Tools and building blocks to address new medical device design challenges
The market for more sophisticated health and medical appliances has been counter-cyclic to the economy, which is only slowly regaining its momentum after a long and stubborn recession. Driving the growth is the emergence of a new generation of health devices and software in the form of :
1. Software apps resident on Android smartphones
2. Medical devices that use the Android platform to build medical devices with which patients and physicians are familiar to collect, transmit and assess health data :
3. Smartphone-like medical devices as gateways by which wearable Internet of Things sensors on the patient collect and transfer health information over personal area networks to the patient's smart phone and/or on to the doctor. These include such things as medical device sensor fusion, wireless medical sensor mote platforms or an Android-based body area network for medical applications. :
As noted in this week's Tech Focus newsletter, up to now, driven by government regulations, a number of powerful tools and methodologies are available to meet the rigid safety regulations that must be imposed, including the use of sophisticated and demanding code coverage and analysis and modeling tools, including: :
"Building Class III Medical Software apps on an Android Platform" The authors describe the software development of an FDA compliant Class III medical software application that was successfully ported from a Windows CE environment to an Android 4.1 tablet platform. :
"Using domain-specific modeling languages for medical device development" The authors describe how existing languages for Programmable Logic Controllers (PLCs) in medical systems can be extended with domain-specific constructs for medical devices that can be used to generate native code that runs on both Intel and ARM processors. :
"Using static analysis to evaluate software in medical devices" describes how researchers at the FDA's Office of Science and Engineering Laboratories have used new techniques for analyzing software to uncover potential flaws in a device under review. :
But even with such tools and capabilities, developers of embedded medical devices will be faced with the prospect of how and when to use them in what military/aero space designers call "mixed crticality" systems, These are systems which are designed with a mix of hardware and software components that have been rigorously tested for safety and those which are not. :
What does the developer do: confine testing only to those portions which must meet such requirements or test all to the same higher level of safety compliance? :
This is an important consideration. As of last year, there were about 100,000 health and medical related apps for smartphones, such as Apple’s iOS and Google’s Android. By 2015 it has been estimated that 500 million smartphone users worldwide will use some type of medical app. :
Up until recently, most such health and medical apps have to do such things as track exercise or weight loss or provide instruction on diet or quitting smoking. But with the increasing popularity of wearable devices, more designs have emerged that link smartphones’ computing and display power with custom designed hardware to create functioning portable medical devices. Initially targeted at doctors and other healthcare professionals, more and more of these devices are being marketed to patients for gathering, tracking, analysis, and transmission of medical data. :
In the United States, the Food and Drug Administration has only just recently come up with some guidelines for such devices. What has emerged so far is something akin to the confusing and dangerous situation in the drug market, with some drugs categorized as over-the-counter health supplements and palliatives, which are largely unregulated, and others as "health-safety-critical" and subject to strict controls.
As of late last year, the FDA has come up with two broad categories. In one are “mobile medical apps” used as accessories to a regulated medical device or that transform a mobile platform into a regulated medical device, which the FDA deems as not subject to regulation. In the other category is a somewhat regulated category of hardware or software apps that use attachments - or includes functionality for - that turn the phone into the controller or screen for the device, allowing remote monitoring by phone of health devices. :
So far. However, the FDA says developers of the regulated medical device apps will not have to go through randomized trials to prove that their devices work. All they will have to do to gain approval is show that their devices have an accuracy or safety equal to that of already approved devices. :
While the FDA's current rulings cover mobile smart phones, it is not clear that these rulings would also apply to the many wearable consumer IoT sensors attached to the skin to pass information back to the mobile device. Also not clear from a regulatory point of view is how much the FDA should also take into account the security of those devices. :
Given how vulnerable mobile devices are to malware and viruses, the security of medical apps using smartphone-like software and hardware should also be a critical part of any safety standard. According to a recent report from Alcatel-Lucent's Kindskight Security Labs, more than 11.6 million mobile devices have security issues and are infected with malware, of which 60% are Android smartphones.
Until such security issues are dealt with, I do not think the safety of such consumerized medical devices can be assured. Fortunately, as noted in this week's Tech Focus newsletter, many of the same tools and procedures for meeting safety requirements standards. Since it took almost two years for the FDA to come up with its current set of rulings on smartphone medical apps, the best bet for developers is to assume the worst and apply their tools and techniques for security with as much vigor as they do for safety.
Embedded.com Site Editor Bernard Cole is also editor of the twice-a-week Embedded.com newsletters as well as a partner in the TechRite Associates editorial services consultancy. He welcomes your feedback. Send an email to firstname.lastname@example.org, or call 928-525-9087.