. Additionally, most of the expenses are paid for by the
system coming out directly from your taxes,” he told me. That conversation stayed with me for a long time. Recently I had another conversation about Canada with a male doctor based in Southern California but used to practice in Canada. He told me his experience. One patient with a heart problem was getting ready for an open-heart surgery operation. With chest hair shaved, right before he was wheeled to the surgical room, another patient had an emergency came in and took his place. So this heart patient’s operation was postponed, not once, not twice but three times. Another Canadian female doctor echoed similar frustration about the long wait her patients had. She now practices in the U.S.A. What about U.S.A.? We have our share of the problems though we have the world’s best medical technologies and doctors. Our health care costs are much higher than other industrial countries. According to the 2015 study (most recent), done by the Organisation for Economic Co-operation and Development (OECD), healthcare costs per person in USA was over $9,000 while the other four industrial countries ranged from $4,000 to $5,200 (Germany, Canada, France and UK included). Back to the question “which country has the best public healthcare?” It depends on whom you talk to. We have two reports showing very different perspectives. In my opinion, U.S. has the best technology but the healthcare costs are very expensive. It is because the system is inefficient. Canada’s system is not as good as it sounds based on the feedback of two doctors who have practiced in Canada. My survey at the conference is inconclusive. The answers depend greatly on the individual’s experience and knowledge. A good healthcare system is made up of three things: accessibility, quality of service and costs. Unless we have a universal standard to measure these three parameters, the answer will always be subjective. RTC Magazine AUGUST 2017 | 5
1.0 CONNECTED HEALTH INSIGHTS
Special Report: Connected Health Summit 2017 The healthcare business is a complex one because of its moving parts. Among them are hospitals’ involvement, government regulations (FCC and FDA compliance), insurance which plays a vital role in reimbursement, the device and technology companies that drive innovation and patients who are becoming more educated and influential. Recently, I attended the 4th Connected Health Summit 2017 held in San Diego to find out what is new. by John Koon, Editor-In-Chief
Attendees came from various segments including health/drug, finance, consumer hardware, smart home, semiconductor and software to attend the summit and it was a good opportunity for me to network and learn. Panelists and presenters representing insurance, hospitals, device companies and solution providers and consultants gather here to share their knowledge and experiences. A great deal of materials has been presented over two-and-half days and the key learnings can be summarized as follow. • Outcome-based philosophy continues to drive the connected health industry and create new market opportunities. • There is a shift from device to data/cloud centric.
6 | RTC Magazine AUGUST 2017
• Emerging technologies such as Artificial Intelligence (AI) and Internet-of-Things (IoT) start to impact the industry.
Key Learnings Outcome-based philosophy continues to drive the connected health industry and create new market opportunities. One of the most important factors in the connected health industry is reimbursement. Solution providers face the hurdle of developing good medical devices that people want but fail to “get paid”. Without insurance companies covering the costs of the devices, most users are hesitant to pay form their own
pockets. To convince the insurance company that a potential healthcare solution or medical device would mitigate risk and help monitor compliance for a better outcome is easier said than done. It was reported that a company has taken seven years and millions of dollars to finally get the reimbursement approval in key states. Not every company can afford that. It takes a lot of time and patience to achieve reimbursement results. But the reward can be long term. State Medicaid incentives help create new opportunities for inventors. As an illustration, consider Medicaid specifies a onetime payment for certain hospitalization. For a care facility, such as a hospital, readmission of patients will increase costs and negatively impact the bottom line. This happens when high-risk patients are overlooked and end up in readmission. To reduce such risks, Vivify provides a SaaS-based software solution to monitor high-risk patients in real-time so proactive actions can be taken by the caregivers and not wait for an emergency to occur. Users of the software report a decrease of readmission by as much as 50%. It is expected that similar solutions that help monitor patients remotely will emerge. The aging population is expected to create a big market. According to the Population Reference Bureau report, “Aging in the United States,” (2016), the number of Americans 65 and older was projected to be 98 million by 2060 up from 46 million, corresponding to 24 percent and 15 percent of the population. Since the frequency of hospital visit is directly proportional to the age and the health condition of an individual, as the aging population grows, hospital visits will also increase. To reduce healthcare costs, both insurance companies and hospitals are motivated to keep patients away from the hospitals. This has created a demand for services to help individuals to live independently and healthily. Solution provider such as Systech, a maker of sensor gateway, came up with an idea. The gateway-centric device which interfaces with multiple medical devices and sensors to monitor bed pressure, bed moisture, blood pressure, weight, room motion and door contact to make sure activities of daily living (ADL) of individuals are normal. Caregivers will be informed of any activities outside the norm and take early actions. The IBM Research division is conducting multiple studies in using technologies to aid the aging population to live lives on its own terms. I expect in the next few years, many companies will offer solutions to capitalize on this growing market.
There is a shift from device to data/cloud centric. I noticed a shift from device to data/cloud centric over the years. Here are a few examples to illustrate the point. Omron is a household brand of blood pressure monitor devices. They spent many years to gain the trust of doctors. Chances are when an individual buys an Omron device it is because the doctor tells the Photo 1 patient to do so much like a “After a device such as the blood pressure monitor is purchased, if the users prescription. The mission of desires, data can be uploaded to the Omron is to help eliminating cloud and it can be used at no cost by caregivers and love ones”, commented heart deceases such as heart Ranndy Kellogg, President and CEO of Omron Healthcare, Inc. By having timeattacks and strokes by offering ly access to vital data, caregivers can monitor the well-beings of users.” technology solutions. One of the methods Omron uses is to provide useful data for free. “After a device such as the blood pressure monitor is purchased, if the users desires, data can be uploaded to the cloud and it can be used at no cost by caregivers and love ones”, commented Ranndy Kellogg, President and CEO of Omron Healthcare, Inc. By having timely access to vital data, caregivers can monitor the well-beings of users.” (Photo 1) ResMed, a leading provider of devices to treat sleep apnea, has more than 3 million patients remotely monitored via their CPAP machines and ventilators. With the cloud connection, users can track their own CPAP therapy and receive personalized coaching tips. Additionally, caregivers can monitor the condition of the patients and make necessary adjustments. “By having such a big database, ResMed Photo 1 can provide valuable insights “By having such a big database, ResMed can provide valuable insights to help clinicians improve pa- to help clinicians improve patients’ therapy experience and health tients’ therapy experience and outcomes,” according to Kari Hall, VP, Software Services.
RTC Magazine AUGUST 2017 | 7
1.0 CONNECTED HEALTH INSIGHTS health outcomes,” according to Kari Hall, VP, Software Services. (Photo 2) Finally, I have been tracking Qualcomm Life for years. In the early days, the 2Net devices were always highlighted at various events as the secured connected solution for connected health. This year, the emphasis shifted to the availability of enabling almost real-time data. The 2Net device was not even mentioned had I not asked about it. Overall I see the trend will continue to focus on the meaningful use of data via IoT and the cloud. Emerging technologies such as Artificial Intelligence (AI) and Internet-of-Things (IoT) start to impact the industry At the event, new and improved wearable devices have shown that we have made significant improvement in the area of monitoring. Stylish smartwatches can monitor not only heart rates and steps but measure many vital signs as well. Reemo launched a brand new stylish smartwatch while FitBit announced a new model with added features (see product section). Perhaps, the most impressive device is from the BodiMetric. Many vital signs including ECG signals can be measured in 20 seconds and together with the AliveScience software, the Ruthman Index can be obtained. What is the significance of
a Ruthman Index for health? It is like the FICO score used to measure one’s credit. Two Ruthman brothers experienced a tragedy of losing their mother after her heart valve replacement. The patient seemed to be recovering well. But it took a downturn without warning resulting in her death. While the doctors and nurses were competent individuals, there seemed to be undetected vital signs to cause the patient to “fall through the crack”. After many years of research and working closely with hospitals, the Ruthman Index was born. It is a combination of measuring vital signs and the review of those charts to come up with an index. The results of using those indexes have helped saved thousands of lives. (Chart 1) Connected Health (some prefer Digital Health) relies on digital transformation. Gone are the days of pager worn by doctors. (Some of you may ask what a pager is. Not to worry, it is not important if you don’t know what it is). Now we use the cloud and IoT to access real-time data to improve outcome. Smartphone and apps will play an increasingly important role. When I heard about the use of health apps, I always wonder how they would be regulated by the FDA. I got my answer. In 2016, the FDA cleared (approved) 36 health related apps. Here are a few
Chart 1 After many years of research and working closely with hospitals, the Ruthman Index was born. It is a combination of measuring vital signs and the review of those charts to come up with an index. The results of using those indexes have helped saved thousands of lives.
8 | RTC Magazine AUGUST 2017
BRING THE FUTURE OF DEEP LEARNING TO YOUR PROJECT. With unmatched performance at under 10W, NVIDIA Jetson is the choice for deep learning in embedded systems. Bring deep learning and advanced computer vision to your project and take autonomy to the next level with the NVIDIA Jetson™ TX1 Developer Kit.
®
Ready to get started? Check out our special bundle pricing at www.nvidia.com/jetsonspecials Learn more at www.nvidia.com/embedded © 2016 NVIDIA Corporation. All rights reserved.
examples. (http://www.mobihealthnews.com/content/thirty-sixconnected-health-apps-and-devices-fda-cleared-2016) • Sensimed received the de novo FDA clearance for the Triggerfish, an innovative connected contact lens. This contact lens can record continuous ocular dimensional changes. By observing the recorded data, uploaded from the lens to the computer via Bluetooth, physicians can monitor the progression of glaucoma in patients. (Photo 3)
Photo 3 By observing the recorded data, uploaded from the lens, made by Sensimed, to the computer via Bluetooth, physicians can monitor the progression of glaucoma in patients.
• Scientists and physicians are always searching for a better pain control medicine or method. Neurometrix came to the rescue. Their wearable, smartphone-controlled version of Quell, received FDA clearance. By sending signals to the brain to release natural opioids, the device allows users to control therapy levels. • Medtronic’s AVIVO Mobile Patient Management System received FDA clearance. The device monitors the condition of the patient with cardiac illnesses by measuring and recording data before sending to the Medtronic server. In turn caregivers will have access to the information and take proactive actions if necessary.
What will the future hold? Technology will continue to play an important role in connected health while not every hospital or care facility is using connected health yet, some have. For example, the Geisinger Integrated Health System which manages 12 hospitals use con-
10 | RTC Magazine AUGUST 2017
nected health to manage data including patient electronic medical records (EMR). “We address patient care needs using connected health and can interact with them,” commented Chanin Wendling, AVP, Informatics, Geisinger Health System. (Photo 4). Another organization, UPMC, also based in Pennsylvania, Photo 4 use connected health to see “We address patient care needs using connected health and can interact with patients remotely for first them,” commented Chanin Wendling, AVP, Informatics, Geisinger Health consultation so they don’t System which manages 12 hospitals. have to drive to the clinics. I expect remote care will grow over time and hopefully come to the west coast where I reside. While progresses are made in the connected and digital health segments, there are also hurdles and challenges. Because multiple technologies are used, a device has to face multiple hurdles such as FCC and FDA compliance before it can go to market. For medical devices, the HIPPA privacy act adds another hurdle limiting what information can be shared. Additionally, the continual challenge is figure out how to secure the connections used by IoT and connected medical devices.
Recap: A great deal of useful information was presented at the Connected Health Summit 2017. The three main lessons can be summarized as follow. 1. Outcome-based philosophy continues to drive the connected health industry and create new market opportunities. 2. There is a shift from device to data/cloud centric. 3. Emerging technologies such as Artificial Intelligence (AI) and Internet-of-Things (IoT) start to impact the industry.
MISSION CONTROL
Rugged, reliable and resilient embedded computing solutions Whatever the operational environment—aerial, space, ground or submersible— WinSystems has you covered with a full line of embedded computers, I/O cards, cables and accessories. Our rugged, reliable and resilient single board computers are capable of processing a vast array of data for controlling unmanned systems, machine intelligence, mission management, navigation and path planning, From standard components to full custom solutions, WinSystems delivers world-class engineering, quality and unrivaled technical support. Our full line of embedded computers, I/O cards, and accessories help you design smarter projects offering faster time to market, improved reliability, durability and longer product life cycles. Embed success in every application with The Embedded Systems Authority!
EBC-C413 EBX-compatible SBC with Latest Generation Intel® Atom™ E3800 Series Processor EPX-C414 Quad-Core Freescale i.MX 6Q Cortex A9 Industrial ARM® SBC
SCADA
ENERGY
IOT
AUTOMATION
TRANSPORTATION
Single Board Computers | COM Express Solutions | Power Supplies | I/O Modules | Panel PCs
SCADA
SCADA SCADA SCADA ENERGY
ENERGYENERGYENERGYIOT
SCADA
IOT
IOT
817-274-7553 | www.winsystems.com
TRANSPORTATION TRANSPORTATION TRANSPORTATION TRANSPORTATION IOT AUTOMATION IOTAUTOMATION AUTOMATION AUTOMATION TRANSPORTATION ENERGY
AUTOMATION
ASK ABOUT OUR PRODUCT EVALUATION! 715 Stadium Drive, Arlington, Texas 76011
PX1-C415 PC/104 Form Factor SBC with PCIe/104™ OneBank™ expansion and latest generation Intel® Atom™ E3900 Series processor
1.1 CONNECTED HEALTH INSIGHTS
One-on-One with Tony Freeman on The Future of Medical Technology The medical technology is in a dynamic state. Venture funds are pouring in many new start-ups with innovative ideas. Many large medical devices companies are merging. The market for connected medical devices is growing and cyberattacks have never been so active. What will the future of medical technology be like? To get the answers, I spent some time with Tony Freeman, President of A.S. Freeman Advisors, LLC to gain his insight. Mr. Freeman has spent many years in tracking the performance of the top 30 medical device manufacturers and is very active and knowledgeable of the industry. by John Koon, Editor-In-Chief
Tony Freeman is the President of A.S. Freeman Advisors, LLC, a mergers and acquisitions advisory firm serving the specialty materials and precision manufacturing industries. www.asfreeman.com
1. How did you come in contact with the medical device market? What is your current role in the medical device world?
I started working with device companies and their supply chain partners in 2002, just as the medical device industry began going through exceptional expansion and consolidation. Currently I represent both buyers and sellers with a particular focus on contract manufacturers serving the large medical device OEMs. 2. You have been tracking the top 30 medical device companies for many years, in your opinion, what makes a winner in this space? Revenue is only one of the measuring matrixes, what other criteria do you use to measure a winner?
Success in the medical device industry today requires three competencies: - S trong market position in the treatment of a given disease or 12 | RTC Magazine AUGUST 2017
a specific area of medicine. Gone are the days when a medical device company could survive offering the sixth most popular product for a given therapy. With insurance companies and national health organizations requiring demonstrable benefits over competing therapies there are fewer, but larger, winners. -G lobal reach as more of the opportunity for medical devices is in the developing countries. -O utsourcing of some research and manufacturing. Market agility often requires involvement of partners better suited to get new product out the door. 3. There are major acquisitions going on. For example, Becton Dickinson acquired CareFusion, Cannon acquired Toshiba’s medical division and Abbott acquired St. Jude etc. Any particular reasons behind these activities?
There are a number of reasons but they group into strategic reasons and financial reasons. The strategic reasons for the mega-acquisitions are to lock in unassailable market positions and to gain geographic strength in areas the acquirer or the target may have lacked. The financial reasons circle around investors’ dissatisfaction with the larger device companies’ organic growth rates as well as low interest rates, the “gasoline” that invariably makes these deals possible. 4. M edical technology is a dynamic industry and I am trying to put my arm around it. First I observe cyberattacks ramping up and hospitals are held hostage. I also see a lot of FDA recalls. These did not discourage new start-ups. Many of them are raising lots of money from venture capital firms (VC). Can you give us a sense of where the medical device industry is heading?
1.1 CONNECTED HEALTH INSIGHTS That’s a broad question. We are going to see device manufacturers moving from the sale of individual devices to the sale of therapeutic systems. Certainly some of these systems will remain tangible pieces of technology but increasingly we will see device companies offering supporting services such as consulting and training, analytics, and even pharmaceutical tie-ins. The driver will be to capture market share with demonstrably superior results at a lower cost. It is an exciting opportunity but execution is a challenge for companies formerly defined as “guys who make a medical instrument”. 5. What major hurdles or challenges will the medical device companies be facing?
Again, three issues come to mind. The first is the ability to operate effectively globally. Doing so often requires different products for the developed countries and developing countries. What sells in the US is not a product that Indian and Chinese hospitals may be willing to pay for. The second challenge is adjusting to value-based reimbursement (VBR) in the developed countries that provide much of today’s profits. Under companies must demonstrate that their products lead to superior patient outcomes before increasingly sophisticated insurers and hospital systems will agree to buy a device. In other words, the device has to reduce overall costs while improving patient outcomes. The rise of VBR requires revamping of many device company product lines. The third area is product agility. With few large acquisition targets still available, device companies will have to do a better job of organic growth. Historically, these companies have not focused on getting product to market quickly. This skill will become increasingly necessary. 6. As a follow-up question, if a start-up company has great product ideas, lots of enthusiasm and wants to succeed, what advices and warning would you give them?
The first would be to be clear on their exit strategy. Few startups go on to challenge the major device companies for years at a time. Either they get bought out by a major or they lack the sales and marketing muscle to compete against the majors and eventually fail. A start-up must offer a product in a desirable niche that major device companies cannot match for effectiveness and cost. The second is that the start-up must be able to definitively demonstrate that superiority through clinical tests and growth in multiple bellwether customers. Too often, great start-ups with a wonderful product do not concentrate enough of their funding on proving why their product is superior. 7. USA has the best medical technology and yet our healthcare costs are many times higher than other industrial countries. How would technology help the USA with better healthcare in the future? What need to be changed?
The US spends 17% of its GDP on healthcare. Most other developed countries spend between 11 and 14% of GDP. That’s a big difference as the US population often has a shorter life expectancy 14 | RTC Magazine AUGUST 2017
than peer countries. The biggest drivers on cost are not devices but services and pharmaceuticals. Still, devices can and will play a role in reducing costs. With the rise of VBR, there is an incentive to develop devices more effective at spotting and communicating diseases in their early states when treatment is often more effective and inexpensive. An example is stroke. By tracking precursor conditions there is often time to address the problem before a stroke occurs. New generations of implantable wireless devices can notify a physician long before an attack. The cost of a few pills is magnitudes lower than long hospital stays, rehabilitation, and ongoing care. 8. C hina has the most population followed by India. These countries are demanding demand better healthcare. What is your opinion on what the future of healthcare and medtech would look like on a global basis?
We are already seeing it. The developing countries will consume a majority of devices on a revenue basis within 15 years, likely less. However, the Chinese or Indian markets will not be identical to the US market. For the next few years we should expect to see outsized spending on medical infrastructure (imaging systems, diagnostic systems, hospital furniture and fixtures, etc.) as developing nations put hospitals and clinics in locations that have never had them. Further, these countries have shown a “quantity over quality” bias in devices. Their economies will often not support the latest, greatest version of a device. Rather, they will go with a simpler, less-expensive device that proves adequate in most cases. Also, developing countries both require and are desirable locations for research and manufacturing. We will continue to see most devices manufactured for the region of the world where they are consumed.
SAFE RELIABLE SECURE
TRUSTED S O F T WAR E F OR E M BEDDED D E V I CE S For over 30 years the world’s leading companies have trusted Green Hills Software’s secure and reliable high performance software for safety and security critical applications. From avionics and automotive, through telecom and medical, to industrial and smart energy, Green Hills Software has been delivering proven and secure embedded technology. To find out how the world’s most secure and reliable operating systems and development software can take the risk out of your next project, visit www.ghs.com/s4e
Copyright © 2016 Green Hills Software. Green Hills Software and the Green Hills logo are registered trademarks of Green Hills Software. All other product names are trademarks of their respective holders.
1.2 CONNECTED HEALTH INSIGHTS
Innovative Medical Products New Mobile App Provides New Look and Fingerprint Login Johnson & Johnson, a provider of blood glucose monitoring devices, announced a new OneTouch Reveal diabetes mobile app with enhanced features. They include new visual logbook view, fingerprint login, dynamic blood glucose result averages (14-, 30-, and 90-day) and Apple Health data synching. The ColorSure technology makes viewing of patterns of blood sugar easier. My Reminder allows customize reminders and push notifications. The OneTouch Reveal app has more than 312,000 total downloads, 34 million plus blood glucose records and 55,821 active users. The app supports the OneTouch Verio Flex Blood Glucose Monitoring System via Bluetooth (provided by LifeScan, Inc., part of the Johnson & Johnson Diabetes Care Companies). www.onetouch.com
Accu-Chek Offers Affordable Diabetic Management According to the Centers for Disease Control and Prevention there are over 29 million people in the U.S. living with this complex and expensive condition. In a survey, half of the respondents were frustrated about overall cost of managing the condition. Roche Diabetes Care announced a new and affordable Accu-Chek® Guide meter with a spill-resistant vial and a large blood application area on the strip. Additionally, a SimplePay program is in place to patients to pay a consistent, and easy to understand everyday low price for test strips. Patients can download the free SimplePay card at Accu-chek.com/ guide and hand the card to their pharmacist along with their Accu-Chek® Guide meter and strip prescription. The meter is priced around $70 and 50 count strips $20. https://sites.accu-chek.com/microsites/guide/
Compact Remote Patient Monitoring Device Delivers Results in 20 Seconds The 3-oz, palm-sized (88x56x13 mm), BodiMetrics Performance Monitor, can measure body vital metrics in 20 seconds. They include continuous SpO2 monitor/blood oxygenation, ECG/heart rate/pulse, systolic blood pressure and body temperature. Data can be transmitted to the cloud. This will allow caretakers to spot trends of the wellbeing of the patient. Its built-in memory stores 100 records for up to 4 family members and can synch with iOS or Android app. Additionally, it also a medicine reminder. With the AlivSciences software, the device can deliver the much talked about Rothman Index. Its Relax Me functionality is included and it uses Heart Rate Variability tracking and relaxation exercises to reduce stress and improve the user’s health. Athletes and fitness buffs can be added to reach the optimal Target Heart Rate Zone. The device operates from 5 to 45 degree C. with 5VDC input, it can be charged to 90% in 2 hours. www.bodimetrics.com
16 | RTC Magazine AUGUST 2017
New Fitness Smartwatch Health Platform Supports Cross Platform Development Fitbit announced the feature rich, Ionic fitness smartwatch platform which combines SpO2 sensor, GPS, swim tracking, on-board music, and contactless payments capabilities with battery life over four days. Besides automatic activity and sleep tracking, it is water resistance up to 50 meters. Additionally, Fitbit provides a special version to work with partner apps from Pandora, Starbucks, Strava and AccuWeather. Starting September 2017, the Fitbit app software development kit (SDK) will be available to developers. Developers can use SDK and the web-based developer environment Fitbit Studio. Additional developer support includes open platform based on standard technologies using JavaScript and Scalable Vector Graphics (SVG). Finally, the Cross-platform compatibility allows the app developed to work across Android, iOS and Windows platforms. Priced at $299.95, Ionic is positioned to compete with the Apple watch. www.fitbit.com
IoT Health Monitoring Platform Offers Flexible Interfaces. Systech offers an IoT Health Monitoring platform called SysMED which is a complete monitoring system designed for clinics, care facility and home use. At the heart is the Systech sensor gateway which interfaces with multiple medical devices and sensors to monitor bed pressure, bed moisture, blood pressure, weight, room motion and door contact to make sure activities of daily living (ADT) are carried out normally. Additionally oximeter is used to monitor the vital signs and the so caretakers can be assured of the wellbeing of the patient and early detection can help caretakers to be proactive. The SysLink family of IoT modular gateways supports multiple protocols by changing modules. They include cellular, Bluetooth, Wi-Fi, Z-Wave, Zigbee, serial interfaces, GPIO and GPS module. It includes embedded Linux Operating System with supporting tools for C, C++, Python, and Lua. Health VAR and OEM can order custom configuration using the pre-programmed tablet. Certification of the product include PA-DSS (for PCI compliance), FCC Class B, CE, UL, IEC, cellular (ATT, Sprint, Verizon) and Z-Wave Plus. Based in San Diego, CA, the company was founded in 1981 with office in Europe. www.systech.com
RTC Magazine AUGUST 2017 | 17
1.2 CONNECTED HEALTH INSIGHTS
Innovative Medical Products Mobile Technology Provides Better Patient Experience at Hospital Check-Out Have you experienced checking out from the hospital after a long stay? The doctor comes by giving you the final instructions of a long to do list including follow-up appointment, prescription and refill etc. At this time, all you want to do is to go home. After a few days, you totally forget what you are supposed to do. When you remember, you cannot find that piece of paper. To solve this work flow problem, mPulse Mobile combines technology, analytics and industry expertise that helps healthcare organizations activate their consumers to adopt healthy behaviors. They enable an automated and tailored conversation including reminding the patients on what to do, what to expect via multiple means including email and text to not only the patient but the love ones as well. mPulse is a B2B company engaging hospitals and health systems, Medicaid and Commercial plans, and medical device and supply companies. Based on the SaaS model, customers pay a monthly license fee. https://mpulsemobile.com
18 | RTC Magazine AUGUST 2017
Experience Real Design Freedom
Only TQ allows you to choose between ARM®, Intel®, NXP and TI • Off-the-shelf modules from Intel, NXP and TI • Custom designs and manufacturing • Rigorous testing • Built for rugged environments: -40°C... +85°C • Long-term availability • Smallest form factors in the industry • All processor functions available
For more information call 508 209 0294 www.embeddedmodules.net
1.3 CONNECTED HEALTH INSIGHTS
The Crisis in Electronic Medical Records (EMR) – Implications for Medical Software Development EMR software, before it can be released to the marketplace, must undergo certification testing to insure that the software was able to perform many drug/drug interaction checks and to keep accurate audit logs among other required functionality. The security and interoperability of EMR software with other medical software is paramount. EMR vendors must meet under the American Recovery and Reinvestment Act’s HITECH Act that their software satisfies criteria by an accredited testing body so that customers can use it to attest for EMR reimbursement under the meaningful use program. by Jerry Krasner, Embedded Market Forecasters
The Vermont DOJ contends that eClinicalWorks falsely obtained that certification for its EMR software when it concealed from its certifying entity that its software did not comply with the requirements for certification,” the DOJ statement said. The Vermont DOJ alleges that eClinicalWorks opted to add the 16 drug codes necessary for certification into its software rather than enable the product to access those from a complete database, failed to accurately record user actions with audit log functionality, did not always accurately record diagnostic imaging orders or conduct drug-drug interaction checks and, finally, eClinicalWorks did not satisfy data portability requirements designed to enable doctors to transfer patient data over to vendor’s EMR “As a result of these and other deficiencies in its software, eClinicalWorks caused the submission of false claims for federal incentive payments based on the use of eClinicalWorks software,” the Vermont DOJ said. The company presented and received certification for their EMR software product. However, the company did not incorporate the certified software into its product and sold their product with non-certified software. This fact was discovered by a customer who reported it to the Department of Justice (DOJ). eClinicalWorks evaded certification requirements, and consequently, its EMR was unable to perform many drug/drug interaction checks or keep accurate audit logs — it was also reported that
20 | RTC Magazine AUGUST 2017
the company had a kickback scheme with its customers. In an unprecedented move, the Vermont DOJ brought charges against company executives and according to reports fined three executives $155 million. According to reports the company did not admit guilt for the underlying charges. In addition to the executives, personal fines were levied against two product managers ($15,000 each) and the lead software developer ($50,000). The DOJ, it was reported, rewarded the whistleblower $30 million for the information. The lawsuit was originally filed by whistleblower Brendan Delaney, who at the time was a software technician at the New York City Division of Health Care Access and Improvement. With respect to eClinicalWorks, what will be most interesting is to see how this plays out in changing the Healthcare landscape going forward. The fines for the CEO, COO and CMO respectively are against them personally, so they can not use company monies to pay this. Further the two product managers are each fined $15K and the lead developer $50K.
On the surface, the two most compelling things about this are 1. The risk of personal liability enables employees to allow their own personal ethics to drive their work and behavior (and potential early-on whistle-blowing) rather than a culture of fear and intimidation driving employee behavior
EMPOWERING
HEALTHCARE Consumers Consumerization of Healthcare and Solutions to Influence Wellness Habits 360 View: Empowering Healthcare Consumers examines consumer needs, behaviors, and preferences in healthcare engagement and technology. It explores consumers’ health needs and their chronic condition and personal wellness management, analyzes adoption and use of digital health devices and applications, and provides insight into consumer preferences when working with healthcare providers.
Key Survey Topics • Consumer health status by chronic condition, participation in behavior and wellness/preventive care programs, and health insurance coverage • Use of digital health devices by consumers, including frequency of use, abandonment, and pain points and technical difficulties • Use of digital health applications, number of applications used, top app features, and net promoter score • Consumer health attitudes, beliefs, and participation in wellness activities and programs
“Our greying generation is embracing aging and retirement with high expectations, and home is their preferred place to enjoy this aging journey. Translating this expectation into affordable, smart, and healthy home living experiences requires collaborations from multiple industry sectors that include healthcare, insurance, and smart home.”
Research Director:
• Smart home crossover with independent living and aging-in-place • Comparison of key current factors with past survey data
JENNIFER KENT
Director, Research Quality & Product Development Parks Associates
Number of Connected Health Devices Owned U.S. Broadband Households Own 3 or more
Own 2
Own 1
45%
360 View Updates On-Demand Care: The Patient Wants to See You Now (1Q 2017) Smart Home, Caregiving, and Aging-in-Place (1Q 2018)
35% 25%
Ecosystem Players who will Benefit:
15% 5% 0%
Q4/2014
Q3/2015
Q2/2016
Q2/2017
© Parks Associates
• • • • • •
Broadband Service Providers CE and Health Devices Manufacturers Insurers, Doctors, and Hospital and Caretaker Networks App and Software Developers Venture Capitalists and Entrepreneurs Policy Makers and Healthcare Practitioners
Methodology All research deliverables are derived from Parks Associates quarterly surveys of 10,000 U.S. broadband households. The Consumer Analytics team designs each survey to allow for direct and accurate comparison of survey results over time, connecting intentions and preferences to actual purchase and usage behaviors.
© Parks Associates | www.parksassociates.com | info@parksassociates.com | 972.490.1113
1.3 CONNECTED HEALTH INSIGHTS if that culture exists. 2. A new reality for vendors and a new line of business for everyone else: With the whistle-blower having received $30M, vendors are on notice that clients are not just compelled, but are now enabled to do more than just complain to customer service when your software doesn’t do what it should. Lawyers, developers and IT people in general must be wondering if they can find $30M worth of bad code in other vendor solutions. One might think that the Vermont DOJ settlement will give pause to medical software vendors as well as medical software developers across a broad swath of the medical products industry. Already under pressure to comply with CDRH requirements, the fact that they could be held personally liable to the DOJ for such deceitful practices should give them considerable pause. And the settlement may end up being more expensive than the headline number. The settlement agreement requires eClinicalWorks to upgrade customers for free and, upon customer demand, export data to other providers at no cost. The vendor, therefore, might suffer the expense of exportation and the loss of a paying customer.
And we’re sure this will be fertile territory for lawsuits. Adding to the drama in healthcare is that in June Apple announced that they’re looking to be the center of the digital health ecosystem by leveraging the iPhone as the secure medium for all of your medical records (they want the data, not the EMR). There were rumors of Apple buying Athena and now maybe there’ll be a bidding war with them and Amazon. Where Amazon really benefits are in the following areas: the move to convenience care and addressing the issue of interoperability and usability. Convenience Care: urgent care clinics have popped up on street corners like CVS. One can go into some grocery chains and you have a walk in clinic as well. But where are the majority of people doing their shopping today? Amazon. So where Amazon does not have a store front for a walk in clinic, it makes absolute sense to begin to align with Telehealth. Interoperability and usability are the big issues any web or app company should be looking at in healthcare so this is really where we think Amazon will benefit. Anyone who can develop the technology to make the current systems (or rather the data 22 | RTC Magazine AUGUST 2017
in the systems) ubiquitous and therefore more usable/useful to clinicians and patients will be huge and we believe that Amazon has made everything it has touched easier (except when dealing with customer service) and usable for even the most non-technologically oriented people. Having the ability to share that data is critical to meeting regulations coming out as well as making the data more friction-less or liquid so patients have unfettered access, clinician to clinician sharing, submitting registry data etc. are very important. Will the concerns and distrust that the fiasco that eClinicalWorks has caused spread across the EMR and other medical data industries enabling Apple and Amazon greater access to patient data applications thereby disrupting the industry at large? Only time will tell. Author Bio Jerry Krasner, Ph.D., MBA is Chief Analyst and Vice President of Embedded Market Forecasters. A recognized authority with over 30 years of embedded industry experience, Jerry was formerly Chairman of Biomedical Engineering at Boston University, and Chairman of Electrical and Computer Engineering at Wentworth Institute of Technology. He was President of Biocybernetics, Inc. and CLINCO, Inc., Executive Vice President of Plasmedics, Inc.and Director of Medical Sciences for the Carnegie-Mellon Institute of Research. He has published extensively in medical, business and engineering journals. He successfully filed and received more than eleven 510k applications www.embeddedforecast.com
1.4 CONNECTED HEALTH INSIGHTS
Cool Product Keeping Medicine Cool is Critical Whether storing vaccines, pharmaceutical drugs, mother’s milk or test samples, medical professionals demand high-performance cold storage to properly maintain temperature sensitive products and samples that must adhere to strict regulatory guidelines. Powered by advanced solid-state refrigeration, Phononic’s Evolve refrigerator is changing how the healthcare industry delivers patient care, equipping staff with more accurate and reliable temperature control with superior efficiency standards. Unlike conventional systems, Evolve is compressor-free and provides precise and reliable cooling without the noise, toxicity and other detriments of legacy refrigerators on the market. Reliable temperature performance and uniformity is where Evolve truly sets itself apart. Evolve’s compressor-free design eliminates the large temperature fluctuation found in conventional systems, providing consistent temperature ranges to safely store products. The resulting +/- 1°C temperature variability across the entire chamber ensures that nurses, pharmacists and other healthcare professionals can trust that their products will stay safe regardless of where they’re placed in the refrigerator.
Additionally, Evolve operates at less than 35 dB, and is so quiet that it can be placed in close proximity to workers or patients without adversely affecting productivity or patient satisfaction. This enables operation in the NICU – a critical environment that has a higher need for minimal noise levels as to not disturb babies or disrupt nurses from delivering quality care. With this revolutionary design delivering so many advantages over traditional compressor based systems, Evolve is poised to radically alter how the healthcare industry safeguards pharmaceutical drugs, vaccines and mother’s milk to protect their bottom line and provide better patient care. https://phononic.com https://evolverefrigeration.com
Evolve is also armed with embedded monitoring software, empowering users with real-time temperature monitoring. The system, SilverPoint, provides local and cloud connectivity for temperature data and alarm notifications ensuring healthcare providers can more easily and reliably comply with regulatory data logging guidelines. If the internal temperature, door seal or power is compromised, an alarm will sound locally on the unit and remotely on the user portal. This increased level of monitoring and convenience of accessing data means healthcare professionals can spend more time with their patients, while ensuring their data complies with regulatory logging guidelines.
RTC Magazine AUGUST 2017 | 23
2.0 COMPLIANCE AND REGULATIONS UPDATES: FDA 510K, HUMAN FACTOR, CE, IEC
Human Factors and Medical Device Development Human Factors can truly be a win-win for manufacturers, engineers and consumers, but you must PLAN. Human Factors is NOT a “wait and see what happens� activity solely at the end of medical device development. by Virginia A. Lang, PhD
You plan for weddings, graduations, holidays and other significant events. Why would you not plan for the successful market launch of a medical device that is going to impact the health and well-being of patients? You plan so that you have a clear picture of costs, timing, profit, etc. You bring in experts from different functions. But, are you including Human Factors/Usability experts at the early planning stages? It has been consistently shown that integrating Human Factors expertise and processes into the early phases of development decreases overall costs and time to market. The FDA requires human factors/usability testing of medical devices and in all their guidances they discuss the importance of early integration of human factors/usability. By the way, so do all 24 | RTC Magazine AUGUST 2017
the ISO/IEC standards for granting the CE mark. They do this because it is known that Human Factors/usability processes and testing is not only a win-win for medical device manufacturers, but also for end users.
Human Factors: FDA and CE Mark Human Factors Engineering is grounded in scientific research methodology, statistics, human physiology, and cognitive information processing. It is the intersection of engineering, human physiology, behavioral performance, and cognitive science. Human factors professionals use this foundational scientific knowledge to explain how humans interact with devices, products, and/
Figure 1 Be a PLANNER! Don’t “wait and see”!
or systems. Human factors engineers approach both hardware and software design with the USER as the focal point. Doing so assures devices, products and systems are Safe, Effective, and Usable by the intended users in the intended environment for the intended use. The FDA and the notified bodies for the CE mark require medical device manufacturers to create a user-based risk analysis for products and related software. By creating the Human Factors Risk Analysis, medical device manufacturers complete a thorough examination of product(s) from the point of view of the user. This Human Factors Risk Analysis is the basis of all human factors/ usability testing. One important component of the risk analysis is the proposed mitigations for high risk/high frequency tasks. According to the FDA, all proposed mitigations must be related to the device design since Instructions for Use (IFU), User Training, and Product Information Leaflet (PIL) are not considered acceptable methods for risk mitigation. Once potential risk mitigations are identified, the trick is to deter- mine which potential mitigations, if any, will actually deliver the expected result of risk mitigation. This is where a Human Factors Formative Test can save the day.
for a product. A ventilator is a perfect example of a device, which has multiple different user groups: the technician who calibrates the ventilator, the respiratory therapist, the nurse, the caregiver, and the physician. Consequently, all user groups and how each user group will use the product must be identified. The FDA is interested in all user groups. However, they have a particular interest in the groups that are most at risk (e.g., children, untrained caregivers, home health aides). It is also advisable to include a mix of experienced/inexperienced users. Remember, usability testing is placing a product in the hands of actual end users to determine if the product design is safe, effective, and usable. Formative Tests are evaluative in nature and place product concepts, and/or 2-D/3-D prototypes in the hands of users. When conducting a Formative Test, the goal is to use five to eight users from the high-risk user groups focusing on the highest-risk/ highest frequency task(s). For a Formative Test, you do not need five to eight of each user group – you only need five to eight users from each user group that performs the highest risk/highest frequency tasks. Five to eight participants maximize the return on investment during formative testing as using additional participants typically don’t yield substantially more data (Nielsen, 2012). A Formative Test can be designed to focus on a specific product design and/or specific primary operating task(s) to gather data on how a user group interacts with the device. Consequently,
Human Factors Activities: When to Start Human Factors methods can be used to place the device in front of users early in the product development cycle to evaluate risk mitigation ideas - when it is relatively inexpensive to make design changes. Early formative tests evaluate ideas, designs, and prototypes. Getting a product in front of end users early in the design phase will quickly tell if proposed risk mitigations are effective. In addition, it gives the opportunity to make required changes to product designs early in the product development cycle. As a result, the cost of design change is minimized. The first step in human factors testing is to identify all user groups, realizing that a user and a customer are often quite different. Customers are people who will buy a product and are the focus of marketing departments. Users are people who will personally use the product. There is often more than one user group
RTC Magazine AUGUST 2017 | 25
2.0 COMPLIANCE AND REGULATIONS UPDATES: FDA 510K, HUMAN FACTOR, CE, IEC
Figure 2 Integrating Human Factors into the Product Lifecycle. The earlier manufacturers integrate human factors research into the design process, the more cost effective it will be.
a Formative Test could use a few as 5 participants or as many as five times the number of user groups that could ultimately use the product/device. Manufacturers often fail to include the Caregiver User Group. However, the FDA considers caregivers to be one of the highest risk user groups, as they have no professional training. For this reason, Caregivers need to be considered, even if they just monitor the device output. Formative Testing usually takes two weeks of preparation, two or more days of testing, and two weeks to obtain the data analysis and final report. That amounts to about five weeks (or more). Cost is a little more difficult to estimate as it depends on a number of different variables. If your user groups are medical professionals, it will cost substantially more for participant recruiting and incentives than if your user groups are caregivers or patients. There are also costs for the Human Factors Lab Facilities, creation of the test protocol, facilitation of the test, and the data analysis/report writing. Most Formative Tests cost between $30,000 and $75,000+ depending on the number and type of user groups. The FDA has changed its position on Formative Human Factors testing in all their recent guidances. In addition, they want a Human Factors Summary Report at submission that includes a summary of Formative Human Factors input and results. Although it is not explicitly required, it is a red flag when the Human Factors Summary Report has no formative testing results reported. Remember, the goal is to plan to release a product that is safe, effective, usable, and approved by the FDA in the shortest time possible. Finding out about serious design problems with the device early in the development cycle will cost substantially less to mitigate, than finding the same design problems at the end of the product development cycle. (Figure 2). Typically, a product development cycle will include two or three rounds of Formative Human Factors Testing before the final Summative/Validation
26 | RTC Magazine AUGUST 2017
Test. Follow this practice and there should be no surprises in the Summative Test. Summative Testing is the final validation that a product design is safe, effective, and usable in the hands of ALL intended user groups. It is the final test that renders a pass/fail judgment on a device, product or system risk mitigations. Again, the basis for the Summative Test is the Human Factors Risk Analysis created by the Quality Assurance Team. All medium- and high-risk tasks identified in the test will be handled by various personnel. For this reason, Caregivers need to be considered, even if they just monitor the device output. The risk analysis will be tested in a simulated real-world environment/ situation. Test participants for the Summative Test, will be at least 15 users for each user group that could typically use the product. Consequently, the number of participants will range from 15 to many. It is quite clear the cost of a Summative Human Factors Test will be considerably more than a Formative Human Factors/Usability Test. Unfortunately, it is impossible to provide an estimated cost as the cost depends on many factors. For example, the number of user groups tested, the complexity of the device, whether or not training required, the number of days in the lab, the complexity of the final analysis, etc. With that said, the minimum cost for a Summative Test is about roughly $70,000, but more likely in the $90,000 to $150,000+ range.
Success! Because you did early planning, early iterative testing (formative tests) followed by iterative device design changes, you have set yourself up for a successful Summative Test. However, if you decided to take the “wait and see approach�, the risk is extremely high that you will have to not only repeat your Summative Test, BUT make changes in a device that was supposed to be production ready. These costs do not only apply to the device design, but also to all the support materials, e.g., Information for Use, Training Protocol, marketing materials, etc. So, Proper Prior Planning Prevents Poor Performance. Be a PLANNER! You will then be creating safe, effective, usable and PROFITABLE products. Author Bio: Virginia has extensive experience in the areas of product design, Customer Centered Participatory Design processes, and product lifecycle management. She is also known in the Human Computer Interaction and Usability Communities for her innovative techniques for collecting and incorporating user/customer feedback throughout the product lifecycle. In July 2014, Virginia founded and established the HirLan Institute of Human Factors with labs in Carlsbad, California and a Consortium arrangement in London, UK. In February 2013, Virginia founded HirLan International SA, a Geneva, Switzerland based company. Both HirLan and HirLan International have been supporting Top Ten pharma/ medical device companies, as well as, start-ups with consulting and testing services.
Embedded/IoT Solutions Connecting the Intelligent World from Devices to the Cloud Long Life Cycle · High-Efficiency · Compact Form Factor · High Performance · Global Services · IoT
IoT Gateway Solutions
Compact Embedded Server Appliance
Network, Security Appliances
High Performance / IPC Solution
E100-8Q
SYS-5028A-TN4
SYS-5018A-FTN4 (Front I/O)
SYS-6018R-TD (Rear I/O)
Cold Storage
4U Top-Loading 60-Bay Server and 90-Bay Dual Expander JBODs
Front and Rear Views SYS-5018A-AR12L
SC946ED (shown) SC846S
• Low Power Intel® Quark™, Intel® Core™ processor family, and High Performance Intel® Xeon® processors • Standard Form Factor and High Performance Motherboards • Optimized Short-Depth Industrial Rackmount Platforms • Energy Efficient Titanium - Gold Level Power Supplies • Fully Optimized SuperServers Ready to Deploy Solutions • Remote Management by IPMI or Intel® AMT • Worldwide Service with Extended Product Life Cycle Support • Optimized for Embedded Applications
Learn more at www.supermicro.com/embedded © Super Micro Computer, Inc. Specifications subject to change without notice. Intel, the Intel logo, Intel Core, Intel Quark, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation in the U.S. and/or other countries. All other brands and names are the property of their respective owners.
2.1 COMPLIANCE AND REGULATIONS UPDATES: FDA 510K, HUMAN FACTOR, CE, IEC
Engineered Success: The Engineer’s Contributions to FDA Medical Device Market Commercialization The FDA process for medical device clearance is a frequently heard story … but not from the engineer’s perspective. When it comes to commercializing a medical device, the engineering team plays a key role in facilitating successful market entry. by Russ King, President, MethodSense, Inc.
When it comes to regulatory compliance and public safety, most medical device companies rely upon the skills of a professional engineer to ensure their product effectively fulfills its intended use. The contributions the technical team can make to facilitate the commercialization process are both critical and substantial. In fact, thinking of commercialization strategies that include engineering expertise from product concept through completion may help your product get to market faster, more easily and more affordably.
Preparing for and Anticipating the FDA Commercialization Process One of the most common questions we hear from emerging medical device companies is, “When should we begin preparing for the FDA?” The answer is, “As soon as possible.” Emerging companies often devote their time, talent and treasure to product development. During the R&D phase, companies are typically driving toward the completion of their pre-clinical program or a final prototype. Because the focus is so intent on product development, and commercialization seems to be in the distant future, it can be easy for activities like documentation related to meeting FDA expectations to be pushed aside. Documentation, however, is critical for an FDA submission. There are a number of activities the engineering team will be involved in supporting, such as the development of technical documentation that is part of a submission. At minimum, these activities include preparing documentation like completing risk assessments and performing validation activities. Engineers are vital for these activities because they intimately know and understand the technical functionality of the product to an extent that other team members typically do not. Prior to jumping into documentation, however, it is important to have a general understanding of the FDA’s approach for product clearance, as well as the requirements US medical device manufacturers must comply with.
28 | RTC Magazine AUGUST 2017
Understanding the Process for FDA Clearance The FDA uses a risk-based approach when clearing medical devices for the US market. The FDA segments devices into three risk classifications (see Figure 1). The higher the risk, the greater the requirements for evidence that demonstrates product safety and efficacy. The cost of commercialization and time to market is often influenced by the product’s risk classification. That is, a Class II product has a significantly easier path to market than a Class III product, and a Class I product has the easiest path to market. As part of your regulatory strategy, you will identify your device classification, the product code your device is regulated under and potential predicate devices. Comparison to a predicate device is required for FDA Pre-market Notification, also known as a 510(k) submission. This is the most common regulatory pathway, and the one we field the most questions about. The 510(k) process is designed to demonstrate the substantial equivalence of a new device to an FDA cleared, or predicate device. This means that rather than proving safety and efficacy via clinical trials, medical device companies can prove their device is as safe and effective as a device that has already been cleared by the FDA. Demonstrating substantial equivalence includes establishing that your device has the same intended use as the predicate and that any technical differences between your product and the predicate device do not raise the risk profile of your product above a Class II classification. Because of their technical expertise, the engineering team can be instrumental in reviewing the technological characteristics of potential predicate devices and help establish technical equivalence for the purpose of assessing the product’s risk profile. Product classification determines the extent of documentation a medical device manufacturer is required to submit to the FDA for product clearance and to maintain on-going compliance. Regulations that are most likely to be required include FDA 21
CFR Part 820 Quality System Regulation, ISO 14971 Application of Risk Management for Medical Devices and, if your device includes electrical components, IEC 60601-1 General Requirements for Basic Safety and Essential Performance. To demonstrate compliance to these requirements, the engineering team may apply their product technical expertise to build technical documentation that accurately describes the product, such as design specifications, product requirements and supporting drawings.
Satisfying the Quality System Regulation FDA product clearance is dependent on the expectation that you will, at a minimum, comply with 21 CFR Part 820 Quality System Regulation, also known as Good Manufacturing Practices (GMPs). According to this regulation, medical device manufacturers must establish a Quality Management System. Manufacturers of Class II products must also implement design controls to ensure their products meet requirements and do not pose unacceptable risk to the consumer or public. GMPs ensure the manufacturer is producing the product based on the parameters the FDA cleared for the marketplace. To demonstrate that you follow good manufacturing practices, you will need to establish:
and the technical development and implementation of design controls. For example, the engineering team may have design or technical input ranging from security controls in the clean rooms to software controls for the operation of the device. Engineers are subject to the expectations of the QMS, making it important that they understand the processes they must conform to.
Establishing a Quality Management System It makes sense for a medical device company to get an early, practical handle on 21 CFR Part 820. During the pre-clinical or prototyping design stage, it is not overly difficult or resource-intensive to implement a few formal Quality Management System processes around the management and control of documents and records. With a Design Control procedure and a Document Control and Records Management procedure (and perhaps one or two other procedures), you will have the processes in place to properly prepare and maintain documents during the early stage engineering of your product. Quality and regulatory personnel may collaborate with the engineering team to use their expertise to create processes that best reflect business practices. For example:
• A Quality Management System that addresses • Risks presented by the device • Procedures, processes and resources for implementing quality management • The requirements of the Quality System Regulation • Controls for your organization, such as • Design controls • Equipment and facility controls • Production and process controls • Document, records and change controls Satisfying 21 CFR Part 820 is a necessary expense and typically involves all functional aspects of a company. Engineering supports compliance to Part 820 by assisting in the development of the QMS
esign Control: describes your company’s process for the deD sign and development of your device. This procedure provides a structure for each stage of product development. By implementing it at the beginning of your design process, you ensure your device is meeting design control requirements. Document Control: explains how your organization manages the approval and distribution of documents, as well as how document changes are authorized and implemented. This process should be implemented early on to ensure documentation is developed in a compliant manner when they are created – which means documents will not need to be corrected retrospectively. Records Management: describes how records are maintained. This includes your Device Master Record (DMR) and Device History Record (DHR). The DMR includes your device specifications and drawings that are created during the product design stage.
Medical Device Classification in the US Class I
examples: stethoscopes, bandages, medical gloves
» Low risk devices that are relatively simple in design » Self-register product with the FDA » Most are exempt from pre-market requirements » QMS normally complies with 21 CFR Part 820 General Controls, though some devices are exempt
Class II
Class III
examples: ultrasonic diagnostic equipment, x-rays, needles
examples: balloon catheters, pacemakers, heart valves
» Medium risk devices
» High risk devices
that are more complex in design » 510(k) pre-market approval process is required for most » QMS must comply with 21 CFR Part 820: General Controls and Special Controls (Design Controls)
» FDA shall inspect facility
The benefits of this approach are numerous. In addition to demonstrating competence around FDA Design Controls, these procedures position your company for a transition from an R&D firm to a Medical Device Manufacturer. It further shows your company’s competence as a potential partner who
» QMS must comply with 21 CFR Part 820 » Clinical trials likely » Malfunction is absolutely unacceptable
Photo 1 US Medical Device Classification Table: The FDA segments devices into three risk classifications. The higher the risk, the greater the requirements for evidence that demonstrates product safety and efficacy.
RTC Magazine AUGUST 2017 | 29
2.1 COMPLIANCE AND REGULATIONS UPDATES: FDA 510K, HUMAN FACTOR, CE, IEC can support regulatory obligations.
Implementing Design Controls 21 CFR Part 820 prescribes specific design controls, or processes, for bringing Class II medical devices to market. Design controls allow you to implement a risk prevention approach to the quality of your medical device. Risk prevention is an efficient and cost-effective way to control manufacturing processes and maintain quality. While it may not be possible to eliminate all potential risks, we consistently observe that our clients have a very poor appetite for risk that could have been mitigated. Design controls are established to ensure that specified design requirements are met. These controls frequently overlap with what the engineers know, and more often than not, depend upon the engineer’s input. If implemented well, design controls create a number of surprising benefits, including a better-documented product that is more attractive to buyers or acquirers. They result in a more efficient development cycle due to a reduction of mistakes thanks to early analysis of key questions and a clear distribution of a team’s responsibilities. The elements of 21 CFR Part 820 Design Controls include:
esign and Development Planning: during this phase, the D engineering team plans the activities they will perform during design and development of the product. These activities might include defining stages, assigning responsibilities, evaluating suppliers and documenting product design and processes. esign Input: this is the starting point for product design. D The engineering team creates input documents that explain marketing and user expectations for the device, such as concept documents and product requirements. These documents become part of the DHF. esign Output: the engineering team identifies and documents D the design outputs. These outputs describe the design specifications that address the requirements, such as risk assessments, drawings and component specifications. The design and development outputs become part of the DHF. esign Verification: are the activities performed by engineerD ing to confirm that the design outputs meet the requirements identified in the design inputs, such as safety testing and the inputs/outputs matrix. esign Validation: are the activities often performed to conD firm the intended use of the device from the user’s standpoint.
PLANNING
» Design and Development Plan
DESIGN INPUTS
» Concept Documents » Product Requirements
DESIGN OUTPUTS DESIGN REVIEW
» Risk Assessments » Drawings » Specifications
V&V ACTIVITES 6
» Protocol Preparation » Results Reports » Deviation Management
DESIGN CHANGES
DESIGN HISTORY FILE
30 | RTC Magazine AUGUST 2017
Photo 2 Elements of Design Control: 21 CFR Part 820 prescribes specific design controls, or processes, for bringing Class II medical devices to market.
esign Review: these are formal meetings where the engiD neering team and subject matter experts meet to confirm that inputs/outputs and V&V activities are appropriate for the intended use of the device. esign Changes: this is documented evidence of changes D performed on the device once design controls are established. Once the design input is approved, the need for design changes becomes effective. esign History File: this is a compilation of records, or an D index that references the location of all design-related records that describe the product design life cycle. Using the processes identified above, a credible Design History File (DHF) can be created by formally authoring and approving Design and Development Plans, Product Requirements, Design Reviews and other necessary content at the appropriate product development stages (see Figure 2). During the early stages of the design, it is crucial that the engineering team captures specifications and requirements. This is not a task that is easy or efficient to complete retrospectively and recreation from memory is subject to error; therefore, creating these documents should not be delayed. While establishing design controls, the focus often shifts to include managing risk and safety. Using their intimate knowledge of the device and its technological characteristics, engineers are often able to contribute to potential risk identification and corresponding mitigations that need to be explained to the FDA as part of risk management.
Managing Risk and Safety Risk management and meeting safety requirements often go hand-in-hand. ISO 14971 Application of Risk Management provides the methodology medical device companies follow for managing risk. This standard requires a medical device company to identify the harms and hazardous situations, evaluate their associated risks, control the risks and monitor the effectiveness of the controls throughout the product’s lifecycle. Not only is the risk management process part of your Quality Management System, but it is a central part of your medical device’s development, as well. Engineers play a critical role in the risk management team because they can explain the risks from the design, development and manufacturing standpoint of the device and can contribute to the assessment of risk. During the risk assessment process, it is possible that the engineering team may be asked to implement design controls that will mitigate potential risks. In addition to risk management, and depending on the technology incorporated into your medical device, applicable safety standards may be identified during the design stages of the product. For example, the most widely accepted benchmark for establishing safety for electrical medical devices is IEC 60601-1 3rd Edition and its collateral standards. Failing to conform to a safety testing standard is a sure way to
halt a device’s commercialization progress. As a consequence, we see more and more engineers from medical device and medical device contract manufacturing companies work through what it means to satisfy safety testing requirements early in the design phase. Taking this kind of proactive approach can identify not only documentation needs, but also design requirements that must be met in order to satisfy Test Laboratory product evaluations. By building conformance to a safety standard into a medical device as early as possible, the medical device engineer saves their company the pain and expense of redesign work due to testing failures after the company thought the design was locked down. Demonstrating that the requirements of IEC 60601-1 have been met can be integrated into the device’s risk assessment for the FDA to review.
Effectively Participating in the Commercialization Process In our experience, medical device manufacturers whose engineers extend their role beyond design and development activities to support the commercialization processes make for more successful companies. As an engineer, you can be more effective in this role by: • Familiarizing yourself with relevant compliance requirements for your device, including 21 CFR Part 820 and ISO 14971 • Developing an understanding of FDA expectations, such as demonstration of risk mitigation and safety • Communicating with the Quality Assurance and Regulatory Affairs personnel to ensure products can get to market and your company’s legal compliance obligations are met. Thinking of the commercialization strategy from concept through completion will enable you to develop processes that bring your product to market faster, easier and, quite possibly, more affordably… allowing you to move on to your next brilliant idea! Author Bio: Russ King is the president and managing partner of MethodSense, a leading global life science consulting firm, providing services and solutions in regulatory strategy, quality assurance, technology and operations. Combining experience and skills across the medical device sector, MethodSense works at the intersection of engineering and quality to help clients meet compliance requirements, improve their performance and create sustainable value for their stakeholders. www.methodsense.com
RTC Magazine AUGUST 2017 | 31
2.2 COMPLIANCE AND REGULATIONS UPDATES: FDA 510K, HUMAN FACTOR, CE, IEC
Get Ready for the Major Updates of IEC Standards for Electromedical Equipment IEC 60601 is about to undergo another major revision. Work is underway to revise six of the nine documents that form the foundation of the IEC 60601 family along with three other key standards including ISO 14971, IEC 62304 and IEC 62366. by Charles Sidebottom, PPO Standards LLC.
The electromedical standards community is known for a number of positive attributes but speed in producing standards has never been one of them. When you are dealing directly with people’s lives you don’t get many second chances to get it right, so slow and steady has been the mantra for a generation. However, along with the rest of the technological world the speed of standardization is changing. Today, we are on the leading edge of a wave of change in electromedical standards that will come ashore in 2019. At the forefront of this wave is a collection of projects referred to in IEC Technical Committee (TC) 62 as the ‘2019 Amendments’ project. The 2019 Amendments project involves simultaneously developing amendments to six of the nine documents that form the foundation of the IEC 60601 family. These amend-
ments will result in the new editions listed in Table 1, which are all planned for publication in late 2019. The preparation for this project began at the Kobe, Japan meeting of TC 62 in November 2015. At the Kobe meeting, IEC Subcommittee (SC) 62A developed a process for identifying the potential content of amendments to the foundational documents under its jurisdiction. These include IEC 60601-1 and all of the collateral standards in the IEC 60601 series except IEC 60601-13, which is under the jurisdiction of IEC SC 62B. Because of the impact that any changes to the foundational documents have on stakeholders in the medical electrical equipment community, not to mention the ripple effect on the 80+ particular standards in the family, it was agreed to limit the issues addressed during this revision process to high-priority
Table 1 – IEC Standards Involved In The 2019 Amendments Project Document
New Edition
Title
IEC 60601-1
3.2
Medical Electrical Equipment – Part 1: General Requirements For Safety And Essential Performance
IEC 60601-1-2
4.1
Medical Electrical Equipment – Part 1-2: General Requirements For Basic Safety And Essential Performance – Collateral Standard: Electromagnetic Disturbances – Requirements And Tests
IEC 60601-1-6
3.2
Medical Electrical Equipment - Part 1-6: General Requirements For Basic Safety And Essential Performance - Collateral Standard: Usability
IEC 60601-1-8
2.2
Medical Electrical Equipment – Part 1-8: General Requirements For Basic Safety And Essential Performance – Collateral Standard: General Requirements, Tests And Guidance For Alarm Systems In Medical Electrical Equipment And Medical Electrical Systems
IEC 606011-10
1.2
Medical Electrical Equipment – Part 1-10: General Requirements For Basic Safety And Essential Performance – Collateral Standard: Requirements For The Development Of Physiologic Closed-Loop Controllers
Iec 606011-11
2.1
Medical Electrical Equipment – Part 1-11: General Requirements For Basic Safety And Essential Performance – Collateral Standard: Requirements For Medical Electrical Equipment And Medical Electrical Systems Used In The Home Healthcare Environment
Table 1 IEC standards involved in the 2019 Amendments project
32 | RTC Magazine AUGUST 2017
Flash Storage Array with 200TB capacity in four removable canisters
50TB data in each 7 Lb. removable canister
• 100Gb Infiniband or Ethernet connections • MIL-STD 810 and 461 tested • Two versions: airborne and ground • 4U rackmount unit
(877) 438-2724
www.onestopsystems.com
2.2 COMPLIANCE AND REGULATIONS UPDATES: FDA 510K, HUMAN FACTOR, CE, IEC items that met one or more of the following selection criteria: • safety gaps, • known problems for regulatory bodies, • inconsistencies within the standard, • technical errors, or • update of key standard references. The IEC SC 62A Chairman Advisory Group (CAG) was tasked with reviewing all the issues collected by the committee and evaluating them against these criterial to select the ones that would be presented to the National Committee members of SC 62A. In the case of IEC 60601-1-9 and IEC 60601-1-12, the CAG determined that none of the outstanding issues met one or more of the selection criteria Using these criteria, 165 individual issues were identified and presented to the National Committee members of SC 62A at their October, 2018 meeting in Frankfurt, Germany. In order to be included in the ‘short list’ of issues, each item had to be approved by a 2/3 majority of the National Committees present and voting in Frankfurt. In total, 134 issues received a 2/3 majority vote of the National Committees and are now on the ‘short list’ for the 2019 Amendments. All of the issues that the CAG did not included in the draft ‘short list or ones that did not receive a 2/3 majority vote are on a ‘long list’ to be considered in the next major edition of IEC 60601, which is presently targeted for publication sometime after 2024. The 2019 Amendments project formally began in November 2016 with the approval of a design specification for each of the documents listed in Table 1. Each issue was assigned to an expert group to develop an appropriate solution for the identified problem. That final solution that is being proposed to the National Committees may encompass any technical solution proposed by the author of the issue, or it may involve a different solution developed by the expert group. The expert group may also recommend that no change to the standard is justified by the problem statement. The scope, object, and relationship of the different parts of the IEC 60601 family will remain unchanged from that of the current editions. The 2019 Amendments will follow the traditional form for amendments to IEC standards and will either replace or delete existing text or add new text. If a subclause, table, or figure is to be deleted, it will be replaced by “Not used.” If, when resolving any of the identified issues, new subclauses must be added to the standard, they will be added at the end of the existing clause. New paragraphs will be added at the end of existing subclauses and new bulleted or enumerated items to the end of existing lists. Although the process for selecting the issues to be considered in the 2019 Amendments project was invented by the committees, the process of developing and approving the final text will follow the full IEC process. The key dates in the project timeline in Figure 1 are the registration of the Committee Draft for Vote (CDV) in September 2018 and the submission of the Final Draft Intentional Standard (FDIS) text to the IEC in June 2019. It is the intention of the committee that all the 2019 amendments will be circulated for ballot 34 | RTC Magazine AUGUST 2017
Figure 1 2019 Amendments project timeline
in parallel. Therefore, a delay in any part will delay the whole. Parts that finish a stage early will be held by the secretariat until all parts are ready to enter the Enquiry (CDV) or the Approval (FDIS) stage. The schedule includes a second Committee Draft (CD) for each of the documents. This may be skipped if the committee officers conclude based on the comments submitted to the first CD that a second CD is not needed. If an expert group was unable to complete a technical solution by the deadline for the first CD, they included a note in the first CD that additional new material will be included in the second CD. If no acceptable solution can be generated by the deadline for the second CD, the issue will be deferred to the next full edition. The first CD for each of the 2019 Amendments was circulated to the National Committee members of SC 62A on July 14, 2017 for a three-month comment period. The comment period closes on October 6, 2017. SC 62A has planned a number of working meetings during the fall of 2017 to resolve the comments and produce the second CDs when needed. The second CDs will be circulated for a two-month comment period. The committee originally planned for the second CDs to be ready for circulation in February 2018. The SC 62A secretariat is working to advance the date to early January 2018 so the comment period will close before the scheduled meeting of IEC 62 and its subcommittees in London in April 2018. In parallel with the work on IEC 60601, SC 62A along with partner committees is working on revisions to three standards that will have a significant impact on the medical device community. The first of these is a new edition of ISO 14971:2007. The new edition of ISO 14971 is also targeted for publication by mid-2019 so it can be referenced in the 2019 Amendments. In the new edition, almost all of the guidance annexes will be stripped out of ISO 14971 and incorporate into a technical
report, ISO/TR 24971. Separating the informative guidance for the normative material will enable the committees to update and expand the guidance in the future without having to revise the basic standard. The technical work on ISO 14971 is focused primarily on refining the requirements in the planning phase (Clause 3), the evaluation of overall residual risk acceptability (Clause 7), and production and post-production information (Clause 9). It is expected that the next edition of ISO 14971 will include a more explicit discussion of benefit as part of the benefit-risk balance. Also in the works is a second edition of IEC 62304. This edition will expand the scope of the standard from medical device software to ‘health software’. Health software encompasses any software intended to be used specifically for managing, maintaining, or improving health of individual persons, or the delivery of care. Health software fully includes what is considered software as a medical device. This edition, which is also planned for publication in 2019, will fully align with the recently published, IEC 82304-1, Health software – Part 1: General requirements for product safety. The final element is the first amendment IEC 62366-1:2015. This amendment contains several relative minor updates and clarifications to the 2015 edition. However, this amendment is
being synchronized with the publication of the new edition of ISO 14971 and the 2019 Amendments. The near simultaneous publication of these nine documents in 2019 will provide a platform that manufacturers and particular standards writers can build upon well into the next decade. Author Bio: Charles Sidebottom is the Managing Partner of PPO Standards LLC. based in Minneapolis, Minnesota. Prior to forming PPO Standards, Mr. Sidebottom was the Director, Corporate Standards for Medtronic, Inc., Minneapolis, Minnesota. He is a registered professional engineer, a Medtronic Technical Fellow, and a Fellow of ASTM International. Heavily involved in international standards work since 1987. Mr. Sidebottom serves as a committee officer in ISO, IEC and ASTM. He serves on many working groups and project teams including the ISO/IEC joint working group on application of risk management to medical devices. chuck@ppostandards.com
SMX RTOS ®
Ideal for Your Project. • Integrated platforms for 150+ boards • Progressive MPU security • TCP/IPv4/6, mDNS, SNMPv3, SNTP, smxrtos.com/mpu SSH, TLS/SSL, HTTPS, SMTPS • Advanced RTOS kernel • WiFi 802.11n, P2P, SoftAP, WPA2 smxrtos.com/special • USB host and device • Broad ARM & Cortex support smxrtos.com/processors • Flash file systems Drivers, BSPs, Bootloader, Full • • source code. No royalty. GUI, IEEE754 Floating Point • Custom source eval and free trial Y O U R
R T O S
P A R T N E R
www.smxrtos.com
RTC Magazine AUGUST 2017 | 35
2.3 COMPLIANCE AND REGULATIONS UPDATES: FDA 510K, HUMAN FACTOR, CE, IEC
The value of adhering to the Medical Device Single Audit Program (MDSAP) Described in a nutshell the Medical Device Single Audit Program (MDSAP) promotes the greater alignment of regulatory approaches and technical requirements from manufacturers while simultaneously encouraging transparency within regulatory programs. The program aims to offer an “all-in-one” audit to accommodate multiple legislations – these currently include: Australia, Brazil, Canada, USA and Japan. by Peter Rose, Managing Director Europe at Maetrics
The implementation of the MDSAP follows a three-year cycle, which includes 3 different audits: the initial audit, the surveillance audit and the recertification audit. It is also important for manufacturers to note that in some unique cases, special audits could be conducted by the regulatory authorities, and unannounced audits may also be conducted. Within an ever-changing regulatory environment it is hard for manufacturers to keep properly and comprehensively informed; therefore we have listed the main benefits and opportunities for manufacturers deriving from MDSAP.
No additional requirements MDSAP provides manufacturers with a key opportunity for manufacturers as it is not based on additional ISO standards or regulatory requirements, but in fact covers the existing ISO 13485 standard and the country specific requirements. This means in turn, that medical device manufacturers will benefit from coordination within the QMS and in other regulatory submissions which they have to adhere to.
Harmonised auditing requirements Since the MDSAP is built on the foundations of multiple regulations from 5 different countries, it means any manufacturer who complies with MDSAP will automatically comply with the regulatory requirements of each of the participating countries. Ultimately for manufacturers it means that the challenge of ensuring compliance in multiple markets is significantly reduced. Initially, the implementation phase may come across as a constraint however the long-term benefits will be worthwhile.
36 | RTC Magazine AUGUST 2017
Available guidance The FDA website provides guidance to help manufacturers navigate the MDSAP process; certain policies, procedures, templates and forms have been made publicly available.
Market access advantage Participating in MDSAP means that more doors are opened for manufacturers as they may choose to broaden their participation in some of the other 5 countries. MDSAP may also be used as a promotional tool for marketing purposes as it may be seen as a manufacturer’s commitment to product quality and regulatory compliance.
Cost advantage The fact that MDSAP is used in lieu of multiple separate audits means that it reduces the total number of audits and inspections which manufacturers need to undergo. It is also expected that MDSAP will lead to a broader availability of third party Auditing Organisations (AO). Currently the number of AOs is not as high as expected but it is possible that organisations (besides the existing Notified Bodies) will start applying to be recognised as an AO.
Collaboration with external resources Collaboration with external resources such as MDSAP subject matter experts may add timely and valuable support for the audit preparation. There are MDSAP experts who have the specific training to bring about the best outcome for manufacturers and
guide them down the most successful route for MDSAP success. The MDSAP involves various stakeholders who all have different responsibilities, roles and levels of influence, however, it aims to unify stakeholders for the overall benefit of the medical device industry. There may be some stakeholders who are unsure about embracing this new approach – yet it is clear that the benefits typically outweigh the constraints and its introduction is expected to have a positive impact on the medical device industry moving forward. Author bio: Pete Rose is the Managing Director and Practice Leader for Maetrics operations in Europe. Having worked in the medical device industry for over 20 years, Mr. Rose has a wealth of experience and knowledge in quality systems and regulatory affairs. He is a lead auditor and a qualified microbiologist, and has been recognized for his extensive experience with sterilization. His background roles include quality management, sterilization, cleanroom, quality systems, regulatory affairs and laboratory management.
Are Your OpenVPX Handles Breaking?
http://maetrics.com/
Superior Rugged Metal Claw If you are ready for a more robust handle/panel solution, come to Pixus! Our OpenVPX handles feature a metal engagement claw and rugged design that ensures the highest reliability. Ask about our new rugged horizontal extruded rails with thicker material for OpenVPX and high insertion force systems today!
sales@pixustechnologies.com pixustechnologies.com
RTC Magazine AUGUST 2017 | 37
3.0 SECURITY FOR (CONNECTED) MEDICAL TECHNOLOGY
It is Paramount to Achieve Security for Medical Technology Medical device security - a big topic that boils down to whether the device functions as expected, whether the device has sufficient storage and operational integrity. This is a design philosophy essay, not a checklist - but you should consider every one of these suggestions as you plan your next project. by Richard Fetik, Data Confidential
The major security challenges include supply chain component verification, preventing malware penetration and propagation, configuration protection and verification, runtime execution verification, and data integrity verification. Notice the repeated word “verification”? What seems to be missing from some medical device designs and manufacturing processes are the verification steps. Verification can be a periodic runtime comparison of hash values for a set of data, or a more runtime expensive element by element examination. The importance of constant vigilance and repeated verification cannot be overstressed; this has to be built into the power and performance models, with BOM (bill of materials) implications. Some of the common challenges such as component verification are still being developed by the industry. Options you can apply now include the use of SRAM PUF (physically unclonable functions) during power-on system verification to verify that key chips have not been replaced. If the medical device will be implanted (in a patient), power management is another challenge, part of the security design because any attack that elicits a reply or even an internal action within the medical device drains the battery - which could be the objective of the attack. If there is a wireless connectivity option, then the communication protocol has to default to “no reply” from the device if the access credentials are not accepted, in order to avoid unnecessary power drain. Even credential authentication has to be designed to minimize power requirements. If device failure is not an option, deactivate non-critical functionality such as wireless connectivity if power drops too quickly or if remaining power falls below a scheduled threshold, where the power threshold levels are precalculated based on estimates derived from historical models. And not least is runtime performance while the device is under attack. Some refer to this as graceful performance degradation, where clever designs focus CPU cycles on critical functions in an attempt to achieve deterministic performance in the presence of an attack which is attempting to redirect CPU cycles to other purposes. There must be support for this in your 38 | RTC Magazine AUGUST 2017
operating system (scheduler, device drivers, interrupts, stack and heap mechanisms, etc.) A useful tool to consider is SynthOS from Zeldman Technologies (http://zeidman.biz/SynthOS.htm. This enables you to generate a customized optimized RTOS (real time operating system), which is inherently “hardened” because it has a minimal attack surface. Getting these wrong may kill the patient. As a result, healthcare providers are very risk averse. They cannot be expected to learn the technology issues you confront; rather you and your team have to learn and meet the real world requirements in order to provide tools that can be trusted. And you cannot “fix it in the next release” or require patch downloads. I hope this starts you on the right path - the life you save may be your own. Author Bio: Richard, CISSP, a recognized security expert, is CEO/CTO of Data Confidential, a consulting, services, and technology licensing firm for the embedded, IoT, and cloud spaces. Richard is the inventor of Data Confidential’ s innovative technologies such as the Storage Firewall, secure container objects for cloud computing and secure IoT-to-cloud interactions, and a customizable storage controller architecture, built on a security framework, that accelerates application performance 100x to 1000x. www.data-confidential.com
Transform your business with the Internet of Things. Start with powerful solutions from Dell Designing Internet of Things (IoT) solutions can unlock innovation, increase efficiencies and create new competitive advantages. But in an emerging marketplace of mostly unknown and untested solutions, where should you start? Start with a proven leader in technology solutions: Dell. Leveraging over 32 years of IT expertise and 16 years of partnering directly with operational technology leaders, we’ve recently expanded our IoT portfolio to include Dell Edge Gateways and Dell Embedded Box PCs. Coupled with Dell data center, cloud, security, analytics and services capabilities, these powerful solutions can help you connect what matters and accelerate your IoT return on investment.
Dell Edge Gateway 5000
Dell Embedded Box PC 5000
Dell Embedded Box PC 3000
Learn More at Dell.com/IoT Today Š2016 Dell Inc. All rights reserved. Dell and the Dell logo are trademarks of Dell Inc. Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
3.1 SECURITY FOR (CONNECTED) MEDICAL TECHNOLOGY
Achieve Embedded Security for Mobile-Connected Devices A newly formed a Security Birds of a Feather group will define security considerations for mobile and mobile-influenced products that use MIPI Alliance interface specifications. The global organization invites security experts to participate in this important work. by Enrico Carrieri, Chair, MIPI Alliance Security Birds of a Feather Group and Principal Engineer at Intel Corporation
Embedded systems developers must do everything they can to secure their technology assets, intellectual property and customer information from malicious agents. The challenge is a steep one, given the rapid escalation of cybersecurity threats, the likelihood that most connected devices have some vulnerability and the extension of connectivity to all types of products in all market segments. Assets that need protection are found everywhere—in banking information and other personal data stored on our phones, audio and video content streamed to our cars, and in household appliances that are remotely controlled via automation technologies, to name just a few examples. MIPI Alliance has formed a new Security Birds of a Feather (BoF) group to tackle security issues for embedded system designs. I invite security experts to join the group, so we can engage with the broadest possible community of specialists participating in this work. If you’re a security expert, we encourage you to join, whether or not your company is a member of MIPI Alliance. If you are not familiar with MIPI Alliance, it is an international organization that develops interface specifications for interconnecting components in mobile and mobile-influenced products. Our goal in the Security BoF group is to formulate a consistent framework that details security objectives and threat models for use cases involving MIPI specifications. We want to make sure MIPI specification adopters and implementers know which security properties are impacted when using a specification and which properties they’ll need to secure with their designs. We want to help engineers understand which tools they’ll need to enable security in their devices. We expect the framework will provide strategic value for engineers who are developing components and chipsets, smartphones, mobile-connected devices, and IoT products for automotive, wearable, biometrics, point-of-sale and other growing segments. For example, the group is investigating how MIPI specifications can address confidentiality, data integrity and availability concerns for a range of use cases involving endpoint identity, sensed and biometric data, protected content, as well as debug 40 | RTC Magazine AUGUST 2017
Figure 1 The connected health segment is relying on handheld devices to access confidential data such as electronic health records (EHR). With the proper security protocol installed, it is like a handheld device such as a smartphone with a lock.
agents on shared buses. We’re open to evaluating other use cases as well: in fact, the more use cases we look at, the better our recommendations will be. Figure 1. Some of the companies participating in the Security BoF group are Qualcomm Incorporated, Robert Bosch GmbH, STMicroelectronics, Synopsys, Inc. and others. We want more companies and security experts to participate to ensure we’re investigating all of the necessary use cases and obtaining as much input and feedback as possible. Author Bio: Enrico Carrieri currently chairs the Security BoF and Debug WG for the MIPI Alliance. He is also a principal engineer at Intel Corporation in Folsom, CA where he is working on debug strategies and architecture. One of his focuses is on security and privacy, as they are in opposition to debug, and has a filed patent on SoC secure debug.
The New Genie™ Nano. Better in every way that matters. Learn more about its TurboDrive™ for GigE, Trigger-to-Image Reliability, its uncommon build quality… and its surprisingly low price.
*starting at
USD *Taxes & shipping not included
» GET MORE GENIE NANO DETAILS AND DOWNLOADS: www.teledynedalsa.com/genie-nano
3.2 SECURITY FOR (CONNECTED) MEDICAL TECHNOLOGY
Software Defined Networks (SDNs) Align Industrial Network Security with Plant Production Goals Plant managers do not want to decide between effective network security and an efficiently running plant—with software defined networks, now they don’t have to choose. by Larry O’Connell (Microsemi Corporation) and Roger Hill (Veracity Security Intelligence)
There are many reasons why the strength, pervasiveness, flexibility, and ease-of-management of factory network security has not been equivalent to network security elsewhere in the organization. But most of these reasons boil down to one simple fact: industrial network security measures are cumbersome to deal with. Until recently, it made more economic sense for plant personnel to avoid adopting security measures altogether, adopt them halfheartedly, or work around them if possible, than to fully embrace them. Much of that complexity results from hardware incompatibility issues that were resolved long ago on the IT side. Plants security affects all products including medical. These incompatibility issues arose from the early days of industrial automation when processes in a factory were performed as discrete tasks that were coordinated independently. That is why industrial networks were introduced—to enable remote management, coordination, and ultimately automation of multiple processes to produce output. But the processes were essentially running in communications silos. The software controlling those devices was often proprietary, as were the communications protocols. A programmable logic controller (PLC) was used to control the device to which it was connected—both of which were purpose-built for a specific task. Industrial networks first appeared when the advantages of having a PLC control multiple devices became clear. However, like the PLCs they controlled, these industrial networks were not interoperable. Furthermore, they were limited in terms of the number of devices to which these networks could attach. The inability of legacy or proprietary networks to communicate became important when automation had to scale to encompass more and more discrete processes as a single operation. As scalability became more important, so did interoperability, especially with IT networks outside the factory. And as automation was scaling up across the factory and out beyond the factory walls, it was also scaling down from the PLC to the devices it controlled, such as intelligent drivers that were coming to the market. Plant operators wanted visibility to how these devices were performing and what they were sensing, and intelligent 42 | RTC Magazine AUGUST 2017
Figure 1 Smart control systems accept multiple industrial network I/O modules such as industrial Ethernet switch. Each communicates with PLCs through a purpose-built industrial network.
devices could report this data.
Ethernet’s Slow Adoption To enable greater automation scale and interoperability, smart control systems were introduced that accepted multiple industrial network I/O modules, each communicating with PLCs through a purpose-built industrial network, and standard Ethernet I/O modules for communicating with enterprise IT networks or the Internet. These systems expanded the scope of network coverage available from a single box and also gave plant operators and enterprise network managers visibility into whether a particular network was operating. However, what it did not do was give managers visibility down to the PLCs or their attached intelligent devices. Figure 1. With the introduction of Ethernet-enabled devices, PLCs, and switches, true end-to-end interoperability became possible, at
least theoretically. If all devices “spoke” Ethernet, automation might scale to virtually any size, encompassing as many processes as made sense for the business. Interoperability would also extend to the Internet to enable more efficient data exchange with back office systems, supply chain partners, the cloud (for big data analytics and predictive maintenance), and more. This expanded interoperability has resulted in an increased attack surface in which there are more potential vectors for adversaries to utilize as well as increased vulnerabilities to exploit. Of course, that also theoretically opens the door to malware, hackers, and other security threats. And just as task interoperability would approach task performance in importance for industrial competitiveness, so too would network security. So why didn’t industrial network owners adopt Ethernet and Ethernet-based security as quickly as their counterparts on the IT side? One reason is that IT networks generally don’t have to support real-time processes like factory networks do. That means factory solutions requiring very fast cycle times must support a specialized implementation of Ethernet that their IT network did not support. That implementation also meant that organizations could not simply extend their IT-based networks into every element of the factory. Another issue was local control. Operations managers needed to be able to maintain their own control systems, and that includes their security policies. Rather than upgrade to Ethernet and a network-centric security solution, the industry first turned to a device-centric solution, supporting the networks already in place. That solution was a hardware firewall or specially configured Ethernet switch, located between a network and PLC or smart device, that only allowed packets through from an approved sender, that contained the “right” kind of data (for instance, no video allowed), or that could be identified as a control message. The appeal of these solutions is that factories could remain in control of the system. The downside was that the equipment was expensive and keeping each one properly configured took time and effort, so parts of the infrastructure were left poorly protected, if protected at all. Thus, the networks still lacked interoperability and visibility across their islands of automation—whether for security, automation scale-up, supply chain integration, or for other purposes. The industry still needs a solution that is easy to deploy and manage, but can properly secure devices without introducing risk or downtime. Operators can define and reconfigure subnets, for example, so that processes that need to be tightly orchestrated to perform a coordinated operation can all be on the same subnet. Switches can also be programmed to enable some subnets to talk to other subnets or to isolate a subnet from everyone else. They can also shut down a subnet completely, if needed, or turn off communication to a specific endpoint device. By putting all this functionality in software rather than in hardware, networks can be reconfigured virtually on the fly, either programmatically or by using a visually intuitive human interface. This approach makes it far easier to align operations with changing customer requirements without having to physically visit, reconfigure, or possibly
even replace remote hardware or rewire networks.
How SDNs Help Security Defining networks in software avoids all these issues. What that means for plant operators is that software defined networks (SDNs) can enable network security in a manner they will want to adopt because SDNs work for them, not against them, and they can limit the liability that comes with industrial networks that aren’t secure. Figure 2. As its name implies, SDN enables operators to manage an industrial network through software that previously would need to be configured at the device or network element level. The same benefits apply to the security aspects: the ability to remotely and comprehensively monitor traffic factory-wide, apply specific security policies to defined zones, actively monitor and respond to activity in a designated process, and take other steps to protect factory assets has obvious security advantages. Another reason SDNs are uniquely suited for industrial networks is the ability of the SDN to determine alternate route paths to provide fault tolerance in the event of a link failure. In fact, the network resilience is such that link recovery time can be less than 50 microseconds, which surpasses current industrial network capabilities. This colocation of management and security functions is more than just convenient. SDN-based network management provides a depth of security layers that provide attractive benefits for factory automation including the following: • Network-wide situational visibility—SDN-based security controllers know what devices are attached to the network, what devices and ports are talking to what other devices and ports, how much traffic is flowing between them, what type of traffic it is, and more. • Identifying anomalies—SDN can compare this information about traffic volumes, types, and patterns against historical norms and what’s expected, highlighting oddities such as traffic spikes during non-working hours on a port talking to an unauthorized connection. • Management by policy—when predefined anomalies occur, action can be taken based on prescribed policies, as opposed to ad-hoc measures that may not follow best practices. This includes not only end-point security policies, but routing policies as well. In comparison to a traditional firewall that inspects traffic across an interface and enforces the policy, the SDN-based policy can execute a policy on any communication flow between any devices. • Centralized programmatic control—actions such as isolating a factory zone or troubleshooting a device can be taken immediately wherever needed across the network. This key functionality can directly address the inadvertent downtime caused by users performing actions they shouldn’t, as well as prevent malware from traversing the network. • A single pane of glass—Human operators don’t have to deal with multiple disparate interfaces or network configuration tools. Perhaps the most significant advantage of SDN is the RTC Magazine AUGUST 2017 | 43
3.2 SECURITY FOR (CONNECTED) MEDICAL TECHNOLOGY
Figure 2 Software defined networks (SDNs) can enable network security in a manner they will want to adopt because SDNs work for them, not against them.
simplification of core functions. This ultimately allows users to become more efficient and effective and focus their mission: producing products efficiently and safely. Capabilities like these not only make security more robust, they also make security more empowering for factory personnel who, unlike their counterparts elsewhere in the enterprise, typically do not include networking professionals. Plant personnel can stay focused on production tasks and be confident that their security policies are working. SDNs let plant operators do more than they ever could before, and do it efficiently and securely. About the Authors Larry O’Connell, product marketing director at Microsemi Corporation, has over two decades of experience in driving Ethernet switching into Enterprise, Carrier, and Industrial applica-
44 | RTC Magazine AUGUST 2017
tions. He is currently responsible for Microsemi’s Ethernet switch silicon and software product lines. Mr. O’Connell holds a BS in Mechanical Engineering from Tufts University and an MBA from Cornell University. Roger Hill, CTO for Veracity Security Intelligence, has over 20 years of experience in industrial control systems in many different industrial segments. A globally recognized subject matter expert in cyber security for ICS, Mr. Hill is also a leading authority in distributed SCADA systems and Cyber Security. www.microsemi https://veracity.io/
WWW.USERRESEARCHCENTER.COM
DO YOU NEED SOME SPACE?
UX TESTING
FOCUS GROUPS
We have what you’re looking for.
MEDICAL USABILITY
We provide top-of-the-line, purpose built, observation and testing spaces. At User Research Center, we understand the importance and the methods of user experience and usability testing, which is why we’ve created testing spaces that ensure you get the most out of a study.
APPLICATION & DEVICE TESTING
With top of the line audio/video equipment and capture technology, purpose designed observation labs, and the necessary amenities to enable an efficient and informative process. Consider our facility for all of your user research needs.
CALL US: 619.301.2073 User Research Center • 2121 Palomar Airport Road, Suite 202/203, Carlsbad, CA 92011 • info@userresearchcenter.com
4.0 MAKING MEDICAL TECHNOLOGY WORK
Overcome the Challenges of Designing Battery-Powered Medical IoT Devices Based on the IoT Healthcare Market – Global Forecast to 2020 Report, the IoT trend for implants (e.g. cardiac pacemaker) and wearable external devices (e.g. insulin pumps) is expected to grow by 30% from 2015 to 2020. This is due to the declining cost of RFID tags and sensors, increase demand of personal healthcare and fitness monitoring, and increase in number of lifestyle disease patients which require real-time healthcare services. Understanding power consumption patterns and battery life requirements of medical device are the main considerations for all aspects of the design of battery powered IoT medical devices. by Kah-Meng Chew, Industry Segment Program Manager for Healthcare Solutions at Keysight Technologies, Inc
These categories of devices have some commonalities: low-power, battery-operated, small form factor, mobile, and support one or more wireless connectivity. For high performance devices, the display, processor, and wireless module, account for a large part of the total energy consumption. These devices are equipped with multiple wireless interfaces and often are required to be in active-mode. Therefore, depending on severity of insufficient battery life of the device, the consequences can range from inconvenience to life-threatening (e.g. a pacemaker battery failure). Therefore in designing battery-powered IoT medical devices it is important to know the power consumption patterns.
A. Battery Life Testing Battery life is a measure of battery performance and longevity, which can be quantified in several ways: run time on a full charge, manufacturer’s estimation in milliampere hours, or the number of charge cycles until the end of useful life. Battery run-time is determined by battery run-down testing which is the time it takes a fully-charged battery to fully deplete voltage and is measured. Time taken is called the “run-time”. Here are the top four key factors that every designer needs to consider. First, the battery variation. There are inconsistencies between batteries even if they are from the same manufacturer, often varying from one manufacturing batch or factory site to another. It is recommended to perform the run-down test a couple of times with different batteries. Second, is the battery charging condition. If the battery is old and partially charged, it will affect the runtime. Always use a new battery and make sure the battery is fully charged. Condition the battery using the battery cycler-to-cycle 46 | RTC Magazine AUGUST 2017
when charging the battery to make sure it holds a full charge. Third factor is the device use case whereby different modes of the device will draw different amounts of current for consumption. Hence, fix the test procedure and test cases as the constant variable. During run-down test, this variable is constant across each test run. Lastly, how do you know when the device has stopped working or when the battery is fully discharged? Some devices have LED indicators to signal the battery is low on voltage. Designers can rely on the LED indicator. However, what about devices such as a pacemaker that does not have an indicator? The recommendation is to set a voltage threshold when the device stops functioning due to imminent power disruption.
Power Supply as Battery Simulation There are designers who use the power supply to simulate the battery for the run-down test. This method is neither accurate nor practical and in fact will introduce more errors and variables to the overall testing. A power supply is not suitable because it will never run down like a battery. However, a specialized power supply with controllable output resistance and excellent transient response on current pulses can be used to emulate the battery. This kind of simulation is complicated because the power supply’s output voltage needs to drop off as the charge is pulled from the power supply into the device during the run-down test. The simulation data collection process is time consuming and the results are questionable. The power supply battery simulation is not the same as testing using an actual battery. Until a more realistic simulation model is achieved, run-down test using a real battery is the preferred method.
Figure 1 BT2152A Self-Discharge Analyzer and BT2191A Self-Discharge Measurement Software provide a revolutionary reduction in the time to measure and characterize self-discharge performance of Li-Ion cells.
A solution for battery life evaluation Keysight’s Self-Discharge Measurement Solutions consist of BT2152A Self-Discharge Analyzer and BT2191A Self-Discharge Measurement software (Figure 1). The unit provides a revolutionary reduction in the time to measure and characterize self-discharge performance of Li-Ion cells, directly measures self-discharge current in 1-2 hours instead of monitoring cell open circuit voltage over weeks or months. It quickly measures and analyzes self-discharge current during cell evaluation; shortened design cycle time and faster go-to-market.
B. Power Consumption Patterns The understanding of overall device power consumption pattern or the power consumption of each component within the device is important to medical device developers. The convergence of wireless connectivity, high-speed digital processing, and real-time monitoring abilities, requires understanding and accurately measuring battery current drain. Long periods of sleep/idle, wakeup/active, and short RF bursts create a tough demand on the battery. The scary prospect of surgery to replace the depleted battery of implants underscores how crucial accurate measurement of battery current drain is to improving energy efficiency and battery life of a medical device. In-order to understand the power consumption patterns of either the component, chip level or overall device, the following key challenges need to be considered: •W ide range of currents – many devices spend most their time in standby or sleep mode and are only active at brief intervals to send or receive data. The device may draw hundreds of mA in active mode, but draw only µA while in sleep mode. Therefore, handling a 1,000,000-to-1 ratio between minimum and maximum current levels becomes a main challenge. • F ast transient effects – device switch on and off very frequently to reduce power consumption. The results in high narrow current spikes that cause quick transient effects, which can drain unnecessary battery voltage, if undetected. • L ow power – device designed to operate at low current to ensure that their small, on board battery can last for long hours without recharging.
• Long operation time – devices are expected to operate for hours, days, or even years between charges (e.g. pacemaker must work for at least 15 years without failure).
Digital Multimeter? Digitizer? or Oscilloscope? To measure battery voltage and current flowing through a battery and device, designers require: • Digital Multimeter (DMM) • Data Logger or Digitizer • Oscilloscope Battery voltage measurement is less crucial than current measurement. To capture a decaying voltage waveform, a normal DMM or Data Logger is sufficient for the job. However, capturing the current measurement requires a faster Digitizer. A DMM is not fast enough to capture the rapid changing current waveform. In addition, a DMM is a burden on voltage if it is configured as an ammeter because there is a calibrated current shunt built inside the DMM. This reduces the voltage of the device under test and burdens the overall circuit up to hundreds of millivolts. A Digitizer is a good choice because it can measure rapid changing waveforms for long periods and has enough bandwidth to capture any rapid changes in the waveform. However, the biggest issue is the size of the current shunt to be utilized; a Digitizer does not directly measure the current! It is difficult to select the right shunt for a wide dynamic current measurement that switches from microamperes to amperes. If the shunt size selected is to measure low current, then there will be a large voltage drop across the shunt and it will burden voltage for the circuit. This creates inaccuracies in low current measurements because insufficient voltage passes through the Digitizer. Therefore, a compromise must be made between burden voltage and low current inaccuracies. An oscilloscope is the best choice to display both current and voltage measurement waveforms because it has good bandwidth for dynamic current measurements and update rates. The oscilloscope has a good time correlation with digital bus and various triggering capabilities to accurately capture the signal. However, the oscilloscope has the same issue as the digitizer – it is nearly impossible to select the right current shunt to get good low current measurement. High sensitivity current probes that can go down as low as 50uA and maximum current range of 5A, allow testers to see both large RTC Magazine AUGUST 2017 | 47
4.0 MAKING MEDICAL TECHNOLOGY WORK
Figure 2 The diagram shows a typical wireless battery-operated medical device module. Keysight’s DC Power Analyzer and Digital Multimeter target module level power consumption. The Device Current Waveform Analyzer, Low Noise Power Source, and High Sensitivity Current Probe all address power consumption level at the chip level within the module.
signals and details of fast and wide waveform but the only limitation is that it cannot perform long-term measurements.
A Solution for Power Consumption Pattern (Figure 2) For module level: Keysight’s N6781A Battery Drain Analyzer and 14585 Control and Analysis software (Figure 3) can perform run-down tests for battery-powered devices requiring up to 3A of current. “Seamless ranging,” a unique feature in the N6781A, allows instant and automatic change range and current measurement from microamperes to amperes without losing data during the range change. This is suitable for measuring dynamic currents during run-down tests. For chip level within the module: Keysight’s CX3300 Series Device Current Waveform (Figure 4), is used to perform low-level current measurement at the chip level. Device Current Waveform Analyzer is a new class of instrument that is useful for designers of low power IoT devices. It provides the most
detailed views of low-level current waveforms that were previously undetectable, in both amplitude (100 nA to 10 A) and time (140 MHz bandwidth and up to 1 GHz sampling rate). Author Bio: Kah-Meng started at Agilent Technologies in 2006. During his more than 11 years with Agilent, and now Keysight, Kah-Meng has been part of the company’s marketing organization for general purpose products, RF power meter sensor, and audio analyzer. As Industry Solution Program Manager, Kah-Meng is responsible to create Keysight’s testing solutions for Healthcare industry by researching customer and industry trends and developing plans to meet emerging customer needs. Kah-Meng holds a bachelor degree in Materials Engineering and master degree in Solid State Physics from University of Science Malaysia in Penang, Malaysia. www.keysight.com
Figure 3 N6781A Battery Drain Analyzer and 14585A Control and Analysis Software are a turnkey solution for power consumption pattern test.
Figure 4 The CX3324A Device Current Waveform Analyzer allows you to see waveform details that are previously hidden.
48 | RTC Magazine AUGUST 2017
4.1 MAKING MEDICAL TECHNOLOGY WORK
The Many Flavors of Low-power Wide Area Network (LPWAN or LPWA) The impending shut down of 2G networks creates confusion for organizations with varied industrial connectivity needs and the movement has created a window of opportunity for unlicensed low-powered wide area networking (LPWA) solutions like LoRaWAN, SigFox and others. “The Many Flavors of LPWA” takes a closer look at these new LPWA options, addressing their varied features and benefits to help organizations in deciding which one best meets their unique and varied requirements. by Derek Wallace, MultiTech
The options for industrial connectivity are broad and growing, including analog, Ethernet, cellular, satellite, Bluetooth, Wi-Fi and the up-and-coming Low Power Wide Area (LPWA) technologies, which seek to address key limitations of the others in order to better enable the growing Internet of Things, specifically: range, cost and battery life. While cellular operators are voluntarily shutting down the earliest 2G networks and driving M2M/IoT customers to not only upgrade their physical devices, but also purchase bandwidth beyond what is generally needed for M2M and Industrial IoT applications – 75% of which use less than one megabyte per month of data, according to James Brehm & Associates. The global carrier community is looking to variants of LTE and even forward years to 5G to address this disconnect. Unfortunately, from a practical perspective, these alternatives (LTE Category M and Narrow Band IoT [5G]) are still on the horizon in terms of immediate adoptability. This timing disconnect has created a
window of opportunity for unlicensed LPWA networking solutions like LoRaWAN, SigFox and others. These solutions can run for years on batteries and operate in locations other technologies simply don’t reach. Plus, because they operate on unlicensed spectrum, they deliver device connectivity at a fraction of the cost of cellular or even analog wireless solutions.
What are your options? Among LPWA options available today, the leader has yet to emerge. Multiple options are making names for themselves. They include LoRaWAN, Sigfox and RPMA (Ingenu, formerly OnRamp Wireless). Each offers long range and long battery life, but they have important differences which impact their suitability to particular purposes. Moreover, there are new offerings coming out from the cellular carriers including LTE Category M, as well as narrow-band IoT (5G). Figure 1. Each offers industrial connectivity option provides long range and long battery life, but
Figure 1 A table diagram illustrating the difference in industrial connectivity options. These are all compared by a variety of features that indicate suitability for individual purposes. Source: MultiTech
RTC Magazine AUGUST 2017 | 49
4.1 MAKING MEDICAL TECHNOLOGY WORK LPWA Public Connection Forecast, by Technology, Global Market, 2014-2021 600,000 Other LTE Cat-NB1 LTE Cat-M1 LoRaWAN Sigfox
450,000 300,000
Figure 2 A bar diagram depicting the growth of public connection by technology. There is a relatively even distribution in growth between the top providers, leaving no single leader of emerging LPWA technologies. Analysts expect equal growth between all options.
150,000 0
2014
2015
2016
2017
2018
2019
2020
2021
Source: IHS
Š 2016 IHS
they have important differences which impact their suitability to particular purposes.
A bigger pie. To the casual observer, it may appear that the race is on to become the connection technology of choice, but a closer look reveals there is unlikely to be any clear winner takes all – as each available technology provides unique suitability for particular applications. It seems analysts agree, predicting solid growth across all available and emerging LPWA technologies. Figure 2. Ultimately, these technologies are very complimentary as each is suited to a subset of applications. Sigfox, for example, is ideal for simple sensor harvesting where its inherent limitations are acceptable due to the small size of the data being transferred and the need for optimal power effiency. Ingenu offers a broader bit rate and tighter control, but requires antenna diversity at the edge due to the propagation of 2.4GHz creating an up-front CAPEX be effectively absorbed at the margin. LoRaWAN resides comfortable in the middle, providing higher bandwith and a faster data rate than Sigfox at a slightly shorter range and smaller link budget than Ingenue, but with a lower up front cost. And
while Sigfox and Ingenue are both on the path to building ubiquitous nationwide networks, LoRa offers the ability, for those who prefer it, to deploy a private network to cover a campus, farm, refinery, etc. as well as the option to work with public network service providers. As illustrated Figure 3, SigFox and LoRa, to some degree, occupy their own position suitable for low data rate applications, allowing adopters to choose just right coverage at just the right price. Similarly, for mission-critical, real time data requiring high bandwidth, the choice is simple. So what are the key decision points for those technologies which seemingly overlap?
Availability One important consideration when choosing between licensed and unlicensed options is how tolerant your application can be to latency. Because unlicensed technologies operate on shared spectrum, they are vulnerable to interference from other applications !2 leveraging the same spectrum. Even for low data rate applications, if continuous availability is critical, licensed and dedicated spectrum is a must. Figure 4.
Total Chipset Shipments by Technology Type (Millions) 700
Total Licensed LPWA Total Legacy Cellular Total Unlicensed LPWA
525
350
175
0
2016
2017
2018
Source: ABI Research ___
50 | RTC Magazine AUGUST 2017
2019
2020
2021
2022
2023
2024
2025
Figure 3 A diagram giving total chipset shipments by technology type. The difference in data totals is credit to these technologies having complimentary qualities. They can be applied to a number of applications and are not necessarily competing for the same purpose. Source: ABI Research
Sigfox Now
LTE Cat-1 Now
LTE Cat-M1 2017 (Rel13)
LTE Cat-M2 NB-IoT 2018 Rel13+
SS with Chirp
UNB / GFSK BPSK
OFDMA
OFDMA
OFDMA
Rx bandwidth
500 - 125 KHz
100 Hz
20 MHz
1.4 MHz
200 KHz
Data Rate
290 - 50K bps
100 bps 12 / 8 bytes Max
10 Mbps
380 Kbps
40 Kbps
Max. # Msgs/day
Unlimited
UL: 140 msgs/day DL BC: 4 msgs/day
Unlimited Single Ant (200KB)
Unlimited
Unlimited
20 dBm
20 dBm
23 - 46 dBm
23 dBm
20 dBm
154 dB
151 dB
130 dB+
146 dB
150 dB
Communication Channel
Half Duplex
Quasi Half Duplex
Full Duplex
Half Duplex
Half Duplex
Power Efficiency
Very High
Very High
Low
Medium
High
Complexity
Very Low
Very Low
High
Medium
Low
Coexistence
Yes
No
Yes
Yes
Yes
Security
Yes
No
Yes
Yes
Yes
Mobility/Localization
Yes
Limited/No
Yes
Yes
Limited/No
Feature
Modulation
Max Output Power Link Budget
LoRaWAN Now
Figure 4 A chart sorting technologies by data bit rate. The chart illustrates which technologies occupy a position alone making for an easy choice. In addition, it displays which technologies overlap, creating a more difficult choice for application. Key decision points include availability and expense management.
Expense management Another consideration, depending on the adopter’s level of in-house networking expertise, may be whether capitalizing the deployment makes sense. Certain unlicensed technologies enable enterprises to set up their own network, making deployment a one-time capital expense with low to no recurring costs. On the other hand, a choice to go with a cellular carrier for LPWA comes with ongoing monthly fees in perpetuity, but takes all the burden of network management off the hands of the adopting company. Finally, applications which leverage multiple connectivity technologies can provide profound value with an improved return-on-investment, as they can be more flexible than strictly mobile or fixed applications and extend geographically beyond the limitations of a certain carrier. Add a combination of related applications, and the value grows exponentially. For example, you walk by a connected sign. The fact that you walked by that sign may be used by another thing, (that may or may not be wireless) somewhere else for a different purpose or at a different time. That’s the coming evolution of IoT – the spider-web or pond ripple effect, driving the use of fractal-like sociological
patterns to simultaneously implement both personal and mass dynamically adaptive marketing algorithms. It is easy to imagine load balancing concession stands at a ballpark by noting which foods or drinks have people in line buying them, triggering a reinforcement of other options via signage to drive people to concession stands that are less busy offering different products like beer vs. soda. Overall sales rate increases and the customers are happier having waited less time in line, a win-win. About the author: Derek brings 20 years of product management experience to his role as Director of Product Management for MultiTech. He has worked across multiple parts of the value chain and around the world. He is responsible for the entire MultiTech portfolio, including product lifecycle and management process. He oversees a growing team focused on defining and launching the products that will achieve the most business value for our customers as well as MultiTech. www.multitech.com
RTC Magazine AUGUST 2017 | 51
ADVERTORIAL
“The Company got half-the-performance at more than twice-the-price than they would have with SkyScale.”
High Performance Cloud Computing: A Better Approach The Deep Learning Future
Google CEO Sundar Pichai, called deep learning, “a core, transformative way by which we’re rethinking how we’re doing everything.” Deep learning is here – and it is changing everything. Tomorrow’s disruptive technologies and applications are being driven by deep learning. These advancements have already revolutionized autonomous driving cars, genome-based personalized medicine, fraud prevention, energy conservation, earthquake detection, deep space exploration, and many more life-enhancing pursuits. All made possible by exponential speeds, machine learning algorithms at the center of AI, and, really smart people.
Deep Learning Requirements
There are challenges. Deep learning and the associated massive data sets require high performance computing and storage. NVIDIA Tesla P100 GPUs deliver up to 50X greater performance than traditional data center platforms. Plus, the projected growth of GPU usage outside traditional graphic acceleration is expected to increase by 5X over the next five years. For some time, the industry has viewed Tesla P100s as the benchmark for
high-performance GPU accelerated computing. New offerings from AMD and IBM are being released, as well as the imminent availability of NVIDIAs own Volta GPU. Custom FPGAs and ASICs are also getting attention among the deep learning crowd. Nevertheless, high performance computing comes at a price.
The Traditional Path to Deep Learning
This level of computer performance requires significant capital investment, with systems starting at $150,000 US for a simple 8 GPU node like the Volta GPU-enabled DGX-1. A small GPU cluster of several multi-GPU systems costs upwards of $1M US,
MAJOR CLOUD PROVIDER
SKYSCALE
Technology:
Two generations removed
Newest versions & updates
Performance:
50% of latest tech
World’s fastest HPC cloud
Resources:
Shared / virtual
Dedicated servers, GPUs, & SSD storage
Security:
As secure as shared resources allows
World class physical & cyber security
Pricing:
Elastic; changes with demand without notice
Fixed; no surprises
Configuration:
Complicated
Simple interface
Communication:
Online form or email
Phone call with an engineer
Commitment:
Two minute shut-down notice
Customer has total control
Table 1
and larger clusters can run several million dollars each. On-demand, virtualized cloud computing offered by Amazon, Google and Microsoft, optimistically promise ubiquitous data crunching: access to vast, scalable resources for everyone. Yet, with the high cost of cutting-edge technology, the major cloud services aren’t offering the latest-generation multi-GPU solutions and clusters to all users; virtualized or not. It is understandable that companies feel held captive to capitalizing the equipment they need. Forecasts for deep learning software and hardware services alone are on a long-term 55-60% CAGR (compound annual growth rate). There is a better approach
A Better Approach
There is a movement to address the shortage of on-demand, state-of-the-art deep learning cloud computing. SkyScale offers world-class cloud-based, dedicated multi-GPU hardware platforms and fast SSD storage for lease to customers desiring the fastest performance available. SkyScale builds, configures, and manages high-reliability, dedicated systems in secure and strategic facilities.
Why a Dedicated and Secure Environment is Critical
Virtualization is a key security and productivity concern. Virtualized environments allocate resources of single nodes to multiple users managed by the system. Servers, storage, even individual GPU modules all get shared. In this scenario, security and the integrity of a job that’s running can be compromised. Here’s a quick case study: Case Study (True Story) Company X initiated HPC service using one of the major cloud computing service providers. The HPC technology was the best they offered, but was not the latest generation. Configuration was complicated and under supported. Time was of the essence so Company X continued forward despite the deficiencies. Thirty days into the project they were hit with large unexpected bills due to the elastic and demand-based pricing structure of
the service. It was a virtualized service. When more users log into the system, the pricing rises without the user’s knowledge. Virtualization can also lead to users being locked out of the system. Company X was kicked off the service with minutes notice while their program was running so available resources could be shared by all comers and revenue could be maximized by the cloud supplier. The end result: The Company got half-the-performance at more than twice-the-price than they would have with SkyScale. (See Table 1 for comparison) SkyScale was founded by the leading manufacturer of super reliable, ultra-fast multi-GPU accelerators and storage. They create no-holds-barred computers for government contractors, oil and gas exploration, financial analysis, product and software development, radar and sonar defense, genomics, drug development, medical imaging, and many more. Whether you intend to use an HPC environment online or are looking to purchase a complete solution, SkyScale provides a quick and economical path toward a solution.
How much more deep learning does it take to choose SkyScale?
Whether you’re a developer in a small, cash constrained company needing to get results quickly enough to keep up with the frenetic pace of your team, or a manager in a large company with its own data center struggling with maintenance and constant upgrades, SkyScale has created ultra-fast, secure solutions to address any situation, allowing you to focus on no-compromise results, while minimizing capital equipment investment.
www.SkyScale.com | (888) 236-5454 sales@SkyScale.com
ADVERTISER INDEX GET CONNECTED WITH INTELLIGENT SYSTEMS SOURCE AND PURCHASABLE SOLUTIONS NOW Intelligent Systems Source is a new resource that gives you the power to compare, review and even purchase embedded computing products intelligently. To help you research SBCs, SOMs, COMs, Systems, or I/O boards, the Intelligent Systems Source website provides products, articles, and whitepapers from industry leading manufacturers---and it's even connected to the top 5 distributors. Go to Intelligent Systems Source now so you can start to locate, compare, and purchase the correct product for your needs.
intelligentsystemssource.com
Company...........................................................................Page................................................................................Website Acrosser.................................................................................................................................25........................................................................................................ www.acrosser.com Critical I/O............................................................................................................................. 2.......................................................................................................... www.criticalio.com Dell.............................................................................................................................................39.................................................................................................................... www.dell.com Elma........................................................................................................................................... 4...................................................................................................................www.elma.com Eurotech.................................................................................................................................55....................................................................................................... www.eurotech.com Green Hills Software.....................................................................................................15.....................................................................................................................www.ghs.com Intelligent Systems Source..................................................................................... 18................................................................ www.intelligentsystemssource.com Method Sense...................................................................................................................56........................................................................................... www.methodsense.com Micro Digital.......................................................................................................................35.........................................................................................................www.smxrtos.com MPO Summit......................................................................................................................13................................................................................................ www.mposummit.com NVIDIA.................................................................................................................................... 9............................................................................................................... www.nvidia.com One Stop Systems.........................................................................................................33.................................................................................... www.onestopsystems.com Parks Associates.............................................................................................................21......................................................................................www.parksassociates.com Pixus Technologies.......................................................................................................37................................................................................www.pixustechnologies.com SkyScale............................................................................................................................52-53..................................................................................................www.SkyScale.com Supermicro..........................................................................................................................27................................................................................................. www.supermicro.com Teledyne Dalsa..................................................................................................................41........................................................................................... www.teledynedalsa.com TQ............................................................................................................................................... 19.................................................................................www.embeddedmodules.net User Research Center.................................................................................................45.................................................................................www.userresearhcenter.com WinSystems......................................................................................................................... 11.................................................................................................www.winsystems.com
RTC (Issn#1092-1524) magazine is published monthly at 940 Calle Negocio, Ste. 230, San Clemente, CA 92673. Periodical postage paid at San Clemente and at additional mailing offices. POSTMASTER: Send address changes to RTC-Media, 940 Calle Negocio, Ste. 230, San Clemente, CA 92673.
54 | RTC Magazine AUGUST 2017
How Reliable is your Cisco-based Mobile Infrastructure? Whether for M2M and/or IoT, communications networks, or control systems, the BoltMAR 20-11 Mobile Access Router featuring Cisco’s 5921 Embedded Services Router extends your Cisco IOS infrastructure to the remote and mobile edges of your enterprise. · Industry-proven Cisco IOS-powered routing and management · Modular 3G/4G wireless connectivity · High power Wi-Fi · Rugged for vehicle and rail applications Learn more about how BoltMAR Mobile Access Routers can power and improve the reliability of your mobile enterprise.
solutions.us@eurotech.com www.eurotech.com · 800.541.2003 Eurotech, Inc. 10260 Old Columbia Road, Columbia MD USA 21046
Cisco, the Cisco logo, and Cisco Systems are trademarks or registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Even the most clever engineers need a little illumination.
While you have the spotlight on designing and developing your medical device, let us focus on ensuring you’re meeting quality and regulatory requirements. 21 CFR Part 820 • ISO 14971 • IEC 60601-1 • IEC 62304
www.me tho dsense.com | 919.313.3960