Embedded Systems in Medicine
Medicine, from diagnosis to therapy, is advancing all the time. As scientists make new health discoveries and the cost of customized treatments and therapeutics falls, new ways of improving society’s health emerge. A great demonstration of this is the recent coronavirus pandemic. Smartphone apps enabled contact tracing, maker spaces manufactured 3D-printed ventilator parts and face shields, and messenger ribonucleic acid (mRNA) vaccines were deployed for the first time. But when are health-related apps and the wearables that feed them considered medical devices?
When are Wearables and Apps Medical Devices?
Before the pandemic, the global wearable medical device market was already projected to grow at a compound annual growth rate of 18.3%, according to the Wearable Medical Devices Market Research Report1. Market drivers ranged from responding to the needs of an aging population and the rising prevalence of chronic diseases to an increased desire to improve fitness. Innovation in this space has accelerated, in part, thanks to the ubiquity of smartphones and their always-on connectivity, and there are now many providers of wearable diagnostic and therapeutic equipment.
The health monitoring capabilities of the Apple Watch are a prime example, having saved lives in several medical emergencies. One incident involved a man in Cincinnati, USA, whose watch automatically called emergency services after a fall2. Blood pressure and heart rate data saved in his smartphone app helped physicians determine the cause of his loss of consciousness – a blood clot that was swiftly treated. Another person in the UK was made aware of his irregular heartbeat by his watch3 that he otherwise would have overseen.
But, as most engineers will be aware, medical electronics is highly regulated, with clear standards covering everything from software testing to product safety. Should an embedded system developed to monitor heart rate and transfer it to a smartphone fitness app be treated like any other medical device? How are daily app and cloud software updates handled in an industry that needs years to certify some medical products? And what responsibilities lie with developers handling patients’ often highly sensitive data?
1 https://www.psmarketresearch.com/market-analysis/wearable-medical-devices-market
2 https://www.wcpo.com/news/health/cincinnati-man-says-apple-watch-saved-his-life-after-he-collapsed-during-walk
3 https://www.indiatoday.in/technology/news/story/apple-watch-saves-life-of-a-36-year-old-user-suffering-from-heart-condition-2345300-2023-03-11
Would you like to delve deeper into the topic?
At embedded world Exhibition&Conference 2025 from March 11 to 13, 2025,
you will have the opportunity to exchange ideas with industry experts.
Is My Software-Based Medical Device Safe?
Some of today’s standards, such as IEC 62304, came about in response to early medical device software failures, such as the Therac-25. Brought to market in 1982, this radiation therapy machine successfully treated thousands of cancer patients. However, it also delivered dangerous radiation doses to at least six patients4, three of whom died from resultant complications. The machine was a successor to a previous computer-controlled product, the Therac-20, but with some safety mechanisms transferred from hardware to software. Furthermore, some of the code originated from a product developed in the early 1970s.
During investigations into the issues, it was determined that some software errors were inherited through software reuse, while others were related to the user interface. A sluggish response to user input and poor clarity between halting for errors and malfunctions resulted in staff habitually restarting the machine, regardless of the cause.
Which Standards Apply to Medical Devices and Their Software?
IEC 62304 – Medical device software – Software life cycle processes is a standard that provides a framework for teams developing software for medical devices. Because there are already many established medical safety standards, elements such as risk management are mostly covered (termed “normatively referenced”) by ISO 14971. There are, however, exceptions, such as when software can be a contributing factor to a hazard, either directly or indirectly.
Before getting started, you and your chosen manufacturer will need a quality management system (QMS) that follows a standard such as ISO 13485. This formalizes documentation storage, provides traceability, and proves that the necessary processes are in place.
Another early decision needed is the product’s safety class assignment. The classification for the software and hardware parts of the same end product may diverge. For example, a piece of therapeutic equipment may be classified as Class B due to a risk of non-serious injury. However, if the software integrated into the product only gathers usage data and doesn’t control the therapy, it could be assigned as Class A, posing no unacceptable risk to health.
The standard also covers the software development process, from requirements analysis to unit testing and code reviews. It even provides guidance on dealing with Software of Unknown Provenance, also known as SOUP, such as third-party libraries, operating systems, and other outsourced code. Handling of software versions is also covered.
Next is what happens once the product has gone to market. A software maintenance plan must be ready to analyze possible problems and handle changes and modifications. On top of that, you’ll need to be ready to investigate issues arising during use and identify possible problem trends. There is also an obligation to maintain records and inform users and relevant authorities.
Usability, as it relates to safety, is covered in IEC 62366 – Medical devices – Application of usability engineering to medical devices. A poor user interface that leads to incorrect operation can jeopardize the safety of both patients, as seen in the Therac-25 example, and healthcare operators.
Protecting Patient Data
With the always-on connectivity of smartphones and data being sent and stored on unknown cloud services, society is naturally concerned about who has access to their data and for what purpose. Insurance companies could, theoretically, use months or years of blood pressure and heart rate data to raise premiums despite a consumer having no currently diagnosed health issues. And, thanks to big data and artificial intelligence, the effort required to perform such analysis is sinking rapidly, increasing the risk of it happening.
But we stand at a crossroads. While we can detect and treat more conditions than ever, the costs for personnel and advanced therapies are climbing. Diagnostic data and early intervention make conditions easier and cheaper to treat. If patients are assured such personal insights are only used for the agreed purpose, they’re more likely to accept this change in healthcare approach.
In the United States, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 protects consumer health data. However, there are concerns that the legislation is not strong enough5.
In Europe, protection is provided by General Data Protection Regulation (GDPR) since most patient data qualifies as personal data. In some ways, this simplifies a medical equipment developer’s life since GDPR is well established, from data processing to data storage services.
A relatively new consideration for developers is the Medical Device Regulation (MDR), introduced in 2021 and effective across the European Economic Community (ECC). Thanks to this regulation, many software-only products, such as smartphone health apps, are now considered medical devices6, even if they are only used for diagnostic, monitoring, or prevention purposes. This means they must comply with the same standards as traditional medical hardware and even require CE marking. Pre-market clinical evaluation reports and ongoing post-market clinical follow-ups are also needed7.
5 https://www.techtarget.com/searchhealthit/definition/digital-health-digital-healthcare
6 https://www.sciencedirect.com/science/article/pii/S1386505623001594
7 https://advisera.com/13485academy/blog/2021/04/06/ivdr-vs-mdr-comparison/
Medical Devices: Well Regulated Software and Hardware
Engineers can rapidly develop wearables that pair with smartphones and healthcare apps thanks to the miniaturization of sensors and batteries and the growth in low-power, system-on-chip Bluetooth-capable silicon. And, while such devices place the user under little to no physical risk during use, the diagnostic results they deliver could. It is correct to question whether a heart rate monitor in a wearable and its app is designed only to provide fitness data or whether we can rely on it for detecting heart conditions, such as heart arrhythmia.
It’s clear that early diagnosis is growing in importance as our population ages and our ability to detect and treat more conditions than ever expands. Medical wearables and smartphone apps are a great addition to the healthcare system’s range of tools and will undoubtedly save lives. With the learnings of past decades, clear standards, and tight data protection legislation, consumers can be sure that engineering teams building medical devices deliver safe embedded systems with software that keeps their data private.