In order to effectively use this guidance, or the earlier draft guidance, one must have a working understanding of wireless technologies and the FDA’s Quality System regulations. Only then is there sufficient context to be able to properly apply the guidance to the design, manufacture, installation and support of wireless medical devices. Like many initial connectivity efforts, dealing with these wireless issues can be a case of not knowing what you don’t know.
Risk Management Issues
The opening sentence in section 3 establishes a key concept for the entire guidance:
Designers and manufacturers of wireless medical devices should consider the ability of their devices to function properly in the intended use environments where other RF wireless technologies will likely be located. [Emphasis added.]
The intended use environment means that FDA expects that your risk analysis and mitigations, design and the verification and validation testing of your risk mitigations and overall design will conform closely with environment where your product is intended to be used. This can be simulated in a lab or accomplished in an actual user site. In either event, if your product will be running on an enterprise network, you’d best test your product on a network with realistically simulated or actual enterprise traffic.
The intended use environment also refers to the coexistence of other sources of RF signals, both intentional (other wireless applications) and unintentional (interference from defective or poorly maintained electrical devices). This is not a trivial requirement and requires that a lab be able to realistically simulate enterprise traffic and relevant EMI radiators.
Later in the guidance, specific examples are described of potentially problematic wireless-related hazards and effects that include:
- poorly characterized or poorly utilized wireless systems (e.g., wireless networks);
- lost, corrupted, or time-delayed transmissions, and degradations in wireless transmissions including when caused by competing wireless signals or electromagnetic interference (EMI) to the medical device or its wireless transmissions;
- lack or compromise of wireless security; and
- potential misuse of a wireless medical device because of lack of or inadequate instructions for use.
What they mean by poorly characterized is where acceptable performance boundaries of the wireless link and wireless component of the medical device are not specified. In other words, the wireless network intended to support your medical device must be unambiguously specified to support your application – in addition to any other intended applications (e.g., other enterprise traffic on a shared network).
Poorly utilized refers to matching the use case and resulting wireless requirements of your medical device to the selected wireless technology. The intended use of the wireless technology must be consistent with the use of that wireless capability by the medical device.
The most common example of a potential mismatch is selecting a wire replacement technology intended for very short range wireless sensors (e.g., personal or body area networks) to wirelessly enable an enterprise local area networking use case. That’s not to say you can’t use a short range radio for a mobile medical device, theoretically you can. But there is also a reason why virtually all the mobile medical devices cleared by FDA use either Wi-Fi or WTMS and not Bluetooth, ZigBee or some proprietary radio using a band outside of ISM.
The potential misuse above can also refer to a poor or inadequate design that causes users in certain situations to misuse the device by doing workarounds rather than following the directions for use. This is an example of where human factors engineering and usability testing comes into play.
Technology Selection
The guidance mentions specific RF bands established by the FCC as examples of RF technology used in medical devices:
- Wireless Medical Telemetry Service (WMTS);
- Medical Device Radiocommunication Service (MedRadio) – including the former Medical Implant Communications Service (MICS), Medical Micropower Network (MMN), and Medical Body Area Network (MBAN);
- Cellular communications radios; and
- radio frequency identification (RFID) products.
An interesting omission from the list, and by far the most popular band used for wireless medical devices, is the ISM (industrial, scientific and medical) band. Wi-Fi, Bluetooth and ZigBee all operate in the ISM band.
The guidance does mention licensed bands (that’s most bands besides ISM) offer interference protection. Here’s the text:
It is important to note that many medical devices are authorized to operate as unlicensed devices (under Part 15 of the FCC rules3) in the industrial, scientific, and medical (ISM) frequency bands (e.g., 2400-2493.5 MHz), and as such, are not entitled to interference protection.
The guidance goes on to note that there’s plenty of interference in the ISM band. True enough. Many assume that this potential for interference is a defect of the ISM band. In fact the ISM band is intended to be unlicensed, and the regulations for many products operating in that band include technical solutions to facilitate frequency reuse and coexistence among co-located users to effectively mitigate that interference.
There are two basic kinds of interference. Intentional interference is where there are two or more radios using the same frequency and interfering with each others communications. Unintentional interference is where a defective or poorly maintained electromagnetic device – a florescent light ballast, worn bushings in any kind of electric motor, from paper shredders, blow dryers to elevator motors – generates RF noise that interferes with a radio’s communications.
The ISM band uses technology to mitigate the intentional interference from radios that are within range of one another. Frequencies outside the ISM band only experience intentional interference when another radio in the same or adjacent band which is a relatively rare occurrence.
The unlicensed approach of ISM contrasts with RF spectrum outside the ISM band, which is pretty much all other spectrum. The registered/licensed users of medical devices that use a licensed RF band have the ability to legally force another party to desist who is intentionally interfering with their licensed use of the band by using the same band. Please note all those caveats. Users have to register the use of RF band of the licensed medical device. Should this licensed user experience interference, they must take the time to determine whether the source of interference is intentional or unintentional. Unintentional sources can usually be addressed as soon as the offending equipment can be replaced. Intentional interference must be localized to the party responsible for the interference, and they must be served notice to cease their interference. The process to resolve intentional interference can take considerably longer than resolving unintentional interference, especially if there is a dispute with the party accused of intentionally interfering. Consequently, the inherent “interference protection” offered by licensed RF spectrum may or may not have a significant impact on a manufacturer’s risk analysis when selecting wireless technology.
Wireless Quality of Service
Quality of Service (QoS) is a capability of shared networks whereby traffic of different types can be classified so that different classifications or types of traffic receive different levels of priority for transmission on the network. While it could theoretically be applied in different circumstances, QoS usually applies to Wi-Fi wireless local area networks. The reason for the development of the concept of QoS is that the different types of data that can run on shared networks often have special requirements. Some traffic might be very sensitive to dropped packets resulting in data loss while other types of traffic might not even notice. Some traffic or communications applications are very sensitive to latency where delayed data or messages would render the networked application compromised or inoperable.
The key here is to determine the requirements for your communications application. If you’re moving waveforms, would data loss result in gaps in displayed waveforms? If you’re moving medical device alarms, would a delay impact patient safety?
Wireless Coexistence
Radio frequency spectrum is a fixed thing where the available spectrum is between an upper and lower limit. For multiple users of a shared RF band, various techniques exist to allow a greater number of radios to share spectrum in a particular band. FDA also groups under this heading Electro Magnetic Disturbance (EMD), basically any electromagnetic phenomenon that might interfere with wireless communications or the proper operation of an electrical device. From the guidance glossary: “Examples include power line voltage dips and interruptions, electrical fast transients (EFTs), electromagnetic fields (radio frequency radiated emissions), electrostatic discharges, and conducted emissions.”
Coexistence also refers to how the wireless medical device you’re designing might impact the performance of other wireless and electrical devices, and people, within range of the device. Likewise, the potential impact of other devices on the wireless medical device must also be considered.
Security of Wireless Signals and Data
The cyber security of medical devices has received a lot of attention lately, what with recently hacked insulin pumps, pacemakers and other medical devices and the long term susceptibility of medical devices to malicious software. Consequently, FDA has included a section detailing some special considerations for wireless medical devices.
The market requirement for wireless security is to provide commercially available state of the art authentication and encryption. Wireless medical devices – especially those that operate on a shared enterprise network – are information appliances operating in an enterprise IT domain. As such, wireless medical devices should have the same authentication and security for a given technology as a commercial product like a wireless print server or lap top.
When selecting wireless technologies that are propriety are purpose build, manufacturers are required to complete a security risk analysis and provide mitigations for security hazards. The good old days of claiming “security through obscurity” are fading fast. Just because your wireless communications is something obscure like the electromagnetic induction used by some pacemakers and ICDs is no justification for not implementing effective data security.
Also referenced in this section is the excellent FDA draft guidance “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.”
EMC of the Wireless Technology
This topic is sort of a rehash of items covered under risk management and coexistence. While going into further detail regarding testing for Electro Magnetic Compatibility, this section frames the issues between the environment interfering with the proper operation of the wireless medical device, and the wireless medical device interfering with things in the environment. These “things in the environment” can be both intentional and unintentional interferers, in addition to patients, staff an other people.
Information for Proper Set-up and Operation
This section and the next are relatively heightened areas of focus. As larger and more complex medical device systems, many of them wireless, proliferate in hospitals, clinics and even physician offices, recognition is growing among all parties as to the serious risks associated with installation, configuration and ongoing maintenance.
Wireless medical devices are for the most part designed and tested in the simulated environments of test labs. For example, in a given hospital wireless medical devices from multiple manufacturers will be found, yet rarely are these other vendor’s products included in product testing during the product development process.
Besides the obvious coexistence issues, there are also usability and any resulting tendency to workarounds on the part of users due to product deficiencies. This is basically a requirements, risk management and test set of issues, but often extends beyond the actual product to encompass usability. Certain systems of systems medical devices, like alarm notification systems, add additional complexities to these challenges.
Considerations for Maintenance
When a manufacturer’s wireless medical device system is first installed in a hospital the manufacturer ensures that all of the specifications for the system, many of which are the focus of this guidance, are documented to be met. Once the manufacturer leaves, it becomes the customer’s responsibility to ensure that the overall system, including IT infrastructure, meets specifications going forward – as wireless network controllers or access points get new firmware releases from the network vendor, or the networks (wireless and Ethernet) are redesigned and reinstalled, or new applications are added to the network changing traffic loads and QoS.
The sad truth is that most provider organizations don’t do a very good job of the ongoing maintenance of their wireless medical device systems. Changes are made, and only when something “breaks” does the provider organization either back out the upgrade or call the medical device manufacturer.
While this area is clearly the responsibility of the customer, manufacturers need to do a better job communicating to customers exactly what their responsibilities will be after installation, and how the manufacturer will support those maintenance efforts.
Section 4. Recommendations for Premarket Submissions
This section basically takes the topics and content of the previous section 3 and describes the types of objective evidence or documentation FDA will expect to see in a submission. Established medical device manufacturers new to wireless devices will recognize many of these documentation requirements, but will not be familiar with how they are applied to wireless technologies. Manufacturers that are new to being FDA regulated manufacturers will struggle more with objective evidence requirements rather than technology details.
Summary
A typical guidance document describes what the FDA considers a minimum approach to meeting regulatory requirements or passing muster in a premarket submission, i.e., 510(k), for a medical device. Guidance documents do not describe “the right way” to design or test a product, but rather suggest ways to interpret or implement regulations that FDA finds acceptable. A manufacturer is not required to follow a guidance document, provided they can explain – often with back-up objective evidence – why your approach is at least as effective as that contained in the guidance.
Use this guidance as a tool to make sure you have all the bases covered for your wireless medical device. The guidance points out most all the important bases, and provides examples of what should go into ensuring they’re covered.