Major tectonic shifts are occurring in the healthcare and life sciences sectors and the use of technology is playing a leading role in this.
Data and analytics, artificial intelligence, and wearable, connected technology and other medical devices are driving transformational change, creating an abundance of opportunity for these sectors.
According to ProClinical, the top 10 new medical technologies of 2019 will include smart inhalers, robotic surgery, artificial organs, 3D printing, precision medicine and some of the most advanced gene-editing technologies yet.
However, as we know too well: the opportunities these technological advancements bring come hand in hand with their own set of unique challenges. Unlike other driving forces of change, the impact new technology brings presents a risk landscape like few others, which can be complex and difficult to navigate.
It is against this backdrop that in our recent Global Risk and Confidence Survey respondents from the life sciences sector ranked cyber risk and technology risk as the top two risks they are dealing with.
Safe and effective uses
Ensuring safe and effective use of any medical device or technology in healthcare is a crucial responsibility for manufacturers and developers, as well as healthcare providers, not only in terms of addressing regulatory requirements but also of mitigating risks of harm.
In order to pass scrutiny from market regulators and demonstrate that their products do not compromise patients’ health and trust, medical device and technology companies must tie safety and risk management processes closely to their design, development and pre- and post- commercialisation efforts.
The challenges of building in safety and risk management functions across device lifecycles are significant, but manufacturers and healthcare providers alike cannot afford to adopt inadequate measures if their goal is to reduce the risk of post-market problems such as adverse events or device recalls.
Cyber security
The use of remote controlled pacemakers provides a good example of some of the risks. In August 2017 it was reported that almost half a million pacemakers were recalled by the US Food and Drug Administration (FDA) due to cybersecurity fears. Yes, where there is connected technology, there is almost certainly a looming cyber risk.
Six types of pacemaker were deemed by the FDA to contain “holes” in their cybersecurity, which meant the medical devices could be hacked.
Although there were no reports of unauthorised access to any patient’s implanted device, according to the devices’ manufacturer at the time, the FDA said that the vulnerability allowed an unauthorised user to access a device using commercially available equipment and reprogram it.
This meant the hackers could deliberately run the battery flat, or conduct the “administration of inappropriate pacing”. Both could, in the worst case, result in the death of an affected patient.
Other medical device hacking concerns are focused on data, or more accurately, the abuse of data. Medical devices can store a lot of personal data, such as medical records.
On the one hand, making this data more easily accessible to a doctor or nurse if a patient was having an issue is clearly extremely beneficial. It means that patients can be treated faster and more efficiently. However, if this sensitive personal data is leaked following a cyber incident, it could have devastating effects.
Managing the side effects
The ways in which we’ve seen technology change the life science and healthcare sectors is really just the tip of the iceberg. There’s no doubt about it – technology will be the greatest enabler in these sectors for better, more efficient and more accurate treatment. In some areas, technology will even make risks better.
But these dual-uses of technology – for good and for bad – heighten the risk and healthcare organisations need to ensure their systems, processes and skill/knowledge mix reflect this new landscape.
Furthermore, these new technology-related risks present complex questions around where the liability for a medical device malfunction will end up, a topic which will be discussed at our forthcoming conference.
Clinicians, technicians, suppliers and manufacturers, in fact everyone across the value and supply chain, will be subject to increasing scrutiny on this topic. Therefore, their respective organisations should have this at the forefront of their minds and be able to demonstrate robust governance and risk management processes in their areas of responsibility, including when describing the risks and benefits with patients in their informed consent discussions.