A common risk-stratification approach and risk-management culture can go a long way toward closing the gaps that exist in the areas of wireless device safety, security, and effectiveness

Bob Michaels

Over the past three or four years, regulators have been shedding greater light on the wireless medical device space, providing guidance documents and other public signaling mechanisms. In collaboration with standards development organizations, regulators have been busily recognizing more and more standards. Nevertheless, even with the publication of guidance documents, technology almost always outpaces regulation development, forcing early adopters to navigate uncharted paths.

More fundamentally, regulatory expectations remain unclear, according to Anura Fernando, principal engineer for medical software and systems interoperability at Northbrook, IL-based Underwriters Laboratories (UL). And regulatory gaps persist in such areas as device safety, security, and effectiveness. To flesh out these issues, Fernando will speak at the BIOMEDevice Boston conference on Thursday, May 7 on the subject of "Surviving the Wild West of Wireless Platform Development in a Highly Regulated Environment."

Guidance documents are now available for a range of topics in the wireless space, including mobile medical apps, cybersecurity management, medical device data systems, and home-use devices. Several documents are devoted to wireless platforms and medical device interoperability overall. "However, because so many technological innovations are on the horizon or are coming into the market, it is becoming difficult, if not impossible, for regulators to be prescriptive about how a particular application or technology should be dealt with," Fernando says. And while systems and technologies such as virtual reality are being subjected to regulatory processes, many related problems such as cybersickness aren't fully understood.

"Until some of these issues are better understood, the regulatory environment will remain somewhat ambiguous," Fernando emphasizes. "As a result, it will be challenging for innovators to have a level of confidence that new products will be effective or will enter the market without potentially causing health-related problems." Not only regulators but also manufacturers are struggling with these issues as they try to exercise due diligence in bringing their products to market.

So what's next? Because medical devices are categorized into different classes and various countries and regions approach device classification differently, a common basis is lacking for characterizing the huge diversity of medical device products relative to risk, according to Fernando. To rectify this deficiency, the medical device industry should work in close partnership with regulators and other stakeholders such as industry associations and standards-development organizations to better categorize and characterize the different risk classes.

"As a result, innovators bringing their products to market will have a clearer understanding of which buckets their products fall into and which regulatory issues and standards they must consider as part of their premarket conformance activities," Fernando comments. "One advantage that the medical device industry has is that there currently exists a risk-management framework under ISO 14971. While this standard is independent of a specific hazard, it allows manufacturers to go through a process by which they can manage the risk."

Beyond developing a common approach to risk stratification, the medical device industry should encourage individual manufacturers to implement a strong risk-management culture. "Companies, particularly those new to highly regulated markets, often focus most of their energies on thinking about what their customers want their product to do," Fernando says. "At the same time, top management should also issue directives to their design teams to spend proportionate efforts on safety- and security-related failure modes that might cause products to perform in ways that customers do not want."

Companies that traditionally work in highly regulated market spaces are pretty familiar with having a variety of design controls in place, such as quality-management systems and risk-management files, Fernando adds. In the medical device space, most manufacturers are very familiar with these kinds of constructs. "For manufacturers that are entering the heavily regulated medical device space, becoming familiar with quality-management systems and risk-management processes, and incorporating these standards into their standard operating procedures, can help them improve their internal safety and risk-management culture.

Bob Michaels is senior technical editor at UBM Canon. Reach him at [email protected].