1

The Wireless MEDICAL DEVICE Manufacturer’s Guide

Achieving commercial certification for integrated wireless medical devices is more complicated and more rigorous than if the product was simply a wireless device or simply a medical product. If it’s one or the other, it’s less challenging. But making a medical device wireless increases the hoops manufacturers have to jump through before market-ready approval is granted.

This whitepaper will clarify the many testing and certification requirements manufacturers must comply with in order to make sure your wireless medical devices meet all certification requirements needed for your target markets, including Europe.

Wireless Medical Devices Are Big BusinessThe wireless health arena has now fully arrived. Almost no health care providers, clinics, or hospitals anywhere in the US are without a device that combines wireless and medical functions for a variety of diagnostic, monitoring, wellness and clinical applications. This groundbreaking market for wirelessly connected medical and personal health devices has exploded over the past five years, and its expected growth will become vast and international in scope. Competition in the device market will be fierce, with new players entering (and exiting) every month.

The explosion in wireless medical device technology is not entirely without risks. For example, a hospital might have 70 or even more different wireless devices operating on its network, devices for diagnosing, treating, or monitoring vital signs of patients. When one includes patients and their visitors using Wi-Fi equipped products, the wireless signal traffic and potentiality for radio interference suddenly becomes clear: More devices communicating wirelessly has the potential to wreak havoc on vital medical equipment.

Depending on the market where you intend to sell your wireless medical device, the regulations may differ.

One Device, Two Regulatory AgenciesIn order to ensure device safety, there are basically two bodies that regulate wireless compliance for medical devices in the United States. While companies are familiar with the Food & Drug Administration’s (FDA) regulations for placing a medical device on the US market, the Federal Communications Commission’s (FCC) regulations addressing the use of low-power radios for wireless communication are relatively new to them.

Every medical device using wireless technology must comply with both the FDA and FCC requirements. As the primary function of the device is medical, the FDA requirements are considered primary and the FCC requirements are considered supplementary; however, both are mandatory. The FDA expects the product to comply with the FCC requirements first and then proceed to demonstrate compliance to its own regulations.

to Market Conformity

by UWE MEYERBusiness Field Manager Medical Testing

2

Additionally, the FDA introduced a set of new recommendations for medical devices. While not mandating compliance, the agency makes it clear that it wants to see these recommendations addressed. Let’s look at the roles each agency plays.

Rules of Communication The FCC’s Office of Engineering and Technology (OET) conducts many activities relating to wireless medical devices, including equipment authorization. Generally, the FCC develops and executes rules a device needs to follow dependent on the type of wireless technology it uses. The rules consider various frequencies, power and other radio features. The FCC’s main requirements for this product type are presented in Title 47 of the Code of Federal Regulations, which contains more than 100 parts, with each part regulating a specific technology or a combination of technologies using the same radio spectrum.

The type and scope of testing will also depend on the type of radio used in a given device. Manufacturers can use the FCC pre-certified radio modules, which still require limited testing on the system level to show compliance of the finished device. Using them saves time and money. Alternatively, companies can design and manufacture their own radios to incorporate into a product. In this case, a full scope of wireless testing is required to certify the radio and product.

Once a product is in its final form, testing should be conducted by a properly approved laboratory. The FCC has streamlined the approval process by allowing independent laboratories like TUV Rheinland to issue certifications though the Telecommunication Certification Body (TCB) program.

In Line With the FDAEach medical device is unique in its functionality and needs to be evaluated separately to determine the best regulatory approach to take it to market. The FDA’s generic requirements apply to all devices but the manufacturer and test lab need to select applicable technical standards to which the product will be tested. Generally, the FDA mandates that a medical device be tested to satisfy the FDA’s and international minimal requirements for safety and electromagnetic compatibility (EMC).

Radio Frequency Wireless Technology in Medical Devices - Guidance for Industry and Food and Drug Administration Staff is the main document governing the use of wireless technology in medical devices. The document was published for the first time in 2007, and in August 2013, the final updated version outlined several new recommendations that a medical device needs to follow. While these are merely suggestions, the FDA urges manufacturers to demonstrate that they considered the recommendations in the application for approvals.

Few medical device makers are aware of the recommendations, which include the following:

• The medical device company is asked to explain clearly why and how it selected a specific wireless technology. Each technology performs differently, and the choice of technology automatically impacts the product’s performance and has a bearing on the device’s security and susceptibility to interference from other electronic devices. It is important to note that many medical devices are authorized to operate as unlicensed devices in the industrial, scientific, and medical (ISM) frequency bands, and as such, are not entitled to interference protection. There is a potential for interference in the ISM frequency band because it is already heavily used by many other communications and industrial products.

• The manufacturer is asked to demonstrate that it has considered the quality of wireless service.

• Medical devices using wireless technologies need to demonstrate they can co-exist with other radio equipment in the vicinity without generating any problems. The intent is to minimize the possibility of a technology error when decisions about people’s health and lives are made in the environment full of wireless cell phones, tablets and laptops.

• The manufacturer is asked to demonstrate how it addresses the security of wireless signals and data to protect confidential patient information.

• The FDA’s draft cybersecurity guidance was first published in June 2013, with the final edition, Content of Premarket Submissions for Management of Cybersecurity in Medical Devices, following in October 2014. The guideline calls on Medical Device Manufacturers (MDMs) to take security into account during the device design and development phase and to consider cybersecurity risks as part of the required risk analysis. The emphasis of the guideline is on the device functionality and patient safety, rather than data protection.

• Although the FDA guidelines themselves are not legally binding, they represent the FDA’s view, or interpretation, of the regulations and are likely to become mandatory down the road.

• The manufacturer is asked to explain how other electronic devices might interfere with the radio portion of the device in question (EMC performance of the wireless technology).

• The FDA expects that every device should contain clear operations instructions in the user documentation (intended for both medical staff and patients).

• Instructions on how to properly maintain and care for the device are also recommended.

3

How Are Medical Products with Wireless Technology Covered Across the Pond?Medical products in Europe are currently covered under the Medical Device Directive (93/42/EEC). However there is a revision of the EU regulatory framework on medical devices and the introduction of the new Medical Device Regulation (MDR) is expected to come into force sometime in 2016 with a transition period of 3 years. Nevertheless wireless compliance in Europe is covered in a new legislation for devices using wireless components. The new legislation, Directive 2014/53/EC for Radio Equipment, went into effect June 13th, 2016 and replaced Directive 1995/5/EC.

While the actual product safety compliance and Electromagnetic Compatibility (EMC) is discussed in the Medical Device Directive and in the new Medical Device Regulation, respectively, the European Communications Office (ECO) provides a tool to investigate the harmonized radio spectrum use in Europe called ECO Frequency Information System (EFIS) (see http://www.efis.dk/). The national radio spectrum authorities are required to enter and maintain their national spectrum allocation data in EFIS.

For radio equipment for which the manufacturer has applied appropriate Official Journal (OJ) listed RED harmonized standards in full to demonstrate compliance with the essential requirements, the conformity assessment procedures of Annex II (Internal Production Control without involving a Notified Body), Annex III (Type Examination Procedure) or Annex IV (Full Quality Assurance) can be applied, at the choice of the manufacturer.

Braving the New Wireless WorldEven though medical device manufacturers see the market potential for wireless technology, some delay introducing it into their products because of additional compliance steps this requires. This is the area where a consultation with a test lab could add significant value.

While the product is still in the concept stage, a test lab can advise the manufacturer about the general regulatory requirements and suggest wireless technology options suitable from the point of view of technical certification. When the manufacturer has a clear idea of what the product looks like and what the intended function is, the test lab can determine exact requirements based on technical specifications. This approach introduces a significant degree of confidence into the regulatory compliance process, increasing the odds that the product passes the tests and gets to market on time and on budget.

Please also check out our whitepaper ‘Take No (Cyber) Risk With Your Medical Device’ giving you further insights from a different viewpoint addressing cybersecurity insights also from a FDA perspective.

TUV Rheinland has extensive knowledge and experience to perform both risk assessments and safety circuit evaluations. We can provide training or support to our clients in virtually any industry or application and perform machine evaluations for European or domestic markets.

TUV Rheinland is committed to meeting our customer’s needs. Our reporting can be used directly in the CE-marking process (technical file), and our certification services are well known and accepted throughout the industry, due to the quality of service and reputation worldwide.