Registered users can unlock up to five pieces of premium content each month.
Product Recalls |
NEWS |
Typically, product recalls occur either when the company that manufactured the product uncovers a problem or an oversight agency, such as the U.S. Food & Drug Administration (FDA) or the United States Department of Agriculture (USDA), raises concerns about the product’s use or safety. Once a recall is issued, consumers are asked to stop using the product and receive a repair, refund, or replacement. However, the recall process is evolving in order to account for Internet-connected devices that have been deployed in hard-to-reach places, which include implantable medical devices, such as pacemakers.
In late August 2017, the FDA issued a recall notice for nearly half-a-million radio frequency (RF)-enabled St. Jude Medical implantable pacemakers already embedded in patients’ chests. The FDA found that there were potential cybersecurity vulnerabilities with the RF-enabled implantable pacemakers that could allow an unauthorized user to access a patient’s device using commercially available equipment to modify programming commands to harm patients through rapid battery depletion or the administration of inappropriate pacing.
Fortunately, there were no known reports of patient harm due to these vulnerabilities, and St. Jude released a firmware update intended as a coercive action. The firmware update required patients to visit with their healthcare provider, but the device did not have to be removed from the patient. However, not all patient monitoring device issues are so easily remedied.
Inaccurate Alarms |
IMPACT |
In a lawsuit filed a week before the pacemaker recall was issued, Rush University Medical Center in Chicago claimed that it spent US$18 million installing a Dräger patient monitoring system that did not work as promised and put patients at risk. One of the main functions of patient monitoring systems is to provide alerts when a patient’s biometric falls outside of acceptable ranges. Rush University claims that these alarms were unreliable and inaccurate and sent out so many false positives that it led to alarm fatigue and took medical attention away from truly at-risk patients. Additionally, Dräger’s system allegedly erased patient records. This is unfortunate because the promise of patient monitoring systems like that of Dräger’s was that data from multiple devices could be cross-checked in order to reduce hospital alarm fatigue. Alarm fatigue was seen as a nuisance before connected devices, so much so that the alerts are seen as annoyances, rather than being helpful. False alarms can register for a variety of reasons, including conservative alert ranges, patient movement, and device malfunctions. It is unclear how the rate of false alarms under Dräger’s system compares to the rate of false alarms with previous or comparable systems, but it is clear that there was an issue between what services the connected system claimed to provide and what services the system actually provided.
Warning Signs |
COMMENTARY |
While both examples above illustrate the risks involved with deploying and using connected patient monitoring devices, they also highlight some of the benefits that these devices provide. They also serve as an example for existing and future manufacturers and providers of what practices to follow. While the St. Jude recall was a setback for patients and providers, the devices did not have to be removed from the patients via surgery. Additionally, no patients were harmed as a result of the recall. The Dräger fiasco serves to show other companies what providers expect from their patient monitoring device systems. While it may make hospitals and networks more cautious moving forward, it helps all parties to effectively set expectations early. Hospitals and networks need systems like this in place to record, manage, and analyze the troves of patient data being created. Patients within the hospital need to be tracked, and their care needs to be recorded and managed efficiently. Providers need to be able to track a patient’s interactions throughout the entire clinical environment to allow for more effective diagnoses and treatments. These tasks are difficult for even smaller hospitals to successfully address, but for hospitals with hundreds or even thousands of beds, keeping track of all this information presents a monumental challenge. Connected patient monitoring devices leverage their connectivity to allow clinicians, nurses, and caregivers to instantaneously know the status of a patient and to ensure that any patient within their facility is receiving the necessary care.
Lastly, both examples show the need for agencies like the FDA to establish best standards and practices for connected patient monitoring devices. Patient monitoring devices are considered medical devices, so they are regulated. These new products have to comply with national standards and regulations and have to undergo approval processes. Patient monitoring devices need to receive FDA approval to be used in the treatment and diagnosis of patients, and the fact that these issues are coming up after approval has been granted shows that the approval process is not as thorough and effective as it needs to be. The strict approval process already delays the time for new products and innovations to be released and increases the cost of the products as well. If the approval process is not catching these issues before they affect patients, then that reduces confidence in the FDA, its approvals, and these devices, furthering limiting adoption of this much-needed technology.