A medical device is any apparatus, appliance, software, material, or other article--whether used alone or in combination, including the software intended by its manufacturer to be used specifically for diagnostic and/or therapeutic purposes and necessary for its proper application--intended by the manufacturer to be used for human beings for the purpose of:
Medical devices vary according to their intended use and indications. Examples range from simple devices such as tongue depressors, medical thermometers, and disposable gloves to advanced devices such as computers which assist in the conduct of medical testing, implants, and prostheses. Items as intricate as housings for cochlear implants are manufactured through the deep drawn and shallow drawn manufacturing processes. The design of medical devices constitutes a major segment of the field of biomedical engineering.
The global medical device market reached roughly $209 billion in 2006.
Medical device manufacturing requires a level of process control according to the classification of the device. Higher risk; more controls. When in the initial R&D phase, manufacturers are now beginning to design for manufacturability. This means products can be more precision-engineered to for production to result in shorter lead times, tighter tolerances and more advanced specifications and prototypes. These days, with the aid of CAD or modelling platforms, the work is now much faster, and this can act also as a tool for strategic design generation as well as a marketing tool.
Failure to meet cost targets will lead to substantial losses for an organisation. In addition, with global competition, the R&D of new devices is not just a necessity, it is an imperative for medical device manufacturers. The realisation of a new design can be very costly, especially with the shorter product life cycle. As technology advances, there is typically a level of quality, safety and reliability that increases exponentially with time.
For example, initial models of the artificial cardiac pacemaker were external support devices that transmits pulses of electricity to the heart muscles via electrode leads on the chest. The electrodes contact the heart directly through the chest, allowing stimulation pulses to pass through the body. Recipients of this typically suffered infection at the entrance of the electrodes, which led to the subsequent trial of the first internal pacemaker, with electrodes attached to the myocardium by thoracotomy. Future developments led to the isotope-power source that would last for the lifespan of the patient.
Based on the New Approach, rules that relate to safety and performance of medical devices were harmonised in the EU in the 1990s. The New Approach, defined in a European Council Resolution of May 1985, represents an innovative way of technical harmonisation. It aims to remove technical barriers to trade and dispel the consequent uncertainty for economic operators, to facilitate free movement of goods inside the EU.
The core legal framework consists of three directives:
They aim at ensuring a high level of protection of human health and safety and the good functioning of the Single Market. These three main directives have been supplemented over time by several modifying and implementing directives, including the last technical revision brought about by Directive 2007/47 EC.
Directive 2007/47/EC defines a medical device as (paraphrasing): Any instrument, apparatus, appliance, software, material or other article, whether used alone or in combination, together with any accessories, including the software intended by its manufacturer to be used specifically for diagnostic and/or therapeutic purposes and necessary for its proper application, intended by the manufacturer to be used for human beings for the purpose of:
This includes devices that do not achieve their principal intended action in or on the human body by pharmacological, immunological, or metabolic means--but may be assisted in their function by such means.
The government of each Member State must appoint a competent authority responsible for medical devices. The competent authority (CA) is a body with authority to act on behalf of the member state to ensure that member state government transposes requirements of medical device directives into national law and applies them. The CA reports to the minister of health in the member state. The CA in one Member State has no jurisdiction in any other member state, but exchanges information and tries to reach common positions.
In the UK, for example, the Medicines and Healthcare products Regulatory Agency (MHRA) acts as a CA. In Italy it is the Ministero Salute (Ministry of Health) Medical devices must not be mistaken with medicinal products. In the EU, all medical devices must be identified with the CE mark.
In September 2012, the European Commission proposed new legislation aimed at enhancing safety, traceability, and transparency.
Medical machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory that is:
On September 25, 2013 the FDA released a draft guidance document for regulation of mobile medical applications, to clarify what kind of mobile apps related to health would not be regulated, and which would be.
The term medical devices, as defined in the Food and Drugs Act, covers a wide range of health or medical instruments used in the treatment, mitigation, diagnosis or prevention of a disease or abnormal physical condition. Health Canada reviews medical devices to assess their safety, effectiveness, and quality before authorizing their sale in Canada.
The regulatory authorities recognize different classes of medical devices based on their design complexity, their use characteristics, and their potential for harm if misused. Each country or region defines these categories in different ways. The authorities also recognize that some devices are provided in combination with drugs, and regulation of these combination products takes this factor into consideration.
The Medical Devices Bureau of Health Canada recognizes four classes of medical devices based on the level of control necessary to assure the safety and effectiveness of the device. Class I devices present the lowest potential risk and do not require a licence. Class II devices require the manufacturer's declaration of device safety and effectiveness, whereas Class III and IV devices present a greater potential risk and are subject to in-depth scrutiny. A guidance document for device classification is published by Health Canada.
Canadian classes of medical devices correspond to the European Council Directive 93/42/EEC (MDD) devices:
Under the Food, Drug, and Cosmetic Act, the U.S. Food and Drug Administration recognizes three classes of medical devices, based on the level of control necessary to assure safety and effectiveness. The classification procedures are described in the Code of Federal Regulations, Title 21, part 860 (usually known as 21 CFR 860). The USFDA allows for two regulatory pathways that allow the marketing of medical devices. The first, and by far the most common is the so-called 510(k) process (named after the CFR section that describes the process). A new medical device that can be demonstrated to be "substantially equivalent" to a previously legally marketed device can be "cleared" by the FDA for marketing as long as the general and special controls, as described below, are met. The vast majority of new medical devices (99%) enter the marketplace via this process. The 510(k) pathway rarely requires clinical trials. The second regulatory pathway for new medical devices is the Premarket Approval process, described below, which is similar to the pathway for a new drug approval. Typically, clinical trials are required for this premarket approval pathway.
Class I devices are subject to the least regulatory control. Class I devices are subject to "General Controls" as are Class II and Class III devices. General controls include provisions that relate to adulteration; misbranding; device registration and listing; premarket notification; banned devices; notification, including repair, replacement, or refund; records and reports; restricted devices; and good manufacturing practices. Class I devices are not intended to help support or sustain life or be substantially important in preventing impairment to human health, and may not present an unreasonable risk of illness or injury. Most Class I devices are exempt from the premarket notification and a few are also exempted from most good manufacturing practices regulation. Examples of Class I devices include elastic bandages, examination gloves, and hand-held surgical instruments.
Class II devices are those for which general controls alone cannot assure safety and effectiveness, and existing methods are available that provide such assurances. In addition to complying with general controls, Class II devices are also subject to special controls. A few Class II devices are exempt from the premarket notification. Special controls may include special labeling requirements, mandatory performance standards and postmarket surveillance. Devices in Class II are held to a higher level of assurance than Class I devices, and are designed to perform as indicated without causing injury or harm to patient or user. Examples of Class II devices include acupuncture needles, powered wheelchairs, infusion pumps, air purifiers, and surgical drapes.
A Class III device is one for which insufficient information exists to assure safety and effectiveness solely through the general or special controls sufficient for Class I or Class II devices. Such a device needs premarket approval, a scientific review to ensure the device's safety and effectiveness, in addition to the general controls of Class I. Class III devices are usually those that support or sustain human life, are of substantial importance in preventing impairment of human health, or present a potential, unreasonable risk of illness or injury. Examples of Class III devices that currently require a premarket notification include implantable pacemaker, pulse generators, HIV diagnostic tests, automated external defibrillators, and endosseous implants.
The classification of medical devices in the European Union is outlined in Article IX of the Council Directive 93/42/EEC. There are basically four classes, ranging from low risk to high risk.
The authorization of medical devices is guaranteed by a Declaration of Conformity. This declaration is issued by the manufacturer itself, but for products in Class Is, Im, IIa, IIb or III, it must be verified by a Certificate of Conformity issued by a Notified Body. A Notified Body is a public or private organisation that has been accredited to validate the compliance of the device to the European Directive. Medical devices that pertain to class I (on condition they do not require sterilization or do not measure a function) can be marketed purely by self-certification.
The European classification depends on rules that involve the medical device's duration of body contact, invasive character, use of an energy source, effect on the central circulation or nervous system, diagnostic impact, or incorporation of a medicinal product. Certified medical devices should have the CE mark on the packaging, insert leaflets, etc.. These packagings should also show harmonised pictograms and EN standardised logos to indicate essential features such as instructions for use, expiry date, manufacturer, sterile, don't reuse, etc.
The classification of medical devices in Australia is outlined in section 41BD of the Therapeutic Goods Act 1989 and Regulation 3.2 of the Therapeutic Goods Regulations 2002, under control of the Therapeutic Goods Administration. Similarly to the EU classification, they rank in several categories, by order of increasing risk and associated required level of control. Various rules identify the device's category
|Classification||Level of Risk|
|Class I - measuring or Class I - supplied sterile or class IIa||Low - medium|
|Class IIb||Medium - high|
|Active implantable medical devices (AIMD)||High|
Medical devices such as pacemakers, insulin pumps, operating room monitors, defibrillators, and surgical instruments, including deep-brain stimulators, can incorporate the ability to transmit vital health information from a patient's body to medical professionals. Some of these devices can be remotely controlled. This has engendered concern about privacy and security issues, human error, and technical glitches with this technology. While only a few studies have looked at the susceptibility of medical devices to hacking, there is a risk. In 2008, computer scientists proved that pacemakers and defibrillators can be hacked wirelessly via radio hardware, an antenna, and a personal computer. These researchers showed they could shut down a combination heart defibrillator and pacemaker and reprogram it to deliver potentially lethal shocks or run out its battery. Jay Radcliff, a security researcher interested in the security of medical devices, raised fears about the safety of these devices. He shared his concerns at the Black Hat security conference. Radcliff fears that the devices are vulnerable and has found that a lethal attack is possible against those with insulin pumps and glucose monitors. Some medical device makers downplay the threat from such attacks and argue that the demonstrated attacks have been performed by skilled security researchers and are unlikely to occur in the real world. At the same time, other makers have asked software security experts to investigate the safety of their devices. As recently as June 2011, security experts showed that by using readily available hardware and a user manual, a scientist could both tap into the information on the system of a wireless insulin pump in combination with a glucose monitor. With the PIN of the device, the scientist could wirelessly control the dosage of the insulin. Anand Raghunathan, a researcher in this study, explains that medical devices are getting smaller and lighter so that they can be easily worn. The downside is that additional security features would put an extra strain on the battery and size and drive up prices. Dr. William Maisel offered some thoughts on the motivation to engage in this activity. Motivation to do this hacking might include acquisition of private information for financial gain or competitive advantage; damage to a device manufacturer's reputation; sabotage; intent to inflict financial or personal injury or just satisfaction for the attacker. Researchers suggest a few safeguards. One would be to use rolling codes. Another solution is to use a technology called "body-coupled communication" that uses the human skin as a wave guide for wireless communication. On 28 December 2016 the US Food and Drug Administration released its recommendations that are not legally enforceable for how medical device manufacturers should maintain the security of Internet-connected devices.
The ISO standards for medical devices are covered by ICS 11.100.20 and 11.040.01. The quality and risk management regarding the topic for regulatory purposes is convened by ISO 13485 and ISO 14971. ISO 13485:2003 is applicable to all providers and manufacturers of medical devices, components, contract services and distributors of medical devices. The standard is the basis for regulatory compliance in local markets, and most export markets. Additionally, ISO 9001:2008 sets precedence because it signifies that a company engages in the creation of new products. It requires that the development of manufactured products have an approval process and a set of rigorous quality standards and development records before the product is distributed. Further standards are IEC 60601-1 which is for electrical devices (mains-powered as well as battery powered), EN 45502-1 which is for Active implantable medical devices, and IEC 62304 for medical software. The US FDA also published a series of guidances for industry regarding this topic against 21 CFR 820 Subchapter H--Medical Devices. Subpart B includes quality system requirements, an important component of which are design controls (21 CFR 820.30). To meet the demands of these industry regulation standards, a growing number of medical device distributors are putting the complaint management process at the forefront of their quality management practices. This approach further mitigates risks and increases visibility of quality issues.
Starting in the late 1980s the FDA increased its involvement in reviewing the development of medical device software. The precipitant for change was a radiation therapy device (Therac-25) that overdosed patients because of software coding errors. FDA is now focused on regulatory oversight on medical device software development process and system-level testing.
A 2011 study by Dr. Diana Zuckerman and Paul Brown of the National Research Center for Women and Families, and Dr. Steven Nissen of the Cleveland Clinic, published in the Archives of Internal Medicine, showed that most medical devices recalled in the last five years for "serious health problems or death" had been previously approved by the FDA using the less stringent, and cheaper, 510(k) process. In a few cases the devices had been deemed so low-risk that they did not need FDA regulation. Of the 113 devices recalled, 35 were for cardiovascular issues. This may lead to a reevaluation of FDA procedures and better oversight.
In 2014-2015 a new international agreement, the Medical Device Single Audit Program (MDSAP), was put in place with five participant countries: Australia, Brazil, Canada, Japan, and the United States. The aim of this program was to "develop a process that allows a single audit, or inspection to ensure the medical device regulatory requirements for all five countries are satisfied".
Medical device packaging is highly regulated. Often medical devices and products are sterilized in the package. Sterility must be maintained throughout distribution to allow immediate use by physicians. A series of special packaging tests measure the ability of the package to maintain sterility. Relevant standards include:
Medical device cleanliness has come under greater scrutiny since 2000, when Sulzer Orthopedics recalled several thousand metal hip implants that contained a manufacturing residue. Based on this event, ASTM established a new task group (F04.15.17) for established test methods, guidance documents, and other standards to address cleanliness of medical devices. This task group has issued two standards for permanent implants to date: 1. ASTM F2459: Standard test method for extracting residue from metallic medical components and quantifying via gravimetric analysis 2. ASTM F2847: Standard Practice for Reporting and Assessment of Residues on Single Use Implants 3. ASTM F3172: Standard Guide for Validating Cleaning Processes Used During the Manufacture of Medical Devices 
In addition, the cleanliness of re-usable devices has led to a series of standards, including:
The ASTM F04.15.17 task group is working on several new standards that involve designing implants for cleaning, selection and testing of brushes for cleaning reusable devices, and cleaning assessment of medical devices made by additive manufacturing. Additionally, the FDA is establishing new guidelines for reprocessing reusable medical devices, such as orthoscopic shavers, endoscopes, and suction tubes.
With the rise of smartphone usage in the medical space, in 2013, the FDA issued to regulate mobile medical applications and protect users from their unintended use, soon followed by European and other regulatory agencies. This guidance distinguishes the apps subjected to regulation based on the marketing claims of the apps. Incorporation of the guidelines during the development phase of such apps can be considered as developing a medical device; the regulations have to adapt and propositions for expedite approval may be required due to the nature of 'versions' of mobile application development.