Rising Recall Numbers Are Shaking the Medical Device Industry

A scheming financial trading company, a slow-moving government agency, and thousands of dollars and lives on the line. No, this isn’t The Big Short. This is a medical device recall. In 2016, Muddy Water Capital hired MedSec, a cybersecurity penetration tester, to analyze a pacemaker produced by St. Jude Medical with the intention of finding a flaw, publishing that flaw, and winning a payout by shorting the manufacturer’s stock.

The net result has been lawsuits, counter-suits, and the FDA responding to public pressure with a recall of 465,000 pacemakers in the US. Unlike recalling a blender, it is not as simple as mailing it back. Everyone effected by this recall needs to make an appointment so that their doctor can update the device’s firmware. Yes, you read that right. Doctors installing firmware.

Normally, gaps or defects in device software are revealed through a process of testing authorized by the FDA or by the manufacturer. After this unauthorized test by MedSec publicized a major hacking vulnerability, WhiteScope, a California-based security firm, conducted a study on devices from four pacemaker manufacturers. That study identified 8,000 bugs or hacking vulnerabilities, rooted in unencrypted patient information and software systems that hadn’t been updated sufficiently. Ultimately, this recall has illuminated an industry-wide issue and is forcing medical device manufacturers and their regulators to face three core realities.

The Industry Needs a Better Standards Structure

The FDA releases “guidance” regarding medical devices and digital health solutions. Guidance is not good enough. The agency should either make firm, punishable requirements or adopt another industry’s model. The current levels of ambiguity stifle new product development and raise risk levels across the industry. If that wasn’t bad enough, the testing bureaucracy from the FDA and state-level regulators is notoriously slow, turning some innovations into decade-long projects.

The route of discrete requirements is increasingly difficult to pursue as new technologies and entire Digital Health product sectors, like mHealth apps and fitness tracking devices, emerge. Adopting the standards structure of another industry might be a better long-term solution. Aerospace and automotive, for example, have developed effective disciplines around quality management that, while not perfect, set clear expectations. By focusing attention at the process-level of product development, these industries are capable of adapting to new technologies quickly. Standards may need to be raised or modified, but the FDA should increase its reliance on process-centric compliance benchmarks, like ISO 13485, to shape new product development. By setting prioritized testing tiers, the FDA could expedite the most ISO compliant manufacturers, and subsequently encourage the entire industry to assess risk and include safety assurance elements at each stage of development.

The Device Recall Problem is Growing

A study by Stericycle ExpertSolutions lists the average number of medical devices recalled per quarter in 2015 as 276,233.  In 2016, it was 310,158. So far in 2017, it is 876,076. While this is certainly concerning for patients, if this trend continues manufacturers could be buried in recall expenses. With the precedent of an organization like Muddy Water Capital attempting to profit off of unauthorized device testing, manufacturers will need to make quality management moves quickly or they will empty their pockets remedying fatal device flaws.

Medical Devices Manufacturers Can No Longer Afford to Be Reactionary

The industry needs to take a more proactive approach to quality management. It starts with the understanding that the product development lifecycle will most likely yield defects. If you start with that assumption, then it becomes much easier to implement the next steps:

  1. Identify and mitigate the highest-risk components and processes
  2. Drive quality through peer code and document reviews at every development stage
  3. Increase documentation and traceability across the communications thread

By building risk assessments into the software design and development stages, manufacturers will need to regularly foresee potential defects and fortify their review processes and testing accordingly. The best way to start strengthening quality throughout your development lifecycle is by empowering peer reviews. Every time that a section of code or a requirements document gets peer-reviewed, it sharpens the quality while serving as a documentation event. The chaos of a recall is exponentially greater if there is no documentation around who worked on a trouble area, what the conversation was, and over what timeline the defect arose.

If a manufacturer invests in their own peer review process by adopting a comprehensive review tool, then it only takes one avoided recall to see a positive ROI for decades. SmartBear’s premier peer review solution, Collaborator, is trusted by leaders in the medical device market because it offers organizations the ability to tailor review templates and workflows to the needs of each of their teams and products. It is powerful when you can bring code and document reviews into one tool, create custom reports, and archive reviews to produce a comprehensive audit log.

Start a free 30-day trial of Collaborator today to see what next-level peer reviews could look like for your organization.

Want to spread the word? Share this post!

Speak Your Mind

*