2023 update – Best Practices for Design Controls for Connected Medical Devices

Some of the first of many complexities that medical device startups must manage are design controls. While design controls can seem confusing, arbitrary, or even restrictive, they flow from regulatory agencies’ mandate to ensure public safety.

Agencies use design controls to ensure the safety and efficacy of connected medical devices. Medical device startups also benefit because design controls can help minimize the risk of product failures and liability.

As such, design controls represent milestones your project must reach to prove you have developed a safe, effective device that is eligible for regulatory approval.

Design Controls in Brief

Design control is a term used in the medical device industry to describe the process of ensuring that a device safely and effectively meets the needs of its intended users.

The design control process typically begins with identifying user needs and translating those into specific design requirements. Design controls encompass not only user needs, but also design inputs, design outputs, design verification, and design validation.

Not all devices need design controls. Design control requirements depend on a product’s intended use and the associated risk level. A consumer wearable device that tracks steps or calories presents little risk to the consumer. Faulty operation from a device that tracks critical health information, like heart rate after surgery, can have more serious consequences.

Once the FDA (or other regulatory body) approves the device for commercial sale, design controls help to ensure that it continues to meet users’ needs and that any changes made to the device comply with controls.

2023 Trends Influencing the Regulatory Environment

Part of the success in any industry is anticipating trends, and right now the biggest trends in almost every sector have to do with technology and data. Click To Tweet

The medical device industry is no exception. Data has huge implications for patient privacy and safety. Data collection, transfer, storage, and use now intersects directly with the heart of regulatory agencies’ mission.

Below are some of the trends getting regulators’ attention, which means they should be on the radar screen for medical device startups and manufacturers, too.

Blurring the Lines Between Consumer and Patient Markets

The internet of things is growing exponentially, with a massive proliferation of devices that collect and send data to the cloud. For medical device companies, we see an increasing overlap in consumer and patient wearables, where fashion and functionality are beginning to blur the lines between patient and consumer.

For example, in 2018 the FDA cleared Apple Watch as a Class 2 device for use in the detection of irregular heart rhythms. In August of 2022, in an example of software as a medical device (SaMD), the Natural Cycles Fertility App received FDA clearance for use with the Oura Ring.

Given the huge market potential for consumer wearables, medical device manufacturers can expect to see more activity in this space, and not only from consumers. More consumers broaden the potential risk exposure, which leads to a corresponding increase in regulatory agencies’ interest as they seek to mitigate the risk for a larger consumer base.

Data Security in Health Care

In 2018, the US Department of Health and Human Services Inspector General published a report urging the FDA to further integrate cybersecurity review into the premarket review for medical devices. In 2021, vulnerable legacy IT, lucrative databases, exhausted personnel, and strained physical resources created a perfect storm during COVID-19 for healthcare cybersecurity. Hospitals experience unprecedented breaches and cyberattacks from ransomware.

While the growing number of connected medical devices may be a net positive for patients and providers, the fact is each one represents a potential entry point for malware. Patient information is among the most lucrative data for thieves selling on the dark web, with an estimated average value of $250 to $1000 per medical record.

In recent years, the rise of medical devices connected to the internet introduced new challenges for design control. With these devices, it is not enough to ensure that they meet regulatory standards; it is also necessary to ensure that they are secure against hacking and other cybersecurity threats. As a result, design control for connected medical devices must consider both traditional user needs and cybersecurity concerns.

Recent Activity in the Health Care Regulatory Cybersecurity Landscape

The COVID-19 crisis spurred regulatory activity in the US and internationally. Some development since 2021 includes a May 12, 2021 Executive Order (EO 14028) on Improving the Cybersecurity of the Federal Government. This NIST response highlights existing FDA guidance documents and international standards on the science of cybersecurity for the premarket review of medical devices and post-market surveillance of cybersecurity incidents and vulnerabilities.

In August of 2021, the FDA issued a discussion paper related to strengthening cybersecurity practices with medical devices. Lastly, In November 2021 the FDA published a guidance document concerning premarket submission for device software functions.

Blockchain Innovations for Health Care Data Security

Blockchain technology offers a potential solution to the data security problem. Blockchain uses decentralized ledgers, which means it is very hard to alter or lose data because several nodes keep copies of the data.

Furthermore, data encryption can ensure that only authorized individuals have access to medical device data. These features of blockchain not only protect patients’ privacy but also makes it more difficult for hackers to steal, tamper with or falsify records.

Blockchain also enables stakeholders to track devices more easily throughout the supply chain and marketplace, ensuring they are properly registered and up-to-date with safety regulations.

Healthcare institutions and consultants are beginning to test and implement blockchain solutions. Experts predict that blockchain will be among the trends to revolutionize healthcare data. Medical device manufacturers need to be aware of this trend and its potential influence on regulatory agencies and future design controls.

Moving Ahead

Design controls are essential for the development of safe and effective medical devices. For an in-depth guide to design controls, check out Greenlight Guru’s new guide. Following current trends will also help you stay one step in your connected medical device development journey.

If you have any questions about mapping out or updating your design controls for 2023, we are here to help. Feel free to contact us today.