A medical device is a product which is used for medical purposes in patients, in diagnosis, therapy or surgery . Whereas medicinal products (also called pharmaceuticals) achieve their principal action by pharmacological, metabolic or immunological means. Medical devices act by other means like physical, mechanical, thermal, physico-chemical or chemical means. Medical devices are included in the category: Medical technology.
Medical devices include a wide range of products varying in complexity and application. Examples include tongue depressors, medical thermometers, and blood sugar meters.
The global market of medical devices reached roughly 209 billion US Dollar in 2006 and is expected to grow with an average annual rate of 6 - 9% through 2010.[1]
Contents |
Based on the "New Approach", rules relating to the safety and performance of medical devices were harmonised in the EU in the 1990s. The "New Approach", defined in a European Council Resolution of May 1985, represents an innovative way of technical harmonisation. It aims to remove technical barriers to trade and dispel the consequent uncertainty for economic operators allowing for the free movement of goods inside the EU.
The core legal framework consists of 3 directives:
They aim at ensuring a high level of protection of human health and safety and the good functioning of the Single Market. These 3 main directives have been supplemented over time by several modifying and implementing directives, including the last technical revision brought about by Directive 2007/47 EC.
Directive 2007/47/ec defines a medical device as: "any instrument, apparatus, appliance, software, material or other article, whether used alone or in combination, including the software intended by its manufacturer to be used specifically for diagnostic and/or therapeutic purposes and necessary for its proper application, intended by the manufacturer to be used for human beings. Devices are to be used for the purpose of:
This includes devices that do not achieve its principal intended action in or on the human body by pharmacological, immunological or metabolic means, but which may be assisted in its function by such means."
The government of each Member State is required to appoint a Competent Authority responsible for medical devices. The Competent Authority (CA) is a body with authority to act on behalf of the government of the Member State to ensure that the requirements of the Medical Device Directives are transposed into National Law and are applied. The Competent Authority reports to the Minister of Health in the Member State. • The Competent Authority in one Member State does not have jurisdiction in any other Member State, but they do exchange information and try to reach common positions.
In UK the Medicines and Healthcare products Regulatory Agency (MHRA) acts as a CA, in Italy it is the Ministero Salute (Ministry of Health)[2]
Medical devices must not be mistaken with medicinal products. In the EU, all medical devices must be identified with the CE mark.
Medical machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is:
-recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them,
-intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or
-intended to affect the structure or any function of the body of man or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. >>> Medical Device Definition US FDA <<<
The term medical devices, as defined in the Food and Drugs Act, covers a wide range of health or medical instruments used in the treatment, mitigation, diagnosis or prevention of a disease or abnormal physical condition. Health Canada reviews medical devices to assess their safety, effectiveness and quality before being authorized for sale in Canada .
The regulatory authorities recognize different classes of medical devices, based on their design complexity, their use characteristics, and their potential for harm if misused. Each country or region defines these categories in different ways. The authorities also recognize that some devices are provided in combination with drugs, and regulation of these combination products takes this factor into consideration.
The Medical Devices Bureau of Health Canada has recognized four classes of medical devices based on the level of control necessary to assure the safety and effectiveness of the device. Class I devices present the lowest potential risk and do not require a licence. Class II devices require the manufacturer’s declaration of device safety and effectiveness, whereas Class III and IV devices present a greater potential risk and are subject to in-depth scrutiny. .[3] A guidance document for device classification is published by Heath Canada .[4]
Canadian classes of medical devices generally correspond to the European Council Directive 93/42/EEC (MDD) devices as follows: Class IV (Canada) generally corresponds to Class III (ECD), Class III (Canada) generally corresponds to Class IIb (ECD), Class II (Canada) generally corresponds to Class IIa (ECD), and Class I (Canada) generally corresponds to Class I (ECD) .[5] Examples are surgical instruments (Class I); contact lenses, ultrasound scanners (Class II); orthopedic implants, hemodialysis machines (Class III); and cardiac pacemakers (Class IV) .[6]
The Food and Drug Administration has recognized three classes of medical devices based on the level of control necessary to assure the safety and effectiveness of the device.[7] The classification procedures are described in the Code of Federal Regulations, Title 21, part 860 (usually known as 21 CFR 860).[8]
Class I devices are subject to the least regulatory control. Class I devices are subject to "General Controls" as are Class II and Class III devices.[7][9][10] General controls include provisions that relate to adulteration; misbranding; device registration and listing; premarket notification; banned devices; notification, including repair, replacement, or refund; records and reports; restricted devices; and good manufacturing practices.[10] Class I devices are not intended for use in supporting or sustaining life or to be of substantial importance in preventing impairment to human health, and they may not present a potential unreasonable risk of illness or injury.[10] Most Class I devices are exempt from the premarket notification and/or good manufacturing practices regulation.[7][9][10] Examples of Class I devices include elastic bandages, examination gloves, and hand-held surgical instruments.[9]
Class II devices are those for which general controls alone are insufficient to assure safety and effectiveness, and existing methods are available to provide such assurances.[7][9] In addition to complying with general controls, Class II devices are also subject to special controls.[9] A few Class II devices are exempt from the premarket notification.[9] Special controls may include special labeling requirements, mandatory performance standards and postmarket surveillance.[9] Devices in Class II are held to a higher level of assurance than Class I devices, and are designed to perform as indicated without causing injury or harm to patient or user. Examples of Class II devices include powered wheelchairs, infusion pumps, and surgical drapes.[7][9]
A Class III device is one for which insufficient information exists to assure safety and effectiveness solely through the general or special controls sufficient for Class I or Class II devices.[7][9] Such a device needs premarket approval, a scientific review to ensure the device's safety and effectiveness, in addition to the general controls of Class I.[7][9] Class III devices are usually those that support or sustain human life, are of substantial importance in preventing impairment of human health, or which present a potential, unreasonable risk of illness or injury.[9] Examples of Class III devices which currently require a premarket notification include implantable pacemaker, pulse generators, HIV diagnostic tests, automated external defibrillators, and endosseous implants.[9]
The classification of medical devices in the European Union is outlined in Annex IX of the Council Directive 93/42/EEC. There are basically four classes, ranging from low risk to high risk.
The authorization of medical devices is guaranteed by a Declaration of Conformity. This declaration is issued by the manufacturer itself, but for products in Class Is, Im, IIa, IIb or III, it must be verified by a Certificate of Conformity issued by a Notified Body. A Notified Body is a public or private organisation that has been accredited to validate the compliance of the device to the European Directive. Medical devices that pertain to class I (on condition they do not need to be sterilised or are not used to measure a function) can be put on the market purely by self-certification.
The European classification depends on rules that involve the medical device's duration of body contact, its invasive character, its use of an energy source, its effect on the central circulation or nervous system, its diagnostic impact or its incorporation of a medicinal product.
Certified medical devices should have the CE mark on the packaging, insert leaflets, etc.. These packagings should also show harmonised pictograms and EN standardised logos to indicate essential features such as instructions for use, expiry date, manufacturer, sterile, don't reuse, etc.
In 2004, the FDA authorized marketing of two different types of medical devices that incorporate radio-frequency identification, or RFID. The first type is the SurgiChip tag, an external surgical marker that is intended to minimize the likelihood of wrong-site, wrong-procedure and wrong-patient surgeries. The tag consists of a label with passive transponder, along with a printer, an encoder and a RFID reader. The tag is labeled and encoded with the patient's name and the details of the planned surgery, and then placed in the patient's chart. On the day of surgery, the adhesive-backed tag is placed on the patient's body near the surgical site. In the operating room the tag is scanned and the information is verified with the patient's chart. Just before surgery, the tag is removed and placed back in the chart.
The second type of RFID medical device is the implantable radiofrequency transponder system for patient identification and health information. One example of this type of medical device is the VeriChip, which includes a passive implanted transponder, inserter and scanner. The chip stores a unique electronic identification code that can be used to access patient identification and corresponding health information in a database. The chip itself does not store health information or a patient's name.[11]
Companies developing RFID-containing medical devices must consider product development issues common to other medical devices that come into contact with the body, are implanted in the body, or use computer software. For example, as part of product development, a company must implement controls and conduct testing on issues such as product performance, sterility, adverse tissue reactions, migration of the implanted transponder, electromagnetic interference, and software validation.
Medical devices that use RFID technology to store, access, and/or transfer patient information also raise significant issues regarding information security. The FDA defines "information security" as the process of preventing the modification, misuse or denial of use, or the unauthorized use of that information. At its core, this means ensuring the privacy of patient information.[11]
The FDA has recommended that a company's specifications for implantable RFID-containing medical devices address the following four components of information security: confidentiality, integrity, availability and accountability (CIAA).
Although the FDA made these recommendations in the context of implantable RFID-containing medical devices, these principles are relevant to all uses of RFID in connection with pharmaceuticals and medical devices.[11]
Medical devices such as pacemakers, insulin pumps, operating room monitors, defibrillators, surgical instruments including deep-brain stimulators are being made with the ability to transmit vital health information from a patient's body to doctors and other professionals.[12]Some of these devices can be remotely controlled by medical professionals. There has been concern about privacy and security issues around human error and technical glitches with this technology. While only a few studies have been done on the susceptibility of medical devices to hacking, there is a risk.[13]In 2008, computer scientists proved that pacemakers and defibrillators can be hacked wirelessly through the use of of radio hardware, an antenna and a personal computer[14]. These researchers showed that they could shut down a combination heart defibrillator and pacemaker and reprogram it to deliver potentially lethal shocks or run out its battery. Jay Radcliff, a security researcher interested in the security of medical devices, raises fears about the safety of these devices. He shared his concerns at the Black Hat security conference.[15] Radcliff fears that the devices are vulnerable and has found that a lethal attack is possible against those with insulin pumps and glucose monitors. Some medical device makers downplay the threat from such attacks and argue that the demonstrated attacks have been performed by skilled security researchers and are unlikely to occur in the real world. At the same time, other makers have asked software security experts to investigate the safety of their devices.[16]As recently as June 2011, security experts showed that by using readily available hardware and a user manual, a scientist could both tap into the information on the system of a wireless insulin pump in combination with a glucose monitor. With a PIN access code of the device, the scientist could wirelessly control the dosage of the insulin.[17]Anand Raghunathan, a researcher in this study explains that medical devices are getting smaller and lighter so that they can be easily worn. The downside is that additional security features would put an extra strain on the battery and size and drive up prices. Dr. William Maisel offered some thoughts on the motivation to engage in this activity. Motivation to do this hacking might include acquisition of private information for financial gain or competitive advantage; damage to a device manufacturer's reputation; sabotage; intent to inflict financial or personal injury or just satisfaction for the attacker.[18]Researchers suggest a few safeguards. One would be to use rolling codes. Another solution is to use a technology called "body-coupled communication" that uses the human skin as a wave guide for wireless communication.[19]
The ISO standards for medical devices are covered by ICS 11.100.20 and 11.040.01 [20],.[21] The quality and risk management regarding the topic for regulatory purposes is convened by ISO 13485 and ISO 14971. Further standards are IEC 60601-1, for electrical devices (mains-powered as well as battery powered) and IEC 62304 for medical software. The US FDA also published a series of guidances for industry regarding this topic against 21 CFR Subchapter H—Medical Devices.[22]
Starting in the late 1980s [23] the FDA increased its involvement in reviewing the development of medical device software. The precipitant for change was a radiation therapy device (Therac-25) that overdosed patients because of software coding errors.[24] FDA is now focused on regulatory oversight on medical device software development process and system-level testing.[25]
A 2011 study by Dr. Diana Zuckerman and Paul Brown of the National Research Center for Women and Families, and Dr. Steven Nissen of the Cleveland Clinic, published in the Archives of Internal Medicine, showed that most medical devices recalled in the last five years for “serious health problems or death” had been previously approved by the FDA using the less stringent, and cheaper, 510(k) process. In a few cases the devices had been deemed so low-risk that they did not need FDA regulation. Of the 113 devices recalled, 35 were for cardiovacular issues.[26] This may lead to a reevaluation of FDA procedures and better oversight.
Medical device packaging is highly regulated. Often medical devices and products are sterilized in the package. The sterility must be maintained throughout distribution to allow immediate use by physicians. A series of special packaging tests is used to measure the ability of the package to maintain sterility. Relevant standards include: ASTM D1585- Guide for Integrity Testing of Porous Medical Packages, ASTM F2097- Standard Guide for Design and Evaluation of Primary Flexible Packaging for Medical Products , EN 868 Packaging materials and systems for medical devices which are to be sterilized. General requirements and test methods, ISO 11607 Packaging for terminally sterilized medical devices, and others.
Package testing needs to conducted and documented to ensure that packages meet regulations and all end-use requirements. Manufacturing processes need to be controlled and validated to ensure consistent performance.
A number of specialist University-based research institutes have been established such as the Medical Devices Center (MDC) at the University of Minnesota in the US, the Strathclyde Institute Of Medical Devices (SIMD) at the University of Strathclyde in Scotland and the Medical Device Research Institute (MDRI) at Flinders University in Australia.
|
|