As today's medical device manufacturers seek to power next-generation wireless devices, they are faced with two integral design and engineering challenges: safety and security.
Real-time assurance reporting and other advanced features, such as data encryption, require an increase in mobile power to function consistently and reliably. Increased power requirements are addressed by increasing the energy density of the battery pack, in order to offset the additional power draw and maintain overall device run-time. The features (and energy density growth) are necessitated by the application, but are often associated with safety and security risks. Consequently, reliable, long-lasting and secure battery systems require both stringent qualification testing and safety standard compliance to earn patient and provider peace of mind.
Greater Power Demands Require Stringent Safety Measures
Battery pack engineers and manufacturers know that providing a reliable source of portable power to multiple functions within a host device requires complete adherence to battery safety protocols and in-depth qualification testing. Failure to adhere to safety protocols, or to conduct a full qualification cycle, dramatically increases the risk of device malfunctioning.
When addressing the addition of new features to a host unit or battery pack, the power draw of each feature must be evaluated as both an isolated feature, and as one integrated into the overall system. Failure to properly qualify the new feature can lead to excessive power draw and heating. When a battery pack overheats, the greatest danger is the thermal runaway condition (where the heating of the battery creates internal cell conditions that further generate heat). Left unchecked, the typical end result is hot-gas venting and fire (risks inherent in all battery systems, but are mitigated by proper specification declaration and design qualification).
Recent high-profile battery performance failures, such as the Boeing Dreamliner incident, have illuminated safety issues in battery pack design and have renewed the battery industry's focus on safety and performance testing. Even though the statistical rate of catastrophic failure is low, the financial liability and damage to buyer confidence can be devastating.
Safety is paramount in medical applications, particularly when the patients are wearing (or are implanted with) a battery-pack powered device. Even though the medical-device community is subject to rigorous regulatory oversight, there have still been numerous instances of battery pack malfunction, leading to isolated recalls of devices such as implantable and external defibrillators, instant thermometers, insulin pumps, and surgical instruments.
As a result, the battery manufacturing industry is experiencing an increase in awareness and regulation around safety issues and advanced testing. The most current medical device battery regulations are those published by the International Electrotechnical Commission in December 2012 - IEC 62133 Edition 2.0. This guide includes specifications for the following types of testing as they apply to safety standards in the manufacturing of medical battery packs:
- Overcharge: Tested to ensure that the battery pack will protect itself from abusive charging events
- Over-discharge: Tested to ensure that the battery pack will protect itself from deep discharge events that would otherwise damage the cells' chemistry.
- Short Circuit: tested to ensure that the battery pack will protect itself from rapid discharge conditions that can lead to excessive heating and electro-chemical damage to the cells.
- Thermal Cycling: tested to ensure the battery cells maintain chemical stability across extreme temperature variations
- Shock: tested to ensure that the pack maintains mechanical stability in worst-case shipping and drop conditions.
Even if you don't have an in-house lab, you can ensure compliance with industry guidelines by consulting with an independent battery testing facility. Such a facility will meet CTIA, UL 1642, and UL 2054 certification requirements and will be authorized to carry out such tests in accordance with regulatory approval procedures.
Mounting Security Risks in Battery-Powered Medical Devices
According to the United States Government Accountability Office (GAO), many battery-powered devices currently on the market include advanced security features that actually increase risk for compromised performance. These devices are power-limited due to restrictions in battery capacity, yet include security features whose power requirements far exceed the nominal power usage of the device. While the security feature may perform admirably in preventing particular forms of access and malicious attack, the activity of preventing access will drain the battery very quickly and will render the device inoperable. As the gao.gov report states, "[...] efforts to mitigate information security risks need to be balanced with the potential adverse effects such efforts could have on devices' performance, including limiting battery life."Performance failures in a medical device may mean the loss of a patient or the deterioration of their health. Failure to fully qualify a design or address security issues can also provide a hacker with a doorway to access all patient information stored on the device.
These concerns are exacerbated by a phenomenon dubbed, "the consumerization of healthcare," which has tasked manufacturers with creating medical devices that function alongside patients' smartphones and tablets. They want a device to perform its primary healthcare function, but also communicate relevant information to medical professionals - often miles away - in a timely manner, and sometimes even provide simple reports to the patient. Great care must be taken to ensure only qualified and authorized individuals are allowed to make remote device adjustments or retrieve medical reports.
These advancements do not come without risk. In September 2012, the GAO recommended that the U.S. Food and Drug Administration (FDA) start giving consideration to the very real security risks involved with wireless medical devices. This recommendation was made following two demonstrations in which security researcher, Barnaby Jack, delivered a deadly volt to a pacemaker and dispensed more than a week's worth of insulin in a single dose from a wireless pump.
The danger of device tampering can be significantly reduced by following safe design practices. In particular, the safest designs use isolated architectures, multiple redundancy, and hardware-level configuration whenever possible--staying away from digital configurability. Within the scope of battery pack design, the following security measures are being taken in the industry to prevent tampering with smart batteries used in medical devices:
- Design the battery pack to achieve high energy density at the lowest power appropriate to the application, so it can reliably perform the multiple functions required of a secure pack, including support of additional security enhancements without risk of premature depletion or excessive heating
- Place at least one independent hardware level of protection in the battery so if the firmware is hacked, there is a protection mechanism to prevent dangerous use of the battery
- Seal an access code into the ASIC to prevent unauthorized access
- Use safer cells that include features to prevent explosion during worst-case thermal runaway events
- Use authentication Integrated Circuits (IC's) so the battery can only work with an intended and approved device
- Account for a final fail-safe mode that triggers when all primary protection features have failed and a catastrophic condition is otherwise imminent; this includes having an electrical feature to permanently disable the battery pack or a mechanical feature to allow venting of the cells to prevent a gaseous pressure-induced explosion
Bringing Safety and Security to Market with Li-ion
With so much at stake, it is imperative that medical device manufacturers collaborate with portable power-source manufacturers to create a battery pack that services both safety and security in the most power-saving manner possible. These manufactures are increasingly turning to Lithium ion (Li-ion) technology--for good reasons. Most Li-ion cells have a gravimetric energy density (Whr/kg) that is four times greater than a nickel-cadmium (NiCd) cell, which means that a Li-ion cell can store four times the energy of a NiCd cell of equal weight. The construction of a Li-ion cell is also superior to NiCd in the realm of shelf storage and leakage; a typical NiCd cell might have a shelf life of months where the Li-ion cell will have a shelf-life of years. When it comes to portability, a Li-ion cell is very light-weight when compared to NiCd and sealed lead acid. This alone makes Li-ion an attractive alternative to lead-acid and NiCd options, in portable applications that require long-life and very low weight/size.
Creating Li-ion battery packs that are safe and secure requires skill, specialized knowledge, and experience. Li-ion cells can be extremely safe to use in a range of applications, but assembling multiple cells into a battery pack with the goal of providing sufficient power and operational run time requires careful design to deliver an optimal and safe performance. All battery packs, but especially Li-ion packs, need to be part of a properly designed system or they may rupture, ignite, or explode when exposed to high temperatures, drops, or other abuses often encountered in wireless healthcare applications.
As healthcare becomes more portable and powerful, battery engineers and medical device manufacturers must keep in step to ensure a safe and reliable development of new technologies, which in turn improves patient therapy and treatment experiences.