More apps and devices mean more challenges to resolve

Apple announced its long-anticipated app designed to connect healthcare information from a variety of third-party apps. The personal computing giant has teamed with Mayo Clinic to provide consumers with a comprehensive medical view on a mobile device.

The app, Health, is one part of Apple HealthKit, and gives consumers “an easy-to-read dashboard of your health and fitness data,” according to the company. HealthKit is “a new tool for developers which allows all the incredible health and fitness apps to work together, and work harder, for you.”

This offering is a natural follow up to the popularity of Fitbits and other such personal tracking devices, said Scott Sheaf, senior software engineer in Battelle’s medical device development group. Battelle is the largest nonprofit research and development organization, with over 22,000 employees at more than 60 locations globally.

Apple getting involved in this market “pushes personal tracking into the bigger picture," said Sheaf in an exclusive interview with Clinical Innovation + Technology. "These aren’t niche devices anymore.” Apple, Samsung and other big players are thinking about how to take all these data available from sensors and trackers and drive some sort of insight into the raw data.

These big players are bringing the integration aspect into the market, Sheaf said. Devices are producing lots of data but the market for gaining insight from the vast amounts of information is in its infancy. “It’s an idea whose time has come."

Sheaf cited the problem of patient compliance and the impact a company like Apple can have. For example, he said younger diabetes patients often fall off their insulin regimen but by integrating a social aspect and gamification, studies show their compliance increases. “Those two aspects are very positive and it’s exciting for me to see a big player like Apple support them.”

Despite the potential, lots of challenges remain. Medical devices have been subject to much debate as well as the question of whether apps are, in fact, medical devices that should be regulated. For the time being, many apps and trackers are considered tools that do not require oversight, but Sheaf said he predicts more invasive sensors in the future, which would certainly be eligible for oversight.

The integration of data from multiple sources introduces privacy and security concerns. As data flows from a blood pressure monitor to the user’s cell phone to a cellular network and then to the internet that nobody controls, explained Sheaf, personal data ends up all over the place.

“There’s a lot of work going on now to try to give the industry some guidance on how to deal with these issues.” The medical device industry is scrambling, he said, to figure out how to manage risk management and quality systems and liability when a product has a vulnerability.  “Every major manufacturer is very worried about these things. Plausible deniability is over. People have to be aware of the cyber risks.”

The government and other organizations have been working to keep up with the pace of the market. The FDA released its guidance on medical devices last September, which many called a good start. The group got a push from the National Institute of Standards and Technology, said Sheaf, which published a report on medical device safety and hospital networks. Meanwhile, the American Association of Medical Instrumentation’s subgroup called the Device Security Working Group, which was launched a year ago, has a charter of creating a guidance document that helps manufacturers handle risk management and build in device security from the beginning.

Organizations like the FDA and AAMI “aren’t standing still,” said Sheaf. “It’s a hard problem for everybody to get their hands around. There needs to be tools and processes in place. Up until the last couple of years, they haven’t had to think about it much.”

Another challenge for the industry, he said, is determining responsibility for the diagnostics. Say, for example, an individual’s blood pressure inches up over time. That person might not notice but the device has software that triggers a message to his or her doctor. Who is liable and who is responsible for recognizing something is amiss and act on it? The doctor, the patient or the device manufacturer? “That’s a big question. Docs can’t possibly look at all the data coming in from all their patients. Who owns the responsibility to make sure devices are safe and effective?”

Sheaf also said he sees cybersecurity breaches shifting from the high-profile hacking of hospital websites and networks to targeting of embedded devices such as pumps and pacemakers. “Medical device companies need to worry about the collateral issue of a medical device on a network at a hospital affected by a security issue.” If a hospital network has a virus or a worm, the safety and efficacy of a device could be affected. Even if the network doesn’t directly touch the device, if the network goes down the device’s efficacy could be reduced—another complicated issue.

Looking ahead, “we’ll see major players provide conduits, platforms, tools and resources for third parties to innovate on top of,” Sheaf said. “Apple is essentially providing the playing field and all the tools and will let the industry utilize and implement these tools."

Further developments in analytics will happen over the next 5 to 10 years, he added. More devices, sensors and other tools that collect data need analytics to gain insight. Once that is happening, “we will be able to do some predictions. That’s where the really exciting stuff is going to be.”