Medical Device Software & Products Liability: The Homefront (Part II)

By Sara E. Dyson, Esq.
November 27, 2017


• Categories: 03-Manufacturing Execution, 04-Product Design & Development, Combination Products

This article is the second in a series of three that will address the products liability risks associated with medical devices and software failures. While software can transform medical device capabilities, its use also creates new products liability risks or changes the nature of existing risks. This series provides descriptions of some of the software-related trends I have observed as well as some prognostications about where software is taking us.

The first article described products liability law and its application to software-driven medical devices. This second article, Medical Device Software & Products Liability: The Homefront, looks at the use of software in medical devices in non-clinical settings, particularly the home environment. It addresses software’s role in the home healthcare trend, explains the software-related risks that arise from home-use products, and discusses what manufacturers can do to make these products safer.

Americans have a preference for receiving healthcare at home. Consider the transformation of healthcare delivery from the clinical setting to the non-clinical setting through home healthcare for the elderly and chronically ill and remote treatment of patients through “telemedicine.” According to a study conducted for AARP, 83% of adults want to remain in their homes for as long as possible.¹ Not surprisingly, the Bureau of Labor Statistics (BLS) has identified home healthcare services to be one of the fastest growing occupations in the entire U.S. economy, with job growth for home health aides projected at 38% between 2014 and 2024.² (By comparison, the BLS expects all occupations to experience growth at 6.5% during the same time period.³) As for telemedicine, according to a Harris online poll, 61% of consumers surveyed indicated that they “are open to using [virtual healthcare services]” and 16% have already done so.⁴ The American Telemedicine Association estimates that there were 1.2 million virtual doctor visits conducted in 2016, and 72% of hospitals and 52% of physician groups have telemedicine programs.

The numbers tell us that increasingly patients will be treated at home, a trend brought to you by software. To be clear, home healthcare is not a new concept; however, a new generation of software-enabled devices is changing the type of care that patients can receive at home while also changing the nature of risks associated with home healthcare. For decades, we have relied on products like patient aids and durable medical equipment – walkers, mobility aids, etc. – to enable patients to remain in the home environment. I refer to these products as “traditional” home-healthcare products. Yet, the modern surge in the number of people receiving care at home is made possible by a sophisticated class of technology-enabled products that give healthcare providers the capability to monitor and treat patients remotely for complex conditions that were once treated primarily in clinical settings. In other words, we have entered a new era of home healthcare. While this new generation of home-healthcare products shares some things in common with traditional home-healthcare products, there are also some remarkable differences between them.

Read Part I: Medical Device Software & Products Liability: An OverviewIt is important to note that the products associated with new-era home healthcare are not recognized as a discreet category of medical devices; indeed, many of them are not medical devices at all, technically speaking. Cell phones, computers, and web cameras are all important to the remote treatment of patients, but none of them meet FDA’s definition of a medical device.⁵ They are consumer products. This article, however, concerns itself with the sweeping category of home-healthcare products that are considered medical devices. These products are scattered throughout FDA’s product classification system and generally fit into one of two categories—they are existing technologies that have been retooled to make them “connectable,” or they are new medical devices that were developed specifically for the remote treatment of patients.

Regardless of their genesis, most medical devices giving rise to this new era in home healthcare rely heavily on software components, making them subject to the products liability rules that I outlined in the first article in this series. This second article examines the risk profiles of software-driven home-healthcare products. It also outlines some basic strategies that manufacturers of these products should consider in order to make their products safer for nonclinical settings and to mitigate products liability risks.

Understanding the Products Liability Risk Profile of Software-driven Home-healthcare Products

As I discuss in detail in the first article, every type of medical device has a unique products liability “risk profile,” or a collection of attributes that make devices more or less vulnerable to products liability claims. Understanding the products liability risk profile of a medical device is the important first step in managing the losses and costs associated with products liability—and, better yet, making the device safer and avoiding injuries altogether. When it comes to software-driven home-healthcare products, there are some underlying themes that are important to understanding their risks.

Characteristics of “New” Home-Healthcare Devices. Whether to empower patients or by practical necessity, modern home healthcare depends heavily on patient interaction with devices. In a sense, patients interact with all medical devices ─ such as when a patient operates a wheelchair or receives electrical pulses from a pacemaker. However, the degree and type of interaction required of patients by software-driven home-healthcare products is quite different from what has been required of them by traditional home-healthcare products, particularly as relates to the level of healthcare literacy, self-sufficiency, and initiative patients need to operate this new generation of products effectively and safely. Consider the example of the software-driven connectivity “hub,” a device that enables home monitoring of patients by collecting “patient-generated health data” and transmitting it to healthcare providers, who monitor their patients’ conditions remotely. This type of FDA-cleared device, different versions of which are currently being offered by several manufacturers, is commonly dependent on the patient’s self-reporting of medical measurements, such as blood glucose levels, blood pressure, and weight.

More broadly, the Office of the National Coordinator for Health Information Technology, which is a part of Health and Human Services (HHS), has recognized patient-generated health data as a “thing” and defined it to include information on health history, symptoms, biometric data, treatment history, lifestyle choices, and other information that is created, recorded, gathered, or inferred by or from patients or their designees to help address health concerns.⁶ A home monitoring system, or other product that makes use of this type of data, enables a patient to remain at home, but it requires the patient’s accurate and vigilant participation in his or her own care in order for the product to perform effectively and safely. This “do-it-yourself” aspect of home healthcare is pervasive among software-driven home-healthcare products and contributes to their risk profiles, as I discuss in greater detail below.

Smartphone software applications (“apps”) – particularly when they are accessories to medical devices as opposed to standalone products – also contribute heavily to the risk profiles of many of the latest home-healthcare products. In 2016, the number of patients enrolled in some form of digital health program supported by apps ─ some of which are considered medical devices and others that fall outside the purview of the FDA – experienced a 44% jump.⁷ With increased patient/device interactions and the proliferation of apps across the entire spectrum of the consumer marketplace, patients have come to expect that their medical devices ─ regardless of their purpose or sophistication ─ will also come with apps. Many manufacturers are attempting to meet patients’ expectations by creating apps for a variety of medical devices, including some medical devices that traditionally did not allow for any patient interface whatsoever (outside of their intended therapeutic functioning, of course). A manufacturer who makes a device faces a set of risks that are inherent to the nature and functionality of that particular product, but when the manufacturer attaches an app to it, the software and its capabilities can create a new dimension of risk not previously associated with the device.

Consider the example of home-use ultrasound. Recently, MIT Technology Review reported that a vascular surgeon used a hand-held ultrasound scanner connected to an app to diagnose his own cancer.⁸ Though not a cancer specialist, when suspicious images appeared on the app’s readout, the doctor recognized them as a telltale sign of the disease. He is quoted in the article as saying, “I was enough of a doctor to know I was in trouble.” But, what of the layperson user? Would a layperson be able to operate the device just as effectively and safely? Within the last year or so, industry media outlets have reported on advancements in this technology that will soon enable ultrasound to be used at home. This particular manufacturer reportedly has plans to put this technology into the hands of the layperson in the near future. It seeks to combine the device with artificial-intelligence software “that could help a novice position the probe, collect the right images, and interpret them. By next year, it believes, its software will let users automatically calculate how much blood a heart is pumping, or detect problems like aortic aneurisms.”⁹

The home-use ultrasound has all of the hallmarks that distinguish “new” home-healthcare products from traditional home-healthcare products. It is a software-driven product that requires sophisticated interaction between the patient and the device. It is a product that was designed for use by medically-trained professionals but is being adapted for use by laypersons. Quite literally, it puts technology that was formerly only in the hands of healthcare providers into the hands of laypersons. It is intended to be used apart from a healthcare provider; that is, for use outside the presence of a trained medical professional. Together, these elements combine to empower patients and enable them to interact with technology in new ways. While much good can come from making patients more involved in their own care, there are risks as well. Namely, we should expect that interactive technology coupled with at-home use will make self-diagnosis a common problem, as we ask patients to participate more actively in their own care while removing health care providers, geographically speaking, from treatment. Relatedly, this dynamic suggests that medical errors (such as misdiagnosis) may not be addressed until underlying health conditions have progressed further, becoming more serious and possibly causing greater physical damage to patients compared to when treatment is provided in traditional clinical settings.

Traditional home-healthcare products are not associated with these pitfalls. At the same time, however, the new home-healthcare technologies are susceptible to some of the same problems that manufacturers of traditional home-healthcare products have struggled with for decades.

Learning from Traditional Home-Healthcare Products. Considering the factors that typically contribute to the risk profiles of traditional home-healthcare products, some “big picture” concerns emerge. Among them are the design challenges associated with creating products that function safely and effectively outside of the clinical setting. The clinical setting is a controlled, uniform, and consistent environment. Most clinical settings strongly resemble each other, as requirements for sanitation, infrastructure, and utilities are the same across facilities. It is far easier to design a product for that environment, because the conditions under which the product will be used are predictable. On the other hand, there is no “one” home environment. In fact, the term “home healthcare” when applied to these products is a misnomer. Medical devices are used not only in homes, but also in schools, public spaces, recreational venues, etc. A home-healthcare device must operate effectively and safely in a variety of home environments as well as these other diverse forums. This can be challenging for medical-device designers, and home-use devices often are not capable of adapting to the complex and varied conditions of non-clinical settings.

Historically, some manufacturers of home-healthcare products have stumbled when developing product safety information for laypersons, such as patients or care providers who do not have medical training. In general, product safety information, as I am using the term, includes such things as warnings, instructions for use, and labeling. When done well, this information guides the user through the safe and effective operation of the product. However, when not done well, deficiencies in this information can cause injury to patients and give rise to products liability. Unfortunately, poor quality product-safety information is often associated with home-healthcare products. Quite simply, this is because it is hard to develop product safety information for this type of product. It is much easier to develop product safety information for devices operated by trained healthcare providers, who share an educational background and vocabulary, than it is to develop product safety information for a heterogeneous population of laypersons, who are diverse in their educational backgrounds, abilities, and challenges. As a result, home-use devices are particularly prone to failure-to-warn claims.

Managing the Risks Associated with Software-driven Medical Devices Used in Non-clinical Settings

What can a manufacturer of a software-driven home-healthcare product do to make the device safer and mitigate associated risks? It is important to design a risk management strategy that takes into consideration the unique risks of a particular product; however, there are some general, guiding principles that I recommend to companies that are developing software-driven home-healthcare products.

Test Software in Real-World Conditions. FDA has issued several guidance documents related to software. Cyber risks, software-related information in product approvals, and the use of off-the-shelf (OTS) software in devices are among the topics they cover. The one guidance document that most directly addresses software testing was issued in 2002, and it concerns software validation systems. In general, “validation” determines whether a process or function returns the same results over time. So, a software validation system is used to determine through objective evidence whether software consistently performs as intended ─ a topic relevant to product safety but merely the tip of the iceberg when it comes to addressing risks that arise from software in home-healthcare products.

In 2011, as part of a study of quality metrics published by FDA in its white-paper, Understanding Barriers to Medical Device Quality, the agency warned manufacturers of software-driven products about the need to test products in the environments in which they will be used.¹⁰ The report states, “Most companies attributed poor software quality to challenges around ‘developing comprehensive test cases to simulate the effects of field usage.’ Software products are operated by a diversity of users, in various applications and environments.” This is an important warning that designers of software may miss if they are consulting the software-specific guidances only, since they don’t address the need to test software in real-world conditions.

In 2014, FDA issued a guidance document titled, Design Considerations for Devices Intended for Home Use. The document warns, “Failure to adequately consider potentially hazardous situations during the design of home use devices may result in inappropriate use, use error, or incompatibilities between the use environment, the user, and the device. This could cause the device to malfunction, possibly contributing to death or serious injury.” The document is intended to guide the design of all aspects of home-use products, whether related to software or mechanical functionality. However, the document touches only briefly on software specifically. “Software plays a critical role in the operation of some devices. For these devices, you should focus on developing device and software architecture and algorithms for performance, error detection, control, and recovery.” It also advises software developers “to account for the needs of home users” and how upgrades will be performed. Despite the somewhat meager advice applicable to software directly, this guidance contains excellent information on how to approach the various risks that arise from the home environment. Though this guidance is not typically thought of as “standard” among the collection of guidances for software developers, I strongly recommend it to those who design software for home-use devices.

Understand the Potential for Misuse. According to FDA, “A use error refers to a situation in which the outcome of device use was different than intended, but not due to malfunction of the device. The error may have been due to a poorly designed device, or it may have been used in a situation that promoted incorrect usage. Other users may make the same use error with similar or worse consequences.”¹¹ In addition to performing “real world” software tests to identify potential use errors, human factors testing is another tool for companies that are trying to anticipate problems. In my experience, device firms sometimes underestimate the importance of human factors testing or dismiss it as a “nice to have,” since it can be expensive and may require companies to look outside their own organizations for the expertise necessary to perform this sort of analysis. However, omitting human factors testing could be a big mistake; particularly for manufacturers that are re-tooling traditional products to make them “connectable” or are converting “physician-only” devices into products intended for use by laypersons. These companies must be careful not to fall into the trap of expecting their devices to perform the same in the home environment as they do in the clinical environment, and human factors testing is one way to determine whether a product is ready to become a member of the next generation of home-healthcare products.

Often companies learn of “use errors” when conducting post-market surveillance of their products. FDA requires medical device manufacturers to monitor adverse events and user complaints. Companies that do this well can discern patterns of misuse over time. When such a pattern emerges, a company should consider undertaking changes to the product’s design and/or safety information ─ and, in fact, may be obligated to do so under products liability law or FDA rules. FDA data on adverse events can also provide companies with a means of assessing the performance of their products as compared to other products in the marketplace ─ and the performance of “peer” products can be relevant in products liability. If a competitor product boasts design enhancements or safety features that the product in litigation omits, the manufacturer may be liable to the plaintiff for damages that its comparably less-safe product caused. For this reason, staying abreast of how companies are evolving their products to make them safer for home use can be important to mitigating risk.

Know the Limits. While the new generation of home-healthcare products seems to be answering a call to empower patients, it is important to know when the pursuit of this objective is out of sync with a particular device’s capabilities to deliver safely on the promise. In 2015, Medtronic won FDA approval of the world’s first app-based remote monitoring system for patients with implantable pacemakers.¹² At first glance, this app seems to embody all of the risks that I have identified as belonging to this new generation of products, primarily because pacemakers heretofore did not involve interfacing, operationally speaking, with patients. However, looking more closely at what this app is designed to do, it appears that the app only allows users to select how their data will be conveyed to healthcare providers. The data, itself, is not accessible by patients, avoiding possible scenarios in which patients could self-diagnose or otherwise misuse the information.

It is important to set user expectations for the device’s capabilities. Not every device can be operated safely and effectively by every user in every home environment. A manufacturer should be clear about the conditions under which use of a device is appropriate ─ and simply avoid adding capabilities that create risks that cannot be managed.

The next article in this series looks at “interoperability,” the risks that arise from connecting devices through a common software language, and related risk management strategies.

References

1. Ada-Helen Bayer and Leon Harper, Fixing to Stay: A National Survey of Housing and Home Modification Issues, AARP, May 2000.
2. Bureau of Labor Statistics, Occupational Outlook Handbook, “Home Health Aides,” June 22, 2017, see www.bls.gov/ooh/healthcare/home-health-aides.htm.
3. See https://www.bls.gov/emp/ep_table_104.htm.
4. Telemedicine statistics are from “How Telemedicine Is Transforming Health Care,” The Wall Street Journal, June 26, 2016 by Melinda Beck.
5. FDA’s definition of “medical device” is provided here: www.fda.gov/AboutFDA/Transparency/Basics/ucm211822.htm
6. “Patient-Generated Health Data | Policy Researchers & Implementers,” HealthIT.gov, September 30, 2015, https://www.healthit.gov/policy-researchers-implementers/patient-generated-health-data.
7. Mack, Heather. “Remote patient monitoring market grew by 44 percent in 2016, report says,” MobiHealthNews, February 8, 2017.
8. Regaldo, Antonio. “This Doctor Diagnosed His Own Cancer with an iPhone Ultrasound,” MIT Technology Review, October 27, 2017.
9. Id.
10. Access the report here: www.fda.gov/downloads/AboutFDA/CentersOffices/CDRH/CDRHReports/UCM277323.pdf
11. See “Postmarket Information – Device Surveillance and Reporting Processes” at www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/HumanFactors/ucm124851.htm.
12. See “Medtronic Announces FDA Approval and Launch of World’s First App-Based Remote Monitoring System for Pacemakers,” November 17, 2015, at www.medtronic.com/us-en/about/news.html