With the increasing complexity of software in medical equipment, it becomes an imperative to periodically upgrade the software of the install base across widespread geographies while ensuring device security and patient safety. And as Medical Device OEMs embark on their IoT journey, remote software upgrade capability along with remote troubleshooting are adopted as the first set of use cases given their clear ROI when it comes to diagnosing the need for software upgrades. There are reliable technology available from several vendors to manage install base and deliver software upgrades in a reliable manner leveraging cloud scalability. Requirements that aid in improved reliability of the business process to consistently deliver software upgrades with increased security and addressing regulatory concerns will determine continued success driving adoption by both internal stakeholders and customers. Following are certain key requirements for consideration.
Single Source of truth for software upgrade eligibility - Given that the install base may be spread across different countries with different regulatory needs, it is important to correctly configure whether a given update package is applicable to a given version (hardware, software, geos and others) of medical equipment. This information should be in the control of regulatory affairs of an organization and used directly while making a decision on whether an installed equipment is eligible for an upgrade given the need for specific regulatory process for different countries. Copying this information manually by remote services team into an IoT platform delivering remote upgrades to installed equipment could be prevalent but may lead to different unintended risks and hence best avoided.
Consistency of software updates -Despite best efforts, there will be significant population of devices that will be unconnected despite having the capability to connect. This is primarily due to the security and privacy protocols of healthcare provider organizations. This raises the following major concerns.
- Consistency of software updates across connected and unconnected devices - Unconnected devices may receive a delayed update or may not be updated at all unless a business process is established to ensure the same in a timely manner.
- Field service engineer would need to manually update if a particular upgrade has been applied to a device after every update. This may lead to incomplete or lack of a reliable record or traceability of software updates and could raise regulatory concerns and patient safety issues.
- For remote software upgrades of certain medical equipment, careful co-ordination (eg: equipment should be in service mode) may be required with clinical staff while performing a remote upgrade and assure that the upgrade is completed correctly and the equipment is ready to be used for clinical purposes. Doing this manually for each medical equipment on the field could mean significant remote support costs.
Security - While integrity of the software package delivered and the secure channel adopted to deliver the upgrade are basic requirements, following could be some important security considerations.
- Authentication: Is the remote tech support or onsite field service engineer authenticated to access the installed product (geo considerations and other factors)?
- Authorization: Is the remote tech support or onsite field service engineer authorized to perform software upgrades on the system? Organizations have typically used training/certification records to verify whether the tech support is authorized to perform an upgrade at the point and time of service.
- Non-repudiation: For certain devices, beyond the medical device OEM Engineers, Biomeds or 3rd party service providers are also trained to perform software upgrades. It is important to have an audit record of who actually performed an upgrade from an accountability perspective and may be a regulatory need as well.
In addition to above considerations, other factors like scalability of the overall solution to handle large upgrade payloads could determine the success of a remote software upgrade project. Certain basic architectural patterns like Valet-Key pattern provide scalability while addressing security concerns should be considered as part of overall architecture and design.
With increasing concerns around device security and sensitivity around reliability of the software upgrade process by both internal and external stakeholders, it is important to evaluate above requirements as you continue the journey to deliver remote software upgrades in a timely manner to your critical medical devices that directly impact patient care and safety.