Treating the Cure: How to Solve Medical Device Recalls
Health professionals are now relying more and more on implementing software in medical devices to diagnose and treat patients with more accuracy and in a shorter timeframe.
This is only possible due to breakthroughs in medical device software, which have helped save millions of lives that would otherwise have been lost due to inaccurate or delayed analysis and treatment.
However, these technological developments have a dark side: there are large-scale software issues that are increasingly threatening to undermine progress made in healthcare.
Software is the top cause of medical device failures: a total of 22.7% of recalls in 2018 were due to software issues, followed by mislabelling issues, specifications errors and quality issues.
According to the Stericycle Recall Index, recalled units increased to about 208.4 million in the first quarter of 2018 – a number larger than any quarter since 2005.
There are two main reasons for the increase in software-related medical device recalls – complexity and lack of regulation.
With technological improvements in areas like artificial intelligence, the software used in medical devices is becoming more and more complex. The greater the complexity, the more likely it is for medical devices and safety-critical systems to behave unexpectedly. This happens because developers are more likely to fail to account for all of the variables in the medical environment, which increases the risk of bugs and errors slipping through the net. This ultimately increases the number of costly device recalls.
As well as the potential for error, regulation to date has not considered software’s own role as a medical device, failing to account for the thousands of health apps and devices available to patients and health professionals which do not undergo stringent checks.
However, things are about to change. In 2017, the European Council and Parliament tried to catch up with the new reality facing medical devices by passing the Medical Device Regulation (MDR). This new regulation will come into effect in May 2020, introducing significant changes that are mandatory for companies to comply with, focusing particularly on cybersecurity and software testing.
When it comes to medical device recalls, the consequences affect not only manufacturers’ direct costs but also their brand reputations. Most recalls affect millions of people, so it’s no surprise that they can make headlines and damage company reputations. By way of example, in 2017 a prestigious company voluntarily recalled almost 500,000 pacemakers due to a cybersecurity issue. The problem? The pacemakers could be hacked, allowing the hacker to drain the battery or cause the pacemaker to administer unwanted shocks.
Cybersecurity is a major new challenge that should be considered when developing and testing software. There are solutions to help mitigate the types of issues currently causing an increase in medical device failures and recalls. The development of software should be performed with recall prevention in mind, prioritising verification, validation and testing. Manufacturers need to ensure a systematic, quality-first approach across all departments associated with the development of medical devices. This should include developing hazard analysis tools and safety-driven design procedures; employing advanced techniques such as model checking and symbolic fault injection; and introducing application and situation-aware monitoring techniques.
Following a strict software development process has several benefits: not only does it increase reliability, it also lowers the overall recall probability and the cost of developing these complex systems.
According to a research conducted by an International Consortium of Investigative Journalists, in the past decade, nearly two million injuries and more than 80,000 deaths can be linked to faulty medical devices. We can’t continue to turn a blind eye to this issue, and it is the responsibility of manufacturers to ensure that progress in healthcare provision is not severely undermined by software failures.
Critical Software GmbH
Critical Software SA
Parque Ind. de Taveiro, lote 49
Critical Software Technologies
4 Benham Road
Southampton Science Park, Chilworth
Southampton SO16 7QJ