Medical devices 2017: industry outlook
BSI Staff Writer
Published date: |
|
Modified date: |
|
Technology is evolving and all areas of industry are evolving with it.
As technology becomes ubiquitous in the medical industry - a change which offers immeasurable benefits when it comes to treating patients - this also presents potential issues, from malfunctions to hacking. No longer just isolated pieces of machinery, medical devices now often boast features such as remote access and wireless connectivity.
Taking into account a move towards Software as a medical device (SaMD), as well as increased uptake of Internet of Things (IoT) devices, there are various issues that the medical industry needs to address in order to effectively mitigate the increased risks technology presents.
The Medical Device Directive
First and foremost, it’s vital to keep abreast of the changing regulations in this industry. These represent the wider pressures and risks of the industry and will help ensure that a business is in keeping with best practice.
The Medical Devices Directive (90/43.EEC) and the Active Implantable Medical Devices Directive (90/385/EEC) are both due to be replaced by new legislation - the Medical Devices Regulation. In addition, the In Vitro Diagnostic Directive (98/79/EC) will be replaced by the In Vitro Diagnostic Devices Regulation. The regulations are due to be adopted by Parliament and the Council in summer 2017. Businesses have time to implement the changes and the new rules will apply for three years after publication for medical devices and five years for IVD devices.
The role of standards
It’s important to understand the difference between regulations and standards. Where standards focus on giving guidance to help exceed best practice, requirements often focus instead on the legal requirements in an industry.
ISO 13485:2016, Medical devices - quality management systems - requirements for regulatory purposes is the standard dedicated to helping to maintain quality control when it comes to manufacturing medical devices. The standard is also focused on ensuring compliance to the different requirements in different markets across the globe.
Many are transitioning across from the 2012 to 2016 version of ISO 13485:2016. It’s speculated that the majority will switch across in 2017 and 2018. Because some of the changes to MDSAP and MDV/IVDR are commencing earlier, businesses are advised to switch across as quickly as possible.
BSI has prepared a list of ways it believes manufacturers could be impacted during the transition period to ISO 13485. If medical devices are a part of your industry – from manufacture to actual use – then it’s vital that you understand how these changing regulations could affect your organization. New terms have been defined such as ‘clinical evaluation’ and ‘post-market surveillance’. The standard includes increased clarity when it comes to clauses and their relationship to requirements. The entire standard has a greater emphasis when it comes to requirements.
There are a range of other standards in this area including: BS EN ISO 14155:2011, Clinical investigation of medical devices for human subjects — Good clinical practice, BS EN 800001-1:2011, Application of risk management for IT-networks incorporating medical devices — Roles, responsibilities and activities and BS ISO 15223-2: 2010, Medical devices. Symbols to be used with medical device labels, labelling, and information to be supplied. Symbol development, selection and validation. There is also training available from BSI on ISO 13485, ISO 14971 and CE Marking of medical devices.
Cyber security
Like any other piece of technology, medical devices are susceptible to cyber attack. Every day there are 2,803,036 data breaches - that’s 32 every second.
Cyber security threats can never be completely eliminated. The main cyber threats include computer-assisted fraud, espionage, sabotage and vandalism, and many of these issues apply to medical devices. In an ideal world, these issues would be mitigated by adding safety mechanisms at the manufacturing stage, but it’s also the responsibility of medical professionals to ensure that patients are protected.
ISO/IEC 27001 is the most widely adopted international information security management standard. The standard helps businesses better understand the risks to their IT systems and data and use this knowledge to better protect themselves from potential threats.
A report undertaken by the Business Continuity Institute combined with BSI has shown that cyber-attacks now pose the greatest risk for organizations. The annual Horizon Scan report, which surveys business continuity professionals across the globe, shows that an increasing number of businesses are aware of the level of the threat but unwilling to adopt business continuity systems.
It’s vital to take the appropriate steps to protect your organization or products from cyber attack. An effective business continuity plan including a thorough insurance policy can help with this. It’s vital that organizations conduct their own horizon scan to identify the relevant threats for their business. When it comes to medical device manufacturers, this threat is more than just about the threat to the business itself, and instead, also encompasses the customers’ safety too.
The standards in this area are designed to help organizations adhere to the relevant regulatory and quality requirements. If you’re a business that produces or works with medical devices, then it’s essential that you’re aware of the regulations and risks in this industry.
Sources
BSI document - cyber security top tips
BSI ISO IEC 27018 Safeguarding
https://www.bsigroup.com/meddev/LocalFiles/en-GB/Documents/BSI-MD-MDR-FAQ-UK-EN.pdf
http://data.consilium.europa.eu/doc/document/ST-10728-2016-INIT/en/pdf
https://www.fda.gov/MedicalDevices/DigitalHealth/ucm373213.htm
Click here to provide feedback
