© 2015 UL LLC

Anura Fernando – Principal Engineer, Underwriters Laboratories (UL)

Wearables TechCon - March 10, 2015

Copyright © 2015 UL LLC ® All rights reserved

Wearable Computing

Technologies and Regulations

Anura S Fernando

Anura S. Fernando is UL’s Principal Engineer for Medical Software &

Systems Interoperability.

Background:

• Degrees in Electrical Engineering, Biology/Chemistry, and Software Engineering

• 17 years experience at UL with safety critical software and control systems certification; as well

as research across many industries – process automation, alternative energy, medical, hazardous

locations, appliances, optical radiation, nanotechnology, battery technologies, etc.

• Research and publications in Predictive Modeling and Risk Analysis, Cybersecurity, Systems of

Systems, Software, Health IT, Apps, and Medical Device safety.

• Projects with numerous Fortune 500 companies, DoD, DoE, DHS, FDA, FCC, ONC, NASA

and several U.S. National Laboratories

Additional experience relevant for this discussion/audience:

• Contributed to the development of several standards involving software and Functional Safety

as a member in IEC, ISO, ASME committees and Expert Task Force member.

• UL lead for the development of the AAMI/UL 2800 family of eHealth standards for

interoperable medical device interface safety.

• Member of the Federal Advisory Committee FDASIA WG to the Health IT Policy Committee,

FDA Medical Device Interoperability Coordinating Council, Medical Device Interoperability

Safety Working Group, Health Information Management Systems Society, Association for the

Advancement of Medical Instrumentation, and the International Council on Systems

Engineering

Three Key Points for WT Developers

• Understand use cases

• Manage risk and address safety concerns with

wearables

• Use standards strategically for market access

and to address regulatory concerns

It used to be that people had to go inside the

computers to use them…

Slide 4 http://www.computerhistory.org/revolution/birth-of-the-computer/4/78/325

…now computers can go inside people

Slide 5

http://www.moreinspiration.com/article/922/endoscopic-capsules

Wearable computing technologies are pervasive

Slide 6

http://2.bp.blogspot.com/-afr-gp6eyl

http://www.untitledname.com/archives/upload/2005/10/bicyclist-cell-phone.jpg http://i-cdn.phonearena.com/images/articles/84906-image/wear.png

Accelerometer

Gyroscope

Magnetometer

Barometer

Proximity

Touch screen

GPS

WiFi

Bluetooth

GSM/CDMA Cell

NFC

Camera

Light sensor

…with many sensors creating many possibilities

In a “microbiome” of wearable sensors…

http://www.bizjournals.com/sanjose/news/2013/06/21/216-million-geeky-americans-want.html?s=image_gallery

…we can become the “quantified self”

Slide 9

http://www.thethinkingbench.com/the-year-of-the-quantified-self-revolution/

Combining wearables with network technologies…

Slide 10

http://ualr.edu/sxyu1/Research.htm

…we can become the “ubiquitous self”

Slide 11

http://www.sintef.no/home/Information-and-Communication-Technology-ICT-old/Software-Engineering-Safety-and-Security/Research-groups/Model-Based-Systems/Ubiquitous-and-mobile-computing/

All this data can also improve healthcare delivery

Slide 12

http://www.cs.purdue.edu/homes/bertino/IIS-eHealth/images/ehealth_full.jpg

Using “big data” for customized or remote care

13 http://jackbrowntelecomprofessional.files.wordpress.com/2012/06/mban-3.jpg

Wireless Devices…FCC or FDA or both?

Usage of the 2360-

2390 MHz frequencies

are restricted to indoor

operation at health-care

facilities and are subject

to registration and site

approval by

coordinators to protect

aeronautical telemetry

primary usage.

Operation in the 2390-

2400 MHz band is not

subject to registration or

coordination and may

be used in all areas

including residential.

14

ALL cell phones must meet

the FCC’s RF exposure

standard, which is set at a

level well below that at which

laboratory testing indicates,

and medical and biological

experts generally agree,

adverse health effects could

occur. www.fcc.gov

Consumer product or medical device?

A medical device1 is "an instrument, apparatus, implement, machine,

contrivance, implant, in vitro reagent, or other similar or related article,

including a component part, or accessory which is:

recognized in the official National Formulary, or the United States

Pharmacopoeia, or any supplement to them, intended for use in

the diagnosis of disease or other conditions, or in the

cure, mitigation, treatment, or prevention of disease, in

man or other animals, or

intended to affect the structure or any function of the

body of man or other animals, and which does not achieve any

of its primary intended purposes through chemical action within or on

the body of man or other animals and which is not dependent upon

being metabolized for the achievement of any of its primary intended

purposes."

http://www.fda.gov/aboutfda/transparency/basics/ucm211822.htm

15

Labeling can make all the difference…

16

http://www.fda.gov/MedicalDevices/ProductsandMedicalProcedures/Ob

esityDevices/ucm350134.htm

Treat Obesity vs. Manage Weight

The struggle to characterize relative risk

Proposed in 2015 draft guidance on low risk general wellness

devices

Whether a device is low risk for purposes of this guidance is

determined by whether or not the product:

1) is invasive;

2) involves an intervention or technology that may pose a risk to a

user’s safety if device controls are not applied, such as risks from

lasers, radiation exposure, or implants;

3) raises novel questions of usability; or

4) raises questions of biocompatibility.

17

UL participates with government agencies to

establish perspectives on risk

18 http://www2.idexpertscorp.com/images/uploa

ds/ehr.jpg

http://static.ddmcdn.com/gif/wireless-

network-1a.jpg http://www.commercialintegrator.com/

images/

FDA Safety and Innovation Act (FDASIA WG)

So, what is risk?

Slide 19

http://www.smarterbusiness.org.uk/business_targets/view/minimiserisks

Risk comes in many forms

Slide 20

Risk defined in general terms

The ISO 31000 (2009) /ISO Guide 73:2002 definition of risk is:

‘the effect of uncertainty on objectives‘

Uncertainty: The lack of complete certainty, that is, the existence of more than

one possibility. The "true" outcome/state/result/value is not known.

Measurement of uncertainty: A set of probabilities assigned to a set of

possibilities. Example: "There is a 60% chance this market will double in five

years"

Risk: A state of uncertainty where some of the possibilities involve a loss,

catastrophe, or other undesirable outcome.

Measurement of risk: A set of possibilities each with quantified probabilities

and quantified losses. Example: "There is a 40% chance the proposed oil well

will be dry with a loss of $12 million in exploratory drilling costs".

Douglas Hubbard "The Failure of Risk Management: Why It's Broken and How to Fix It, John Wiley & Sons, 2009.

Slide 21

Analyzing Risk: Hazard Based Safety Engineering

22

…or Data …or Process

Slide 23

Hazardous

Energy

Source

Transfer

Mechanism

Susceptible

Part

HBSE Premise

ENERGY TRANSFER

INJURY

AND

INADEQUATE

PERSONAL

SAFEGUARD

PERSONAL

SAFEGUARD

FAILURE

NO

PERSONAL

SAFEGUARD

OR

INADEQUATE

PERSONAL

AVOIDANCE

AVOIDANCE

NOT

POSSIBLE

AVOIDANCE

NOT

ATTEMPTED

OR

BODILY

EXPOSURE

AND

INADEQUATE

EQUIPMENT

SAFEGUARD

EQUIPMENT

SAFEGUARD

FAILURE

NO

EQUIPMENT

SAFEGUARD

OR

INADEQUATE

EQUIPMENT

SAFEGUARD

EQUIPMENT

SAFEGUARD

FAILURE

NO

EQUIPMENT

SAFEGUARD

OR

HAZARDOUS

ENERGY

AND

(EVENT)

OR

(EVENT)

OR

HBSE Standard Injury Fault Tree

No

No

IDENTIFY ENERGY

SOURCE

IS SOURCE

HAZARDOUS?

IDENTIFY MEANS BY WHICH

ENERGY CAN BE

TRANSFERRED TO A BODY PART

DESIGN SAFEGUARD WHICH

WILL PREVENT ENERGY

TRANSFER TO A BODY PART

MEASURE SAFEGUARD

EFFECTIVENESS

IS SAFEGUARD

EFFECTIVE?

DONE

Yes

Yes

HBSE Process

…or Data …or Process

Analysis Drives UL’s Safety Testing and Certification

Applying HBSE to Wearable Technologies

24

Hazardous

Energy

Source

Transfer

Mechanism

Susceptible

Part

HBSE Premise

…or Data …or Process

Are there any hazards?

We can see some wearable technology risks

25

Optical Radiation

(LASER, UV, etc…) Privacy, Security, Performance if used by Dr

(Cryptographic verification, HIPAA)

Acoustic Energy Data Integrity, Usability

Slide 26

http://sfdata.startupweekend.org http://wp.wpi.edu

Where is all this data stored? Is it secure?

Is it correct?

What could go wrong?

• What happens if bits of

my diagnostic image data

get lost?

• What happens if my

prescription data gets

corrupted?

• What happens if my

surgeon gets someone

else’s record?

27

What if my wearable interacts with health IT systems?

WWW

Acme Insurance

Are there new risks to consider?

29

WWW

Acme

Insurance

Risks With Safety-Related Exchange?

1001010010100101101010

Incorrect Information Exchange

31

1001010010100101101010 X

Single Event Upset or Data Corruption

EXAMPLE:

Information Not Provided

32

No Data

EXAMPLE:

Incorrect Timing of Information

33

1001010010100101101010

Information provided when app is inactive

EXAMPLE:

Premature Termination

34

EXAMPLE:

Dropped Signal

Regulators are balancing risk and innovation…

FCC Requirements for MBAN and FDA MOU – 24 May 2012

FDA Guidance: RF Wireless Technology…– 13 Aug 2013

FDA Guidance for Home Use Devices – 24 Nov 2014

FDA Draft Guidance: General Wellness (Low Risk) – 20 Jan 2015

FDA Guidance: Mobile Medical Applications – 25 Sept 2013

EC Guidance Document – Qualification and Classification of stand alone

software (MEDDEV 2.1/6) – Jan 2012

FDA Final Rule: MDDS – 15 Feb 2011

FDA Guidance: Medical Device Data Systems, Medical Image Storage

Devices, and Medical Image Communications Devices – 9 Jan 2015

FDA Guidance: Management of Cybersecurity – 2 Oct 2014

…and continually evolving Regulatory Science

FDASIA Health IT Report – Proposed Strategy and Recommendations for a

Risk-Based Framework – Apr 2014

FDA Draft Guidance: Applying Human Factors and Usability Engineering to

Optimize Medical Device Design – 22 June 2011

IMDRF Document: “Software as a Medical Device”: Possible Framework

for Risk Categorization and Corresponding Considerations – 18 Sep 2014

Regulations - weighing benefits and risks

37

Use

Product

Enabling Technologies

UL can provide standards-based testing and

certification to address hazards at all levels

38

Use Hazards – Safety & Effectiveness

(e.g. interoperability, performance, reliability, co-existence, usability, biocompatibility,

satisfying claims)

Data Hazards – Acquisition, Storage, Propagation

(e.g. Integrity, Security, Accuracy, Precision, Protocol Compliance)

Energy Hazards – Kinetic and Potential

(e.g. electricity, batteries, optical radiation, ionizing radiation, RF emissions, acoustic,

pinch-points, etc…)

Assurance Cases,

Safety

Certifications,

Certificates of

Conformance,

Product Marks

Testing to Support Safety Claims

Modified from: http://www.fda.gov/ucm/groups/fdagov-public/documents/image/ucm260345.jpg

Testing to Support Security Claims

40

)))))))

Cryptographic Verification

http://img.mit.edu/newsoffice/images/article_images/20110214123646-1.jpg

Assurance cases can help support safety claims

Slide 41

https://buildsecurityin.us-cert.gov/bsi/1051-BSI/version/default/part/ImageData/data/Assurance_Cases_and_LifeCycle_Processes.png

Standards Can Help Guide Assurance Cases

Slide 42

https://buildsecurityin.us-cert.gov/bsi/1051-BSI/version/default/part/ImageData/data/Assurance_Cases_and_LifeCycle_Processes.png

Safety Standards

Regulators Leverage Standards

Aug 6, 2013 FDA Recognized Consensus Standards Support

Interoperability:

There are 25 new standards grouped mainly into three categories:

1. Managing risk in a connected and networked environment;

2. Nomenclature, frameworks and medical device specific communications,

including system and software lifecycle process;

3. Cybersecurity standards from the industrial control systems arena that are

relevant to medical devices.

Coming soon:

AAMI / UL 2800 – interoperable medical device interface safety

http://www.securedgenetworks.com

Technology is enabling rapid product innovation and

new safety standards and regulations are emerging

44

IDEA PRODUCT

& SERVICE

Managing innovation and regulatory change

Different kinds of wearables bring different risks

Slide 45

Created by Beecham Research in Partnership with Wearable Technologies Group

http://www.hl7standards.com/blog/2013/09/12/redesigning-wearable-tech/

Plan early to avoid unintended

consequences

Slide 46

- Improper V&V – no pre-release integration testing

http://50quidsoundboy.net/wp-content/uploads/2011/05/thumb-21367-radiation_therapy.jpg

- Integrated re-used sw into

incompatible hardware (no interlocks)

- “unlikely” sequence of keystrokes

Ariane 5

Floating point value too large to be

represented by signed integer

Therac - 25

Mars Climate Orbiter

- Mismatched units

Ask yourself some questions

47

Is there optical radiation? Do I need to worry about security / HIPAA?

Do I need to worry about

acoustic energy? Are there usability related hazards?

…and ask yourself some more questions

Slide 48

Can this cause skin irritation? Are surface temperatures ok? Do I use Lithium Ion Batteries?

How do I deal with

shipping and storage?

How do I deal with cleaning,

reprocessing, sterilization?

And there are many more questions to consider…

How do I assess and control

quality and stability of materials?

49

www.ul.com/eHealth

Medical.Inquiry@ul.com

Please let us know if you need help.

Thank you!

eHealth