Untangling compliance issues in healthcare IoT device testing (Reader Forum)
The role of connectivity in healthcare applications has been growing exponentially in recent years and evolving to be a must-have feature in medical devices. According to Vodafone IoT Barometer report, global IoT adoption in the healthcare industry has increased from 19 per cent in 2014 to 27 per cent in 2017, attaining a 9.2 per cent compound annual growth rate (CAGR).
Fifty-nine per cent of healthcare providers are using IoT to increase revenue by creating new connected medical products, differentiating existing products and offering new services. There is no question the competitive landscape for connected medical devices has experienced a transformation. The introduction of cellular technology has enabled the ubiquitous delivery of care, with the introduction of devices such as connected insulin pumps, dialysis machines, and cardiac defibrillators.
Connected medical devices and cellular technology are, without doubt, at the forefront of the IoT revolution in healthcare. Remote patient monitoring is perhaps the most important example, showing tremendous acceptance, and will be of great value to solve the lack of resources in an industry experiencing an extraordinary increase in demand to treat chronic diseases. As of 2018, the Centers for Medicare & Medicaid Services (CMS) in the US has recognised and reimbursed healthcare providers using remote monitoring technologies.
Demand for services and competition among service providers will both increase, as companies seek to capitalize on conditions affecting 68 per cent of over-65s in the US. As existing medical device companies and new entrants asses the connected strategy opportunity in US, they will encounter two regulatory entities affecting decisions on design, manufacturing, logistics and support – in the shape of two complex systems, with independent standards, which have similarities but are not yet harmonized.
We are referring to the FCC and FDA.
Depending on how regulated the medical device is, adding wireless and cellular connectivity to such device can prove cumbersome. In general, we have three main FDA classifications for medical devices: Class III requiring PMA (pre-market approval), Class II requiring a 510(k) submission and Class I devices that have mostly been exempt from clearance and catalogued as generic per FDA 21 CFR Parts 862-892, such as valves, catheters, and masks.
In the heavily and partially regulated segments (Class III and II), we have a few important considerations affecting compliance, which include the selection of wireless and cellular technology, quality of service, coexistence, security, and electromagnetic compatibility (EMC). Proving there is no electromagnetic interference is perhaps the most critical test in product development, especially if there is a wireless component involved. Usually, there will be two options to enable a medical device with connectivity.
Option 1: Embedded approach
If the wireless and cellular component is embedded into the medical device, directly on the PCB, safety and emissions testing will have to be done under the rigorous IEC 60601-1 standard. This is a critical step and a very technical exercise that involves laboratory testing and a well-structured risk management strategy.
Although emissions are being tested under IEC 60601-1, FCC would still require compliance under 47 CFR part 15, which happens to cover EMC testing and is a way to ensure the medical device now using wireless connectivity cannot cause harmful interference with other devices and can also accept interference from other devices.
Once the cellular or wireless component is embedded into the medical device, FDA compliance will need to be consistent with that of the medical device classification, PMA or 510(k). From a telecoms standpoint in the US, the below certifications are required before product commercialization.
FCC 47 CFR part 15, b;
PTCRB (If AT&T or T-Mobile is the network of your choice);
Corresponding network approval (AT&T, Verizon, Sprint, T-Mobile, etc).
Option 2: External attachment
An external cellular and wireless attachment or accessory may be classified under FDA MDDS (Medical Device Data System), product code OUG. Although the term MDDS may suggest a lengthy certification process, the reality is different. In the Federal Register of February 15, 2011 (76 FR 8637), the FDA issued a final rule to reclassify MDDS from Class III (subject to premarket approval) to Class I (subject to general controls).
Under this classification – and when attached to or in direct communication with a medical device – a router or modem would be classified as MDDS since it participates in the electronic transfer of medical data to a remote location. In this case, the router or modem would also need to be compliant with labeling requirements per FDA 21 CFR 801.
Such a device is also subject to certifications a, b, and c in Option 1, above. Nevertheless, there is no need for PMA or 510(k) submissions for MDDS devices. However, FDA does state that devices under a MDDS classification must be subject to quality guidelines, per FDA 21 CFR 820, which shall provide reasonable assurance of safety and effectiveness.
What is FDA 21 CFR 820? This is a higher quality requirement overseeing design, manufacturing, support and logistics practices. The best industry standard matching such a description is ISO 13485. Each may have additional requirements but they do not conflict with one another. Areas where FDA will pay close attention in the event of an audit are CAPA procedure (Corrective Action / Preventive Action), training procedure, statistical techniques procedure, recall procedure, and medical device reporting procedure.
One of the greatest challenges experienced in the wireless medical device industry is interoperability. If short-range technologies such as Wi-Fi and Bluetooth are part of the medical device design, interacting and communicating with other Bluetooth and Wi-Fi devices may represent a challenge. Although not mandated by the federal government, the Personal Connected Health Alliance under its Continua Compliance and Certification program addresses the issue by validating both compliance and interoperability for personal connected health devices.
Whether you are looking at embedding a cellular wireless component into a medical device or adding such functionality as an external attachment or accessory, the role of FCC and FDA compliance is critical to successful deployments and customer satisfaction. If you opt for an external approach, selecting a device manufactured in a facility that is ISO 13485 certified can prove to reduce complexity in an already complex medical device world.
Derek Wallace brings 20 years of product management experience to his role as Director of Product Management for MultiTech. He has worked across multiple parts of the value chain and around the world. He is responsible for the entire MultiTech portfolio, including product lifecycle and management process. He oversees a growing team focused on defining and launching the products that will achieve the most business value for our customers as well as MultiTech.