Tag Archives: medical devices

Computer on wheels or medical computer

Mishaps in Hospitals from Inadequate Hardware Problems

Technology is great. We can stick to 8 hour work days while increasing productivity and then go home to families or plan out our next self-driven project. Granted that’s what technology is supposed to help us do, but sometimes bumps in the road of problem A to solution B can be tech-central. Technology can fail, unfortunately. Thankfully, the time invested to restore tech to working order is a sacrifice hospitals are willing to accept to bring better and less erroneous healthcare to patients. However, when older and inadequate tech is more of a burden, it’s time to consider scrapping what used to work ten years ago with something that can reduce tech-related stress and hangups that drain more time than necessary to get the job done.

Spotty WiFi with Computers on Wheels

It’s a constant problem for the 21st century in hospitals everywhere—spotty wireless communications in every corner of the hospital building. Call up a nurse’s desk to ask what issues they’re facing with technology and inconsistent WiFi will be mentioned. Chalk it up to weakened signals from aging hardware and insufficient components. It’s not feasible to remove that problem for good, but it’s possible to pinpoint key factors in technology—mostly residing in a hospital’s medical computers—that can be improved so WiFi isn’t a problem of which patient room you’re in or where you’re standing. Here’s WiFi woes and ways to restore the fidelity in the “Fi.”

Take a hypothetical case—a nurse using a cloud-based EMR system on a cheap laptop finds that in patient room 105 the WiFi doesn’t kick in, and so entering information relies on memory, written notes, or a silly, cumbersome workaround. That’s not ideal for a hospital, especially when “zero” can be a dangerous entry for a patient refill or a different metric. If the IT department has ensured that the wireless infrastructure is the highest standard on the market, then the culprit lies within the laptop. The wireless card inside of the machine doesn’t communicate well with the wireless routers in the hospital.

If that’s the reason for the signal drop, it’s time for IT to consider upgrading their computing efforts to medical computers with Intel-certified wireless cards instead of laptops that power cheap alternatives. An Intel dual-band wireless AC card is the current standard for wireless technology in a hospital. Not only more secure, these cards have the know-how to switch between wireless routers on the fly without signal loss. Computers on wheels are often pushed through several hospital wings and floors, jumping from one wireless router to the next. Intel wireless cards are secure and stable enough to swap from router to router seamlessly. It’s a hardware standard that computers on wheels and medical devices need to operate optimally. Besides, less stress on the end-user is always a positive thing.

Hospitals Don’t Shut Down—Neither Should the Hardware

Twenty thousand hours. That’s how long a standard hard drive disk lasts per average metrics and regular use. It may seem like a lot, but that’s just over two years if you do the math. Medical computers operate at near 24/7 runtimes. If there’s a hard drive failure in two years, that’s not a very strong lifespan for a computer to store data. The last mishap a nurse or physician wants is for the digital rug to be pulled out beneath them with a hard drive failure while they’re busy entering patient data into a medical computer. The drive can’t be sent off to data rescue because it would violate HIPAA laws. So, what to do?

Thankfully, technology has improved hard disk storage so there aren’t moving parts to break—solid state drives have a longer lifespan than regular platter hard drives, but that doesn’t rule the smarter tech out of defect or an eventual kaput. A medical grade computer with a military-grade solid state hard drive will push that two-year average life cycle to beyond five years. If the looming storage failure is still a concern for staff—which can happen at any given moment—then a backup drive coupled with the original solid state can serve as a proper safety net. IT can clone the surviving drive and restore the medical computer to optimal working status. Besides, a computer cycle for a hospital should be five years to stay with EMR software development. Having a hard drive that’s graded to last beyond a purchase cycle is ideal.

Shoddy Medical Computer Touch Screens

Touch screens are breeding grounds for germs and bacteria. Introduce the dirt and grease from five separate individuals’ hands onto a touch-screen interface and an infection may reside somewhere in the fingerprint jungle. They’re not always the easiest to clean either—spray disinfectant directly on a medical monitor and the internal components could suffer from adverse effects from the disinfectant (broken pixels, unresponsive touch controls, or an immediate transformation into a paperweight) running into the crevices of the monitor. Some insufficient touch screen tech needs constant calibration to ensure what’s touched is the intended function. Pressing “Close” should never result in “Administer Medicine”—we shudder at that thought. But there’s still tech problems galore in working with touch screens that don’t measure up to what hospitals need.

The kind of tech needed in a hospital is what’s called 5-Wire Resistive technology. Avoiding too much tech-talk, it’s a more durable technology than capacitive because it holds up to scratches and cosmetic imperfections, it’s easier to work with since it doesn’t require skin contact, it’s cheaper to manufacture, and it lasts longer than the newer capacitive technology. Couple these features on a medical computer and bye-bye tech problems.

It isn’t intuitive to think of hard drives, touch screen technology or wireless cards when you’re talking about patient care. But in today’s HIT world, technology is one of the driving factors in providing the absolute best user experience for healthcare practitioners so they can focus on taking care of patients. For more information on how a computer designed specifically with healthcare in mind is different than a commercial grade computer you can contact us today to learn more about our medical computers.

medical computers and their role with patient engagement in telehealth

Here’s How Telehealth is Revolutionizing the Way We Practice Healthcare

Telehealth is a topic under heavy study because it’s extremely effective at reducing time and streamlining processes for medical care. It’s a complex umbrella term that addresses physician to patient interaction, how medical records are viewed and delivered, physician care and outreach, patient infotainment systems, and other important factors. One key aspect of telehealth is patient engagement technology which we are seeing improve over time with the rise of smaller, faster medical computers. Here are some ways patient engagement technology is changing telehealth and making healthcare more convenient for everyone.

Virtual Appointments are a Reality with Medical Computers

Online videoconferencing is the first telehealth innovation that comes to mind. It’s still a common practice for people to schedule appointments months in advance for an initial diagnosis and then follow-up appointments to treat or cure an ailment. If a patient needs information from a nurse, it still requires an appointment, more waiting, travel, another waiting room, etc. With the rise of telehealth, patients are able to skip waiting rooms and connect with a doctor or nurse via videoconference with a computer in nursing. If live appointments aren’t available, patients can still leave video messages and possibly show progress of a medicine’s effect. Nurses can hold “question and answer” sessions to keep patients informed and use visual aids to help patients understand their health complications. Plus, medical records can be updated on-the-fly using EMR software, streamlining the process from patient feedback to updating medical records. Growing advancements in this field have strengthened the interconnectivity of rural areas with hospitals. According to an online source published in 2012 called The Role of Telehealth in an Evolving Health Care Environment, telehealth reduces cost and increases quality of care for patients that can’t easily access the nearest hospital. A recent dermatology study showed physicians were able to increase their patient head count by approximately 270 per month with virtual appointments. Virtual appointments are a growing trend and studies reflect it!

Online Patient Portals are More Common

Patients in rural areas don’t always have the luxury of stopping by a clinic to get medical record printouts, so now there are online patient portals dedicated to showing medical records. Patients can even take questionnaires to narrow down a medicinal recommendation from a physician, request prescription refills, look at bill and payment history, or communicate directly with nurses in an orderly system to relay information about healthcare developments. As reported from the National Coordinator for Health Information Technology, over 60 percent of hospitals let their patients view, download, and transfer their health data in 2014. It’s a real growing trend now because of technological advancements with medical computers and web-based interfaces that take the waiting process out of healthcare.

Medical Computers Have Started Remote Patient Monitoring

Patients of all types struggle with time and keeping proper records for a doctor’s evaluation. Diabetics must watch their diet and monitor their blood glucose levels to track their health records. Clinically obese individuals transfer their caloric burn rate to doctors, necessitating another appointment, more travel, and more waiting rooms. It’s the same across the board for individuals with limited lung function, insomnia, heart palpitations, dementia, and other patients with measurable results of their health problems. With the advent of telehealth, remote patient monitoring can be automated and sent to a physician almost immediately. It’s all done within the medical computer, streamlining the process of getting information to the doctors without human error introduced.  The benefits have showed in research as well. As before, the key aspect to telehealth is patient engagement, and keeping patients informed through doctors’ notes and information about their illnesses has shown increased rates of consistent medicine ingestion and other metrics. There are interactive disease management programs in the field (BeWell Mobile for instance) that let patients send their vital signs to their providers electronically with quick recommendations from their providers on what to do if their symptoms flare up. Another excellent example is called the Virtual Dental Home, a telehealth program that lets dental health professionals transfer information between each other to assist patients in remote locations.

Patient Engagement Solutions are Integrated into Hospitals

One of the most desired aspects of telehealth is connecting inpatients to their families during their (hopefully short) hospital stay. Patient infotainment systems are a standard in hospitals because hospital guests can remotely connect with anyone they desire over the internet, along with ordering food, watching movies, or calling staff when necessary. It’s part of the entire patient engagement package, ensuring patients are well-educated on their ailments so they understand their role in self-care.

These are all results of advancement in medical computer technology pushing telehealth to expand healthcare reach, cut down on waiting time, streamline communication, provide remote monitoring, increase patient engagement, connect patients remotely with doctors and family, and deliver an overall better patient care experience.



medical computer systems

3 Ways Healthcare Usage Dramatically Impacts Hardware Longevity

It’s important for medical computers to operate 24/7 since healthcare is just as demanding. Internal components do not last forever, unfortunately, and demanding uptime for computers can seriously affect the longevity of hardware. According to an analysis by the Institute of Electrical and Electronics Engineers, The FDA issued almost six thousand recalls to hardware between 2006 and 2011, with approximately 1,200 of the recalls from computer-related failures. A vast majority of those recalls affected patient health. This study alone outlines a problem that hospitals face with computer-related failures and how those have affected patients—injury or worse. The FDA monitors reports of malfunctions and other problems after their approved hardware goes into the field in order to make adjustments to their regulations, but it’s an ongoing, never-perfect process. The best that can be done with post-fielding is ensuring stricter regulations on hardware, but that doesn’t guarantee that a hospital will utilize an FDA-approved piece of hardware to monitor patient health or control a medical device. The best way to minimize adverse events and malfunctions from a computer hardware standpoint is to ensure all components in a hospital’s set of medical computer systems are used with healthcare in mind. Here’s what we mean in detail below.

Medical Computer Systems Benefit from Solid State Drives

The unseen infection is terrible for hospitals and can result in nosocomial infections, so hospitals must take all precautions possible to ward away those infections. One such precaution has to do with patient data storage. Standard platter hard drives cause problems in hospitals by circulating dust mites and airborne germs throughout the air with their moving parts. A lot of consumer-grade computers only come with one hard drive without a backup solution, so if hospitals store their patient data on a regular hard drive without redundancy or backup, that’s a risky situation from data loss and HIPAA violation standpoints. Standard platter hard drives last (according to some sources) four years on average, but that’s with standard use, not constant. A lot of medical computer systems use solid state drives that, on average, last several years longer than older hard drive technology. Why? Fewer moving parts and less dust. Typically in a sealed plastic enclosure, solid state drives in embedded PCs alleviate a hardware component’s greatest threat—dust—and don’t use moving parts to read data. Solid state drives are put to the test from manufacturing plants via rigorous read/write tests and hold up against older technology. That’s why it’s crucial to select the best components to ensure the longevity of life for a medical panel PC and to protect patient data. Plus, medical computer systems often use solid state drives in pairs for redundancy and backup, ensuring nothing is lost when a hard drive failure occurs. Use of paired solid state drives combat three problems in one—spreading of airborne illnesses and dust, better longevity because of no moving parts, and patient information backup with a second drive.

Heat in a Medical Computer System is a Terrible Component Killer

Since EMR systems receive constant software updates, it’s important to get powerful hardware (intel i7s) and strong video capability to run and view the demanding software. However, pulling a consumer-grade PC off the shelf to run as a mobile EMR system won’t operate well. Let’s say a new computer runs an intel Coffee Lake i7 8700k with 32 gigabytes of RAM and an NVIDIA GTX 1090. Great! This system is capable of running the latest software at blazing speeds. However, what’s not addressed is the power of the CPU and components. The CPU on a consumer-grade processor pulls more power, which means more heat. Without a way to dissipate heat, the processor and surrounding components can easily overheat and melt. Fans are necessary for running components at high wattage, but they are also thought of as points of failure. If a fan fails, the computer in question fails—that’s it. That’s specifically why many healthcare facilities choose to deploy fanless medical computers  which run components at much lower power ratings, usually 35 watts for the processor alone. Less power means less heat, which means higher longevity and no fans. No fans mean no dust, which means even higher longevity for computer components and less risk for patient health.

A Medical Computer System Uses Higher-Grade Components

The MTBF (Mean Time Between Failure) is considered a defining standard for hardware reliability with two “branching” standards—the Department of Defense standard and the Bellcore/Telcordia Predictive Method, the former of the two being more recognized. Consumer-grade computers by some reports have a 2-year MTBF, and it’s likely that the lifespan of such a computer may be cut short if used in a demanding environment like a hospital. If a computer needs to operate 24/7, it’s far too demanding for a consumer-grade computer to handle. Constant heat, ceaseless running fans, and excessive power draw (adding expenses to an already skyrocketing energy bill for a hospital) will guarantee a shorter lifespan than a medical computer system which is built for 24/7 operation. This lower MTBF is also on a component-based level; consumer PC manufacturers don’t use high grade discrete components (diodes, resistors, transistors, etc.) that meet the reliability standard found in medical computer systems. The lifespans for medical computer systems on the market today span typically 3-5 years.

Heat, dust, power, lower-grade components with moving parts, and other factors clearly all point to less reliability and lower longevity when using a consumer grade computer as a medical computer system. Dust is a huge internal component hazard, so it’s best to have a sealed system that doesn’t ingest it. Heat is another gigantic factor in system longevity, so keeping components operating at lower wattage ratings will increase their longevity—also removing the need for fans. Medical computers with higher-quality, military-grade components will always outlast consumer-grade computers on average, ensuring medical professionals can get the job done while avoiding computer hazards to the patient.

Understanding the Unique Requirements for Medical Computers in a Hospital Setting

Hospitals gather a large population of infected individuals in one place, so it’s difficult to keep nosocomial infections from happening. That requires different standards for hospital operation and use of equipment. One of the largest reasons for hospital beds and rooms filling up is the invisible agent—microbes and bacteria that pass on unwanted viruses and pathogens that can quickly affect a small population. Since medical computers and devices operate with patient care in mind, careful consideration of a device’s build, materials, controlling software, and other factors must pass FDA regulations and meet necessary standards. Plus, medical care is not just a “part time” task. Hospitals operate on a round-the-clock schedule—a health-related disaster can strike at a moment’s notice, especially within an intensive care unit. These specific reasons why medical computers and devices are unique to the hospital environment are examined in detail here.

Medical Computers Need Antimicrobial Housings

Medical grade computers are built with either an antimicrobial coating sprayed onto the device post production or include an antimicrobial resin mixed into the plastic housing during manufacturing. But what exactly does that mean? Antimicrobial is an umbrella term that describes a range of abilities that disinfect and ward off growth of microorganisms, often times originating from bacterial, fungal, viral, or parasitical natures. The benefit of these medical computer builds is that even with passing microbes from surface to surface, the plastic housing of these medical computers discourages microbe growth. After multiple uses from several medical professionals, a computer built with antimicrobial plastics can still help prevent the spread of germs without constant disinfection. Recent news reports detail there was a bacterial outbreak at a nationally renowned hospital that infected ten patients, thankfully none of which were fatal. The patients were infants. An online report that detailed research into an Army ICU revealed MRSA bacteria living on keyboards, a problem that could have been alleviated with antimicrobial materials. It’s clear to see why medical computers require antimicrobial housing.

Medical Grade Computers Need to Meet Standards

One might ask what kind of regulations hardware and software might need for a hospital. A lot of consumer off-the-shelf products, both hardware and software, aren’t safe for patient and medical use. Consider what the implications could be using buggy software on a medical device! For that reason there are several rules, regulations, and standards for medical devices, some set by the International Electrotechnical Commission. One of the most accepted standards is the 60601-1 electrical and radiation standard, addressing verification, design methodology, risk / safety assessment for patients and staff, and other factors. It’s not possible to determine the total number of test cases for final revisions of hardware, which is why this standard is in place. Every revision this standard goes through brings significant changes to how medical grade computers and other devices must be built, often times focusing on the medical device’s operational distance to the patient. There are three distance classifications for the standard: B, BF, and CF. Type B operates near the patient, BF makes contact with the patient, and CF makes contact with a patient’s heart. Any medical device, whether in close vicinity or making contact with the patient, must meet the standards for safety. The FDA ensures medical grade computers and devices pass these standards for the safety of patients and the professionals that use them under the 510(k) regulation, requiring that manufacturers demonstrate their product is safe. There are a number of manufacturers that claim to have medical grade products, but haven’t actually been independently tested. Be sure to do your homework before any major hardware deployment.

Hospitals Need to Operate 24/7

Hospitals need to operate on a 24/7 timeline. Fortunately, the medical grade computers in question can operate with those time demands. It’s not just a matter of having a computer that’s always on—it’s a question of the computer’s internal components and if they’re intended to be on 24/7. For instance, many medical computers have an emergency back-up battery installed in order to remain functional during a power outage. Imagine if the power went out, all medical computers shut down, and all that patient data was lost! Even though most hospitals are equipped with backup generators, the seconds between a power outage and the generators coming online could result in massive data loss. Medical computers with hot swappable batteries eliminate the need to be reliant on an AC power source completely. These computers are powered by removable batteries and can provide up to 16 hours of run time before you need to exchange the batteries.

Medical grade computers cannot operate in the same manner that consumer-grade computers do; the implications of losing data, hardware malfunction, overheating, spread of germs, and other factors are far too great to sacrifice for patients. Plus, computers with moving parts are more likely to malfunction, especially under 24/7 operation.

One Must Consider the Application as Well

Even within a hospital, different departments have different needs. Operating rooms, labs, and ICU units are often sterile environments. In these environments,  a fanless medical computer would be required. To achieve fanless operation without overheating, these computers need to be built with specialized components that commercial grade manufacturers aren’t willing to invest in. The fanless operation prevents to spread of dust and germs through the air, which could be a major contamination concern in these high specialized areas.

In a perfect world, we’d be able to stop all nosocomial infections. For the world we live in, it’s important to use the right tools for hospital use to avoid spreading infection, keep patients safe, and operate at a moment’s notice without a high risk of failure. The published studies show that these are factors required by all hospitals to operate in the best manner possible.

medical grade PCs

Extending the Life of Medical Equipment with Medical Grade PCs

The IT challenges and needs for a healthcare facility are far different than those of a traditional enterprise. Mobility, EMR compatibility, 24/7 operability as well as the need to mitigate the transfer of germs and disease must all be factored in. But even within the healthcare space, needs can vary tremendously. Consider the differences between a hospital in a large metropolitan area vs. a hospital in a rural area. In a lot of rural areas, medical facilities don’t have the luxury of large budgets or the ability to upgrade medical equipment as regularly as a larger hospital in a more densely populated area might have. Extending the life of that machinery in a cost efficient manner is vital for these types of facilities in order to provide the very best in patient care without breaking the bank.

A customer of ours recently reached out to us to let us know how they have managed to extend the life of their mobile x-ray units by integrating a medical grade computer. Their solution turned out to be a stroke of genius, and allowed their facility to move from the analog age into the digital age.

Mobility Matters in Medical Grade Computing

Our customer employed mobile x-ray units in rural areas that needed medical grade computers for control. Consumer-grade computers wouldn’t have fit the bill—carrying around a heavily-wired computer and monitor would have been insufficient and cumbersome for medical staff, so they used medical-grade PCs with hot swappable battery functionality.  With a full 16 hours of uptime running on batteries, the staff didn’t need to connect to AC power while using their mobile x-ray medical devices with the medical grade computers. Plus, there’s no downtime with computers featuring hot swappable battery technology ensuring constant healthcare. Internet connectivity is also a concern. In rural areas, internet accessibility isn’t the best which calls for a different type of wireless capability. Many mobile computers are equipped with 3 and 4G wireless technology, so even in the most distant of places medical staff can send patient data to the hospital for review if need be.

Using Surgical Grade Monitors to Enter the Digital Age

Our customer was able to connect the surgical grade monitors to the mobile x-ray devices and get an instant x-ray result on the medical computer’s touch screen. Older technologies required large film emulsion plates that took hours to process within a dark room—that obviously isn’t a mobile solution. With an instant x-ray, our customer was able to zoom in on the patient’s affected area in question and diagnose patients. Instead of having to travel several miles to a distant hospital, wait for an x-ray, process the film, and then have a doctor review the x-rays, it’s done instantly on site so the hospital doesn’t need to purchase expensive and bulky film slates for x-rays. When patient mobility is reduced, it’s up to the medical staff to transport what’s needed in the most crucial times of patient healthcare. Our provided solution fit the needs for our customer and their patients.

Medical Devices in Healthcare IT Aren’t Cheap

Our customer needed a medical grade computer that interfaced with the mobile x-ray machines without a significant price tag. Older medical devices use a serial RS-232 port, which is a legacy port not often found on consumer-grade computers. The option to upgrade to a newer set of x-ray machines wasn’t available with average prices for them ranging well over 100 thousand. In acquiring the medical grade computers, they saved crucial business funds to focus on traveling to patients with hampered mobility.

Medical Computers That Also Meet Certifications

The medical grade computers our customer used weren’t just capable of interfacing with x-ray machines for medical staff use. The computers they purchased had a full spectrum of patient safety in mind, starting with an antimicrobial plastic that inhibited the spread and growth of microorganisms. These mobile computers with the hot swappable battery function were fanless and used internal solid state drives to prevent spreading dust and germs. They also met FDA standards for patient safety with a 60601-1 certification to protect patients from electrical and radiation-related hazards.

Online sources report that 80 rural hospitals have seen closures since 2010 and approximately 600 are suffering financially, numbers likely because patients and hospitals lack mobility. These computers helped the lives of people and kept hospital doors open. There are reasons beyond mobility, however, that prompted our customer to purchase these computers—they’re medically certified for hospital and patient room use. Consumer-grade PCs don’t measure up to the standard that these computers meet! Our customer was satisfied with their purchase of these computers with the hot swappable battery function, the instant x-ray feedback, and the medical certifications to protect patients.


Medical Device End of Life Cycle

3 Reasons Why End of Life Matters for Medical Equipment Manufacturers

The end of life (EoL) or PC life cycle is an important topic in the medical device manufacturing world. A PC life cycle can be defined as a cycle that describes the usefulness of a desktop or laptop computer to an agency, from its initial acquisition through its ultimate disposal—a fitting definition. Cybernet’s entire line of medical computers have a 3-5 year life cycle that’s determined by evaluating several factors—longevity of all computer components, intent of each computer, average use time, environmental factors, software that’s to be used, and other reasons. Sometimes, however, medical computers go through revision changes that can signify an end of life, and the process from revision change back to full certification is highly involved! The revision process to certify a medical computer just to control a specific medical device can be a complicated thing, especially if the two devices don’t communicate well. Here are some ways that the end of life cycles affect medical device manufacturers and the processes that happen behind the scenes.

End of Life Cycles Means Customers Must Review Changes

End of Life for certain components in a system doesn’t mean just replacing said components; it takes time to review what changes were made, suggest implications for impact, and go through a process called design verification for both hardware and software. All settings, drivers, and applications need adjustment to fit the new drive images. The devices must be rigorously tested together, bugs must be addressed both on a software and hardware level, and then the results must be sent to the FDA to ensure an entirely seamless validation.  All documentation (the device master record, drawings, etc.) that is associated with the hardware in question must be updated too. Verification and validation are two intense procedures—validation is defined per Wikipedia as the assurance that a product, service, or system meets the needs of the customer and other identified stakeholders. Verification is defined as the evaluation of whether or not a product, service, or system complies with a regulation, requirement, specification, or imposed condition. These are at the heart of design verification, just one component of the entire implementation from A to Z. That doesn’t even factor in signatures and approvals from medical device executives and FDA individuals. These processes are highly involved and can take anywhere from several weeks to several months for implementation depending on the severity of changes—even a small revision to a tiny component! It’s clear that these steps are under heavy scrutiny and take careful thought to move through. The goal is to ensure hospital satisfaction and patient safety in all these steps, which leads to…

End of Life Cycles Mean More Certifications Are Coming

FDA approvals alone are difficult to achieve since all of our medical computers must be rigorously tested with the medical devices in question. Any revisions or changes to a medical computer must be resubmitted for certification in order to work with medical devices again. Imagine the implications of having an untested medical computer on an x-ray machine! Even a pair of similar computers don’t have the same electromagnetic compatibility (or EMC), so switching computers on a medical device isn’t very simple. Introducing an untested medical computer to a medical device could cause it to malfunction, necessitating months and perhaps years of testing before certifications. That doesn’t even consider global certifications, as every locale where our medical grade computers may be used could have vastly different requirements. Different certifications can cost more time, resources, and money, sometimes in the range of hundreds of thousands of dollars.

What that Means for The Operator and Patient

The FDA categorizes medical devices into three classes of risk, the third class being the highest risk—pacemakers, for example. Patient and operator lives are at risk when working with class 3 medical devices, but those cannot be put to market without full verification and validation. The FDA requires full V&V for Cybernet’s medical computers to function with class 3 medical devices, a process that is ensured through rigorous testing, retesting, and approval. Patient and operator safety is in good hands when a medical computer’s end of life is in question—every computer out of our warehouse that interfaces with a medical device isn’t just some assemblage of parts that works with machines. They are fully-approved and certified medical computers designed from the ground up for patient and operator safety. Yes, it takes time and money for our customers to use these computers with their medical devices. That’s just proof that we are second to none in this amazing industry.


What The FDA’s Postmarket Management of Cybersecurity in Medical Devices Means for Manufacturers of Medical Devices

The FDA‘s guidance on “Postmarket Management of Cybersecurity in Medical Devices”[PDF] is a complementary document for the 2014’s “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices” [PDF]. The 30 pages of the guidance contain detailed recommendations, and the manufacturers of medical devices need to study them thoroughly.

The guidance is consistent with the cybersecurity guidelines set by the U.S. Government for other industries such as power grids and financial organizations and aims to protect critical infrastructures from cyber threats. Since most of the medical device manufacturing is in the private sector, the guidance also aims to facilitate cooperation between the public and private actors in preventing and mitigating cyber attacks.

Key Highlights

#1. Medical devices: the guidance applies to medical devices containing software, firmware, programmable logic, as well as mobile medical devices and applications, and devices that are part of interoperable systems – the legacy devices already in use, or on the market.

The agency explains the scope of medical devices has increased to include any device that is connected to computer networks and can, therefore, be compromised.

#2. Patient Harm (IV): the guidance stresses the importance of risk-based assessments of cybersecurity vulnerabilities that could cause patient harm. Of note: Patient Harm replaces Essential Clinical Performance that was present in the draft version. Patient harm definition is aligned with ISO 14971.

Interestingly, the guidance excludes compromise of private data from the definition of patient harm and refers to HIPAA for privacy protection recommendations.

#3. Evaluation of Risk of Patient Harm (VI) is the key purpose of the cyber-vulnerability risk assessment that needs to define if the risk of patient harm is:

  • controlled/acceptable (low probability of an exploit harming patient health)
  • or uncontrolled/unacceptable (high probability of an exploit harming patient health).

The agency suggests a matrix to evaluate risk acceptability, involving:

  • the exploitability of the vulnerability
  • the severity of patient harm in case the vulnerability is exploited

Of special note here is the recommendation to adopt a vulnerability disclosure policy and recognize that mitigation changes may affect the device’s performance.

#4. Postmarket Considerations (V) section introduces recommendations to deploy robust cybersecurity risk management program throughout the entire product lifecycle. The FDA emphasizes that such programs must include:

  • Monitoring information sources (ISAO, customer complaints, service records) for news on new vulnerabilities and threats.
  • Deploying threat modeling to define how to maintain safety and essential performance.
    Implementing mechanisms for monitoring third-party software for emerging vulnerabilities during the device’s entire lifecycle; and design verification and validation for software updates and patches for vulnerabilities, including those in Off-the-shelf software.

The cybersecurity program needs to be comprehensive, systematic, thoroughly documented and in compliance with the Quality System Regulation (21 C.F.R. Part 820). NIST has a guidance on cybersecurity programs for manufacturers, and the FDA’s guidance contains an Appendix “Elements of an Effective Postmarket Cybersecurity Program.” It encompasses five elements -1) identify; 2) protect or detect; 3) protect/respond/recover; 4) mitigate risks to safety and essential performance.

#5. Maintaining Safety and Essential Performance (V) links cybersecurity risk management to safety, essential performance, threat modeling, and mitigation actions.

Controlled risks can be patched in a routine update. They fall under the “cybersecurity routine updates and patches” group. These patches are not considered as repairs and do not call for reporting under 21 CFR 806. If a manufacturer holds a PMA, an annual 21 CFR 814.84 report needs to mention the patch.

Uncontrolled risks must be patched as soon as possible in the form of a patch, update or a temporary “fix” (for example, disabling the Internet connectivity). It is advisable to start with a quick temporary fix to ensure patient safety, and then proceed with a permanent patch in cases when a permanent patch takes some time to design and deploy. Manufacturers must report these fixes to the FDA (21 CFR part 806).

#6. Reporting exceptions. The FDA waives the 21 CFR 806 reporting if the three requirements are met:

  • No deaths or other serious adverse events happened due to the vulnerability.
  • The manufacturer has notified users of an available fix (temporary or permanent) no later than 30 days of learning of the vulnerability. The manufacturer has instructed the users on how to apply the fix.
  • No later than 60 days after learning about the vulnerability, the manufacturer fixes it, validates the change and distributes the patch. The manufacturer should follow-up with end-users after the distribution of patch.
  • The manufacturer is a member of an ISAC/ISAO.

#7. Criteria for Defining Active Participation by a Manufacturer in an ISAO (IX) urges the manufacturers to participate in the Information Sharing Analysis Organization.

ISAO/ISAC – Information Sharing & Analysis Committee/Organization, non-profit, industry-specific organizations created to let the members share knowledge about data security. Members of these organizations have a few legal exemptions that apply to the information they share. NH-ISAC is an ISAC, where the National Healthcare organization is a partner.

#8. Impact on Industry

The basic principles of NIST framework must be adopted in the manufacturers’ cybersecurity program. Take into account medical device cybersecurity throughout the entire product lifecycle. Pre-market, manufacturers should incorporate cybersecurity management inputs and design an approach that would determine:

  • Assets and vulnerabilities;
  • How threats/vulnerabilities may cause Patient Harm;
  • The likelihood of threats;
  • Risk levels based mitigating promptness and strategies;
  • Residual risk assessment, and risk acceptance criteria.

Manufacturers must define the risk of patient harm, identify the cybersecurity vulnerabilities of their devices, assess and classify the existing risks and engage in remediation. A proper documentation of the process is expected.

Health IT community must engage in better information sharing. The FDA encourages the medical device manufacturers and the health IT community as a whole to collaborate closer in ISAO and ISAC to facilitate threats identification and remediation. The FDA Center for Devices and Radiological Health (CDRH) also encourages the fostering of ISAOs and the role of NH-ISAC. The manufacturers of medical devices should consider joining an ISAC to:

  • Have access to information and intel about the cyber threats.
  • Be exempt from some reporting requirements under 21 CFR 806 (uncontrolled risks).
  • Have access to the community where manufacturers can share information exempt from regulatory use and civil litigation, and the federal Freedom of Information Act, given the data shared meets the requirements of the Critical Infrastructure Information Act.

Manufacturers must understand and comply with the mandatory reporting requirements under 21 CFR 806. One of the most complex points since reporting is difficult to draft and apply and raises concerns about proprietary data protection.


The FDA has been explicit that manufacturers must deploy the comprehensive cybersecurity and risk analysis – over the entire lifecycle of a medical device. The primary focus of the analysis is the risk of patient harm. The guidance includes legacy and mobile devices in the scope of medical devices, recognizing that connectivity increases the chances of a device compromise.

The good news is the reduced reporting to the agency in certain cases, and ways to disclose vulnerabilities without assuming a litigation risk.

At this point, manufacturers should acknowledge the FDA’s increasing attention to cybersecurity, and take these recommendations as seriously as possible. As medical devices become more connected and smart than ever, we can expect that some of the recommendations, if not most, could become mandatory in the foreseeable future.

The Impact of the IEC 60601 Standard on the Healthcare Industry

IEC 60601-1 is the primary standard governing the design of medical devices. While not all countries have adopted IEC 60601-1 as the standard, globally it has become the de facto international benchmark for the design of electronic medical devices.

IEC 60601-1 is a standard intended to be applied to all electro-medical devices traded internationally as a requirement for bringing new medical devices to market. 60601 was first published in 1977 and has been revised many times. The most recent revision, 60601 3rd edition was published in 2005. It was adopted in 2006 by the European Union impacting international medical device manufacturers. In January, 2014, the U.S. started enforcement of the 3rd edition of IEC 60601 for new medical devices (medical devices already on the market on this date were excluded from this enforcement).

There has been a great deal of focus on the standards set by IEC 60601. What are the particulars involved in this set of standards and why is it so important for healthcare administrators to purchase products that adhere to them? Let’s take a deeper look at the details surrounding IEC 60601 and the impact that it has on the healthcare industry.

Designing in Safety: Medical Electronic Manufacturers and IEC 60601

Designing an electronic device that can be used within the clinical setting and meets the standards set out in IEC 60601 is a long process. One of the biggest challenges that manufacturers face when it comes to developing electronic devices is making sure that the instruments in question sufficiently address issues of safety. The IEC 60601 standard was created to directly address these issues. The IEC 60601 standard addresses the risks associated with the use of electrical medical equipment. Purchasing a device that complies with the 60601 standard ensures that the device has gone through a complex series of testing before it is certified ready to bring to market.

Devices Covered by the IEC 60601

There are a varied number of devices that fall under the purview of the IEC 60601 standard. Devices that are used to diagnose, treat, or monitor patients and have one connection to an energy supply are covered by the standard. Should a device have physical contact either directly or indirectly with a patient and transfer energy such as electrical currents to or from the patient, then the device is covered by the regulations set by IEC 60601. Examples of products that are covered by this standard include infusion pumps, endoscopic cameras, MRI and gamma imaging systems, battery operated medical devices, accessories that may be associated with these devices, etc.

Evaluating Hazards Associated with the Use of Electronic Medical Devices

A primary focus that the IEC 60601 standard addresses is the exposure of both users and patients to hazards associated with electronic medical devices. A device that strictly complies with IEC 60601 ensures that hospital administrators, patients, and healthcare practitioners have reduced risks associated with the use of medical grade electronics. An example of this are the risks associated with the energy output of certain electronic medical devices. IEC 60601 directly addresses this issue through stringent rules on the design of medical devices so as to prevent any patient or operator from unintended exposure to electrical currents.

Non Conforming devices

Many hospitals & medical facilities have used traditional desktop computers, towers and all in ones produced by the big three throughout their operations ranging from operating rooms to patient registration and nursing stations. Such computers are not certified to IEC 60601 standards and present a potential risk to both the patient and healthcare practitioners that may cost hospitals millions in potential legal actions.

Manufacturers who create products that adhere to the IEC 60601 standard get to ensure that their devices meet product safety requirements from the initial design phase. This approach directly benefits patients & healthcare providers.