Post-market surveillance (PMS) is now a requirement for medical devices being sold in different parts of the world. In the United States, in particular, there are legal requirements for PMS in place, and the Food and Drug Administration requires medical device manufacturers to submit a plan that shows how they intend to comply with PMS requirements.

Many companies are understandably hesitant to support post-market surveillance as it entails additional costs and procedures, something businesses instinctively avoid or minimize. However, there are reasons why post-market surveillance should be treated as a standard part of doing business in the medical industry. It is not just a matter of compliance; there are more important factors to consider.

Regulatory rationale

Before going into the examples that show why post-market surveillance for medical devices is a must, here’s a briefer of what laws or regulations commonly cite to justify the enforcement of post-market surveillance (PMS) requirements.

1. Consumer safety and effectiveness – The foremost impetus in imposing PMS is the need for medical devices to be safe and to live up to their claims. This is a compulsory combination. Products can be safe but they are useless if they are unable to deliver what is expected of them. Conversely, products that have some guise of effectiveness should not be in the market if they are unsafe.
2. Removal of undesirable products from the market – Another important goal of requiring PMS is the elimination from the market of products that were initially thought to be good but were proven ineffective or unsafe over time. No regulator, no matter how competent they are, can fully prevent the availability of unsafe or ineffective products to consumers, so it makes sense to have post-market mechanisms.
3. Making manufacturers more responsible – For a long time, most of the responsibility when it comes to the cybersecurity of medical devices has been relegated to consumers or end users. There have been no laws that require device makers to do more on the cybersecurity front. Recent regulations are changing this given the long-held and widely accepted idea that cybersecurity is a shared responsibility.

Incidents highlighting the need for post-market surveillance

Demonstrating the need for post-market surveillance, here are a few real-world events that highlight the importance of post-market surveillance for medical devices. The risks they exemplify range from privacy-infringing to life-threatening.

Hackable pacemakers

Almost half a million implantable pacemakers were recalled by the US FDA in August 2017 because of cybersecurity vulnerabilities. As AHA Journal characterized it, it was “unique” because it was the first time a pacemaker was recalled due to a software issue. This recall, in a way, compelled policymakers, healthcare industry professionals, and patients to pay attention to a relatively new kind of issue.

A vulnerability in the web-connected pacemaker allowed hackers to remotely access the device by making modifications to the transmitter. This security weakness enables threat actors to drain the device’s battery. Hackers may also control the implantable device to administer shocks.

Fortunately, no actual attacks targeting this vulnerability have been recorded. Security updates have been released to address the vulnerability. The company responsible for the device and its software, Abbott (formerly known as St. Jude Medical), reported that there were no reports of adverse events after the application of the software update.

Following this incident, cybersecurity experts emphasized the importance of treating medical device security as a continuous concern. Leslie Saxon, Director of the Center for Body Computing at the University of Southern California, in particular, said that the security of implanted devices should be monitored throughout their entire lifecycle. “From the time it’s on the drawing board until it’s manufactured, and while it’s in the patient’s body, it has to be a continuous process of cyber-enhancement and security,” Saxon noted.

Companion apps for medical devices that overshare information

In 2018, the US military was alarmed by a report that their soldiers were revealing their secret location because they were trying to be fit. Apps that connect with fitness devices like Fitbit appear to have shared the jogging track and history of soldiers, presenting to the public clear hints about their location and activities.

This issue may not be directly attributable to medical devices, but it is an important incident all medical device stakeholders should pay attention to. However, many medical devices are connected to companion apps that collect data from healthcare or fitness devices for analysis and organized presentation. Improper handling of data accumulated by digital and web-enabled medical products can result in privacy violations and data theft.

Privacy concerns may not be as severe as life-threatening device malfunctions or remote takeovers, but they are still a serious threat. Notably, most of them are only discovered after devices are already sold to consumers and used for some time. It takes time to learn about privacy and security weaknesses in apps developed by device manufacturers, let alone the issues that emerge after apps are integrated with other apps or web services.

Failing infusion pumps

Here’s a relatively recent incident, a Class I (highest level) recall order from the US FDA for the Sapphire Infusion Pumps range of insulin pumps from Eitan Medical Ltd. The reason for the recall is the defective ability of the device to detect air in the line when the device is operating on battery power. The pump may fail to produce the audio notification that is expected whenever there is air in the pump’s line.

This malfunction is a severe concern, given that air in the pump can have life-threatening consequences. Users can suffer from embolism or a blockage in the blood vessel if the air enters their bodies intravenously. Embolism can cause the users of affected devices to have a heart attack, stroke, or possibly die from the ordeal. The least serious effect is having unstable blood pressure.

The good news is that there have been no reports of serious health concerns attributed to this defect in the device. The problem has been communicated to consumers, healthcare institutions, and medical professionals. The detection of the problem is largely due to post-market surveillance routines, which would have been omitted sans regulatory imposition.

The incidents above show that product defects, security vulnerabilities, and other issues are unlikely to be fully eliminated upon market release. Most of them appear once the products are already in use. That’s why it is crucial to implement robust post-market monitoring systems not only for the safety and welfare of users but also to protect the reputation of healthcare device manufacturers, which can quickly suffer from the loss of consumer trust once the issue reaches public attention.

Not a new requirement

Post-market surveillance is not a new requirement for medical devices. There have been several laws or regulations implemented several years before by regulatory bodies such as the US FDA, the European Medicines Agency, and other similar government bodies in different parts of the world. However, PMS has been getting more attention recently because of the updates made to relevant laws to reflect changes in the medical industry and the threat landscape.

The prominence of internet-connected medical devices, in particular, has expanded cyber-attack surfaces and provided more opportunities for threat actors to target new victims. Keeping up with new threats and product issues is not just about ensuring that devices are effective and secure before they are released to the market. It is also crucial to monitor the security and effectiveness of devices throughout their entire useful life to promptly address problems that emerge after device purchase and fend off cyberattacks on these devices as they are being used. Compulsory PMS is an excellent tool for this purpose.