The interconnection of medical devices can be a huge benefit to society. For example, the MRI machine used to scan a patient’s back can instantly transmit the images to the practitioner in his office, for immediate analysis and diagnosis. A connected heart rate monitor can provide tremendous value to a practitioner by capturing and detecting transient conditions that might not be apparent from a single ECG exam. A connected glucose meter can continuously monitor a patient’s blood sugar and connect to an insulin delivery device. A mood/depression monitor can be used to chart fluctuating physical states which can be used to interpret the current mental state.
Growth areas envisioned for the Internet of Medical Things (IoMT) include connected inhalers, digestible sensors, connected contact lenses, and robotic surgery. According to a report by Fortune Business Insightsthe IoMT market stood at nearly $72 billion in 2020. The emerging popularity of remote patient monitoring and smart wearable devices is expected to grow the IoMT market to $176 billion from by 2026 and $446 billion by 2028.
Dangers introduced by the IoMT
As defined in ISO 14971, harm is injury or damage to the health of persons or damage to property or the environment, and a hazard is a potential source of harm. The IoMT presents a new set of dangers. Any IoMT device that can have an effect on a user/patient, such as energy input (eg, pacemaker) or chemical transfer (eg, insulin delivery), carries the risk that a malicious agent takes control of the device, with potential direct risk. impact on the physical well-being of the user/patient.
A more insidious risk is the possibility that a malicious agent could gain access to a medical device or software system (such as an electronic health record system) and retrieve sensitive patient data, such as medical data or financial. Since the ultimate harm may be to a patient’s finances or medical records, the risk of bodily harm is much lower. However, the insidiousness lies in the potential temporal discontinuity between breach and effect as well as the potential for attacks on many victims.
Mitigating the dangers of IoMT through risk management
Hazards presented by IoMT products should be mitigated by an effective risk management process. Since IoMT products will necessarily incorporate software, the applicable risk management processes reflect the security classification of the software. According to IEC 62304, all medical device software is assigned a classification, based on the severity of the damage that can be inflicted due to failure of the software to perform as specified. The strictest classification, Class C, is assigned to software that can cause death or serious injury, and Class C is the default classification until proven otherwise.
One method to reduce the classification of software, and thereby reduce the associated documentation and risk management burden, is to reduce the probability of occurrence through the implementation of a hardware risk measure. Unfortunately, due to the multi-level software stack structure used for Internet communication, implementing a hardware risk measure to reduce risk in IoMT is quite difficult, if not impossible. Therefore, IoMT product developers should be prepared to perform software risk management consistent with the Class C software classification.
Risk Mitigation in IoMT Product Development
Medical device manufacturers can minimize the risks by doing the following:
- : Develop a risk management plan that defines the risks being managed and the process by which they are managed. Planning usually occurs before product design, concurrent with the development of product requirements.
- Risk assessment: Use a variety of risk assessment methods, including Failure Modes and Effects Analysis (FMEA); Failure Mode, Effects and Criticality Analysis (FMECA); Risk analysis; fault tree analysis; event tree analysis; and root cause analysis. Data compiled during the risk assessment process is stored in a dedicated database, ensuring traceability and completeness. The culmination of each risk assessment cycle is a summary report, identifying the most critical risks.
- Risk mitigation and monitoring: At each iteration of the risk assessment, apply mitigation strategies to the most significant risks. Documentation of the risk assessment and resulting mitigation strategy is crucial to the risk management process, in the form of formal risk management reports.
As medical devices, IoMT products require effective risk management (per ISO 14971) and a quality management system (per ISO 13485), and they will also likely need a development process fully documented software for class C (according to IEC 62304). The complexity of these standards can pose a significant challenge, and there are specialists available with the knowledge and experience to help navigate these standards, provide advice and guidance to perform the necessary processes, and develop documentation for high quality that meets regulatory requirements.