The Compliance Difficulties of Medical Device Connectivity
By Abbas Dhilawala
Abbas Dhilawala, MS is CTO of Galen Data of Houston, TX.
There are numerous challenges facing the global healthcare ecosystem today, including aging populations that require more healthcare products and services; rising costs across the industry (shared among consumers, insurance carriers, healthcare providers, and taxpayers); growing wait times for medical services; and a growing demand for convenient and personalized care.
To address these challenges, medical device companies are beginning to produce medical devices with cloud connective capabilities that promote the digitization of healthcare and promote better physician-patient engagement while driving down costs. The global market for connected medical devices is expected to increase from $21 billion in 2018 to $63 billion by 2023, an annual growth rate in excess of 25 percent, according to one report.
Still, the path forward for medical device companies that want to design the connected medical devices of the future and get them to market isn’t always clear and direct. Medical device manufacturers are subject to extensive regulations and compliance requirements for the medical devices that they produce. A recent survey of 237 medical technology employees by Deloitte found something important: 67 percent believe that the current regulatory framework will not catch up with what we can do with medical device technology today for another five years.
Medical device companies today face a fractured compliance landscape that can stifle innovation and lead to heavy expenditures in compliance activities at the expense of research and development. Medical device companies that wish to sell their devices in the United States must comply with the quality regulations set forth by the United States Food and Drug Administration (FDA) in Chapter 21 of the Federal Code of Regulations, Part 820. The regulations include guidelines for ensuring the safety and effectiveness of medical devices, including the establishment of detailed design control documentation, the creation and maintenance of processes for corrective and preventive actions when non-conforming products are discovered, and requirements for document control and approval.
Quality system regulations exist around the world in different forms. Canada uses the Canadian Medical Devices Regulations (CMDR), while medical devices sold in Europe must obtain a CE Marking through compliance with ISO 13485, the international standard for medical device quality. Each time a medical device company enters a new market, it must demonstrate compliance with the corresponding local quality system regulations. Sometimes this means conducting a gap analysis and addressing compliance issues internally, but it could also mean hiring a Notified Body to conduct an expensive and time-consuming third-party compliance audit.
To help ease the path to compliance for medical device companies and reduce the cost burden of compliance activities, regulators worldwide are working towards a Medical Device Single Audit Program (MDSAP) that can establish medical device compliance for global markets based on a single audit. While this measure should reduce compliance costs for medical device companies, it remains to be seen how connected medical devices will be regulated under a new system.
As healthcare innovators continue to develop connected medical devices, privacy is a growing concern for regulators and industry professionals. Imagine a future where in-home care is increasingly common and where patients use wearable and implantable medical devices that deliver patient data electronically in real time to a central repository of electronic medical records.
Such a future might not be far off. The EHR mandate already requires hospitals and medical clinics across the United States to use electronic medical records to track patient data, and connected devices with data transmission capabilities already exist. What doesn’t exist yet is a common framework that promotes interoperability between connected devices and patient databases or any kind of privacy and security regulations that would safeguard such a system against malicious attacks that could compromise patient data.
The final compliance issue faced by manufacturers of connected medical devices has to do with changing payment models throughout the healthcare industry. As the industry shifts towards a model that compensates healthcare providers based on the effectiveness of treatments and patient care outcomes, government regulators and payers are increasingly asking for objective evidence that medical devices are positively impacting patient outcomes. Manufacturers of connected medical devices may face additional compliance obstacles when required to demonstrate that their devices actually improve patient engagement, satisfaction, and outcomes.
Despite the compliance difficulties faced by the industry, medical device manufacturers are meeting the challenge head on by innovating new ways of doing business, including funding models that offer data as a service, the adoption of value-based pricing, and the use of real-world patient data to drive business decisions. The medical device companies of today are ready to advance healthcare into the future. Now it’s up to healthcare providers and regulators to keep up.