Advances high risk, medical devices must go through a

Advances in technology have resulted in remarkable medicaldevices that can extend our lives, improve the quality of our medical care, andeven save our lives. Yet, there is a documented history of events where the useof these medical devices has unintentionally caused bodily harm or even deathin some cases. In an analysis of medical device safety completed in 2013 viewedat http://dblp.

uni-trier.de/db/journals/ieeesp/ieesp11.html, the authors state:”Malfunctioning medical devices are one of the leading causes of serious injuryand death in the U.S.” (Alemzadeh, Iyer andKalbarczyk) No one knows in advance when they might have an injury or illnessthat would require medical care. When we do need it, we want to know that weare getting the best care possible and that it’s safe. It’s frightening tothink that we may be in more danger from technologically advanced medicaldevices than we are from our original injury or illness.

Best services for writing your paper according to Trustpilot

Premium Partner
From $18.00 per page
4,8 / 5
4,80
Writers Experience
4,80
Delivery
4,90
Support
4,70
Price
Recommended Service
From $13.90 per page
4,6 / 5
4,70
Writers Experience
4,70
Delivery
4,60
Support
4,60
Price
From $20.00 per page
4,5 / 5
4,80
Writers Experience
4,50
Delivery
4,40
Support
4,10
Price
* All Partners were chosen among 50+ writing services by our Customer Satisfaction Team

Although there are many organizations that oversee the safetyof patient care, the Food and Drug Administration (FDA) is ultimatelyresponsible for approving and regulating medical devices in the United States. Currently,the FDA assigns a class based on the intended use, whether it is invasive orimplantable, and the estimated risk to the patient. Class I, low risk, medicaldevices are exempt from pre-market notification. Class II, medium risk, devicesare required to clear a review process to determine if the device is equivalentto another that is already marketed legally. If it is, then a clinical trial isnot required. Class III, high risk, medical devices must go through a formal pre-marketreview process (PMA) that requires clinical trials. (Sorenson and Drummond) Class III medicaldevices are grouped into 19 categories with over 580 types of devices. Theseare the most complex devices; they may be implanted, provide life support, orpresent a high potential risk of illness or injury.

Partly due to the quantityof devices it must monitor, “The FDA approval system cannot assure the safetyand effectiveness of increasingly complex medical devices.” (Curfman and Redberg) Some of these high-riskcategories of computerized medical devices include:1.      Diagnostic – MRI, PET scan, CT scan, X-ray’s,ultrasound2.      Treatment – pacemakers, insulin infusion pumps,neural stimulators, radiation therapy3.      Life support – ventilators, incubators,heart-lung machines, dialysis machines4.      Medical monitors – ECG, EEG, blood pressure,patient vital signs5.

      Lab equipment – analyze blood, urine, genes,blood gasesThe FDA has the power to inspect all medical devices,request that the manufacturer issues a recall, seize the device if themanufacturer doesn’t issue a recall, and to request injunctions againstdistribution of the device. Typically, their policy is to inspect the medicaldevices every two to three years. The policy also mandates that all adverse eventsinvolving death or serious injury to a patient that may have been caused by amedical device must be reported immediately. Other events (that did not causedeath or serious injury) must be recorded, and a summary should be submittedannually.

(21CFR803) Studies have shown that “fear of punishment, uncertaintyof what should be reported and how event reports will be used, and timeconstraints to event recognition and reporting” prevent consistency inreporting these events. (Polisena, Gagliardi and Urbach) In one report, asample of records reviewed by the National Electronic Injury SurveillanceSystem (NEISS) reported 10,395 adverse events resulting in emergency departmentvisits from July 1999 through June 2000. Using this report as a baseline, it’sestimated that there were over 450,000 adverse events nationally during thatone-year period. (Hefflin, Gross and Schroeder)Like all technology, the hardware and software involved inoperating these systems can be vulnerable, impacting the safety andeffectiveness of the devices. The level of vulnerability increases when the devicesare connected to a hospital network or the Internet. Areas of vulnerability thatare discussed here include:·        Cybersecurity·        Design, manufacturing, and testing errors·        System malfunction·        User errors·        Process control errorsPeople usually trust their doctor and the medical communityimplicitly. However, cybersecurity is always a threat; medical systems can be exposedto hackers, information theft, and malware like any other system. Theintroduction of malware could threaten the safety and effectiveness of thedevice, thus affecting the health of the patient.

Attacks on a system canoriginate from infected mobile devices connected to hospital WiFi; causingincorrect treatment and medication errors, interference in communication betweenthe system and doctors, or potentially threatening instructions going toimplanted mobile devices. (Hasan, Zawoad and Noor) It’s surprising to learn that designers and manufacturers ofmedical device software allow and accept errors or “bugs” in the coding.  A bug is a coding error in the software that causesan unexpected result.

An unexpected result could be anything from a display glitchto an output error to a system crash. Most software programs have at least amillion lines of code. (Microsoft programs have an average of 20 to 30 bugs per1000 lines of code.) At only one bug per 1000 lines of code, a program with 1million lines of code would have 1000 bugs! Testing to identify and resolvecoding bugs is more important than ever as medical devices continue to become progressivelymore complex. Undoubtedly, programmers and code writers have a great deal oftechnical knowledge and skill. Yet, in their role of writing software programsfor medical devices, they are virtually guardians of public safety. So, it’s evenmore surprising that a license is not required for programmers and coders toperform their task.

As complex systems and software programs continue to be networkedtogether, no one can predict how the systems will behave when different codesconnect. System malfunction is a serious concern as the number of networked medicaldevices increases. The FDA receives several hundred thousand reports each yearof suspected medical device failures that result in malfunctions, death, orserious injury. These reports are then used to analyze device performancelooking for possible patient safety issues and to determine benefit versus riskassessments of the devices. (FDA/Medical Devices)There are a multitude of user errors that could contribute tothe failure of a medical device.

Due to lack of training, fatigue, ordistraction; a user may omit a step in the approved procedures, forget to setcontrols and alarms, make minor adjustments to components of the system, enter incorrectinformation, fail to notice informational flags, or try to override the systemin some way. In one instance, at least 5 deaths were the direct result ofoverdoses of radiation given to cancer patients at the Panama National OncologyInstitute. A physicist attempted to “trick” the computer into reading a five-blockshield as a single shape; even though the approved procedure called out amaximum of four blocks. As a result, the unfamiliar shape caused a systemglitch that resulted in 28 patients receiving overdoses of radiation.

(John McCormick)Process control includes any activity put in place to ensurethat a process is predictable, stable, and consistently operating at anexpected performance level with an acceptable range of variation. (BusinessDictionary) Manuals, training programs, written processes and guidelines, monitoringcharts, and mandatory tracking of events are all part of the process controlsthat govern the use of medical devices. Even when proper procedures are inplace, communicating changes and issues may not happen as it should. Mostorganizations and facilities don’t update their written processes and manualsregularly and instead rely on emails, memos, or word-of-mouth. Nor domanufacturers consistently send notice of device warnings or updates. Technology is moving so quickly that quality and safety don’tseem to be a priority. Medical facilities want the newest, most advancedequipment and software, and they want it now.

Many times, no one can predicthow the system is going to perform until it’s actually in use. Many times, costconsiderations limit facilities spending, so they purchase the system but notthe maintenance agreement. Most software programmers rely on patching tocorrect coding problems instead of building quality checks into the program.

Users tend to pay more attention when they are learning how to use a system,but soon their movements become automatic, perhaps missing warnings andverification steps. There are so many challenges to perfecting medical devices;where do we start and what can be done to improve patient safety?Part of the problemis assignment of responsibility. The FDA is responsible for pre-market approvaland post-market monitoring. Post-market surveillance includes collectingadverse event reports and device audits. The FDA works with several datareporting networks (below) to collect and analyze adverse event information toevaluate safety, but these are undeniably under-reported. Because of thediversity of devices, it is impossible to apply the same audit and performancestandards to all devices. Post-market monitoring to conduct quality, meaningfulstudies requires time and resources that often aren’t available.

Softwarecompanies often include written licensing agreements limiting their liabilityin the event of a failure. Users may not be trained properly. Who do you blamewhen a patient is harmed? Unfortunately, there are no consequences to anyone(except patients) when medical devices fail. Obviously, there is room for improvement on every level.

Government and industry leaders are working toward solutions which include, butare not limited to: accreditation and/or license requirements, improving qualitycontrol during the development process, and stricter regulations regarding notificationsand reporting. Improving the safety of medical devices needs to be a priorityfor all of us.BibliographyAlemzadeh, Homa, et al. “Analysis of Safety-Critical Computer Failures in Medical Devices.

” IEEE Security & Privacy 11.4 (2013): 14-26. 22 1 2018.

html>.Curfman, Gregory D. and Rita F. Redberg. “Medical Devices — Balancing Regulation and Innovation.” The New England Journal of Medicine 365.11 (2011): 975-977.

22 1 2018. .Hasan, Ragib, et al. How Secure is the Healthcare Network from Insider Attacks? An Audit Guideline for Vulnerability Analysis.

2016. 22 1 2018. .

Hefflin, Brockton J., Thomas P. Gross and Thomas J. Schroeder.

“Estimates of medical device–associated adverse events from emergency departments.” American Journal of Preventive Medicine 27.3 (2004): 246-253. 22 1 2018.

gov/pubmed/15450638>.Polisena, Julie, et al. “Factors that influence the recognition, reporting and resolution of incidents related to medical devices and other healthcare technologies: a systematic review.” Systematic Reviews 4.1 (2015): 37-37. 22 1 2018.

com/articles/10.1186/s13643-015-0028-0>.Sorenson, Corinna and Michael Drummond. “Improving Medical Device Regulation: The United States and Europe in Perspective.

” Milbank Quarterly 92.1 (2014): 114-150. 23 1 2018.

nlm.nih.gov/pmc/articles/pmid/24597558>. Center for Devices andRadiological Health. “Medical Device Reporting (MDR).” U S Food and Drug Administration Home Page, Center for Devices and Radiological Health, www.fda.gov/MedicalDevices/Safety/ReportaProblem/default.

htm”What Is ProcessControl? Definition and Meaning.” BusinessDictionary.com, www.

businessdictionary.com/definition/process-control.html.”‘We Did NothingWrong’.” Information Technology Planning, Implementation and IT Solutions forBusiness – News & Reviews – BaselineMag.com, www.

baselinemag.com/c/a/Projects-Processes/We-Did-Nothing-Wrong.Borrás, C. “Overexposureof Radiation Therapy Patients in Panama: Problem Recognition and Follow-up Measures.” Revista Panamericana De Salud Publica = Pan American Journal of PublicHealth., U.S. National Library of Medicine,

ncbi.nlm.nih.gov/pubmed/17199912>.”Can Software Kill You?” TechNewsWorld.com, www.technewsworld.

com/story/33398.html.”CFR – Code of FederalRegulations Title 21.” Accessdata.

fda.gov, www.accessdata.fda.

gov/scripts/cdrh/cfdocs/cfCFR/CFRSearch.cfm?CFRPart=803=1. “The Impact OfCybersecurity Vulnerabilities On Mobile Medical App Development.”Www.meddeviceonline.com, www.meddeviceonline.com/doc/the-impact-of-cybersecurity-vulnerabilities-on-mobile-medical-applications-0001.