Will Remote Software Updates Become the Norm for Medical Devices?

When our computer or smartphone's operating system needs an update, the device automatically does so. Why don't more medical devices do the same?

Heather R. Johnson

March 14, 2017

5 Min Read
Will Remote Software Updates Become the Norm for Medical Devices?

Tandem Diabetes Care recently released a software update for t:slim Insulin Pumps purchased before April 2015.

As consumers become more reliant on mobile technology, they expect the same ease of use and interconnectivity with all their devices, including medical. Although medical device software updates come with more regulatory issues than your standard iPhone app, medtech companies will need to find a more efficient way to update software to stay relevant in our evermore connected world.

Tandem Diabetes Care's latest announcement serves as a case study for the advantages of remote updates. The San Diego-based company recently released a software update for its t:slim Insulin Pumps bought before April 2015. Available using the Tandem Device Updater, a Mac- and PC-compatible tool, the remote update is the first of its kind for an insulin pump manufacturer.

Unlike some hardware-based devices, t:slim's touchscreen technology allows for an immediate smartphone-like update. "When someone purchases an insulin pump, typically it's a four-year commitment before the insurance company will reimburse the patient for a new model," said Susan Morrison, Tandem's chief administrative officer. "We've launched four insulin pumps in the last year alone. Because our technology is inspired by consumer technology, it made sense for us to allow our customers to update software at home."

The FDA Hurdle for Software Modifications

Overcoming compatibility issues, obtaining FDA clearance, and ensuring security are just a few reasons why some medtech companies hesitate to prioritize interconnectivity, said Bradley Merrill Thompson, a member of the law firm Epstein Becker & Green, PC. Thompson counsels medical device, drug, and combination product companies on FDA regulatory, reimbursement, and clinical trial issues. "They often have firmware that they leave on the device for a long time because the hassle and cost of going through regulatory hoops is so considerable," he says.

In August 2016, FDA released draft guidance for determining when a software or firmware change to a 510(k)-cleared device may require a manufacturer to obtain new FDA 510(k) clearance.

Under the new guidance, a manufacturer must obtain a new 510(k) if the change introduces a new cause or modifies an existing cause of a hazardous situation. Changes that necessitate a new risk control measure or affect the clinical functionality of a device's intended use also warrant a new 510(k).

In addition to extra reporting, medtech companies have to follow software validation requirements of the Quality System regulation. With any software change, the validation status of the software must be re-established.

Thompson added that if a software update fixes a bug or technical issue, the manufacturer may have to file an adverse event report under FDA's Medical Device Reporting (MDR) measures. Under 21 CFR 806, medical device manufacturers must report actions concerning device corrections and removals to FDA. "If you update a medical device to address a safety or effectiveness issue, you may have to report that to the FDA," said Thompson.

Tandem received 501(k) clearance on its Tandem Device Updater. It recently submitted to FDA a software update that allows integration with Dexcom's G5 Mobile CGM (Continuous Glucose Monitoring) system. "Rather than a sensor sending blood glucose information to a mobile app or to a separate PDA, the CGM system sends it directly to our pump," said Morrison. "A user can make therapy decisions all from that one device."

When FDA approves the update, Tandem can offer it immediately to customers. "This allows them to make the best purchasing decision based on what's available today, and on what they know companies will make available in the future," said Morrison.

Cybersecurity: A Top Priority

In an age when hackers can hack pretty much any system they choose, medtech companies must prioritize security, especially when they incorporate remote software updates.

In 2014, FDA issued guidance on cybersecurity management for medical devices, which applies to premarket submissions. Premarket submissions should include a plan for providing validated software updates and patches throughout a device's lifecycle, among other information. "The FDA has been very aggressive in getting companies to think more and do more about cybersecurity, and my impression is that it's having quite an effect," said Thompson.

In late 2016, FDA also released guidance on cybersecurity management for medical devices in the postmarket setting.

Tandem incorporated security into its software development and testing process. In addition to initiating a two-step authentication process, the pump knows when a non-Tandem product tries to upload or download software. If it suspects a security breach, it alerts the user.

Compatibility Across Many Devices

Compatibility also presents a challenge for medical device software and remote updates. The software may have to comply with multiple versions of Mac- and PC-based computers, and possibly iOS or Android systems. If a connected product changes its software, the company has to ensure continued operability.

t:slim compatibility across multiple platforms required extensive testing and beta testing at Tandem headquarters. "In addition to developing Mac- and PC-compatible software, we wanted to always know what software version a customer is using," said Morrison. "If they call technical service, it's important we have that information."  

The Connected Future

There's no question health care and medical device technology will continue to follow the connectivity path. Consumer and customer demand ensures it.

"The desire for improved outcomes and better patient care applies across the industry," said Morrison. "It's incumbent upon industry to help pave the way and to bring this type of technology to consumers. The easier products are to use, the better they benefit everyone."

Heather R. Johnson is a freelance writer based in Oakland, California.

[Image courtesy of TANDEM DIABETES CARE]

About the Author(s)

Heather R. Johnson

Heather R. Johnson is a consultant and writer for the medical and clinical technology industries. She’s based in the San Francisco Bay Area.

Sign up for the QMED & MD+DI Daily newsletter.

You May Also Like