Today’s hospitals are centers of advanced technology, with upwards of several thousand medical devices and clinical assets under their roof. The US is home to 6,210 hospitals, each with 50 to 500 beds and 10-15 networked devices per bed. According to the American Hospital Association (AHA), there are a total of 931,203 staffed hospital beds across the United States. That means that just at the bedside there are some 14 million connected medical devices in the US.
When you factor in non-bedside devices and clinical assets that are less directly involved in patient care, the numbers get even bigger. The US accounts for around $155 billion, or about 30%, of the global medical device industry which is worth a total of around $520 billion annually. With that market translating to roughly 400 million connected medical devices and clinical assets installed globally, the same 30% US market share amounts to 120 million connected devices.
If we take all those 6,210 US hospitals and assume an even distribution of medical technology, we’ll find that the average US hospital has just over 19,300 connected medical devices and clinical assets. With so many devices in deployment, at any given moment, many are sure to be reaching the end of their useful life. The lifespan of medical devices and clinical assets depends on a number of factors, including frequency of use, maintenance and servicing, the way in which it’s used, and more. However, under normal operating conditions, most connected medical devices have an estimated useful life of 7-10 years. So on a yearly basis, a statistically average US hospital will have around 2,270 devices that need near-term end of product life monitoring and planning.
As you could imagine, under these conditions, end of product life management is a huge job. It rests heavily on the department of clinical engineering, which is already burdened with a multitude of responsibilities. Many hospitals buy expensive CMMS add-ons to ease medical equipment lifecycle management, but they rarely deliver the necessary full-service automated functionality.
The Challenges of End of Product Life Monitoring
As Marie Kondo might tell you, owning so much tech is a responsibility as well as a privilege. Unlike KonMarie aficionados, hospitals can’t simply throw out their medical devices and clinical assets when they stop being useful and need to be put out to pasture. HDOs need decommissioning procedures to wipe sensitive data from expired assets. They need to be ready to replace old devices with a new asset that performs the same function so that critical patient care services aren’t compromised.
Removing a medical device could disrupt the entire connected system or have unexpected regulatory implications. As a result, the process needs to be explored well ahead of time to safely remove and dispose of the old device and integrate the new one effectively — without compromising the security of the overall network or the continuity of care. This means that continuance planning needs to be handled intelligently and in advance, allowing time to purchase an appropriate replacement, prepare for its integration, and train staff in dealing with any changes between the two devices.
To suffer the slings and arrows of outrageous fortune, or… to die
You could hold on to a worn-out jacket that still keeps you warm and dry, but a worn-out medical device that still seems functional may pose unintended risks to your operational infrastructure, IT security, and even to patient health.
Imagine this scenario: A manufacturer plans product lifespan to last for 10 years. At the end of that period, the manufacturer stops issuing security updates and technical support. Your device, however, is still functional and may even last another 10 years. You don’t want to waste money buying a replacement for an item that is in perfectly good condition, but you understand that there are also risks associated with using unsupported and potentially vulnerable software. What do you do?
This is the problem facing the many hospitals that have hundreds of devices running on Windows 7. Extended support for Windows 7 is set to expire on January 14, 2020 with the option of additional pay-per-device "Extended Security Updates" (ESU) supposed to be made available for another 3 years.
Expiring support along with the unclear and expensive terms of ESU will force CISOs to prepare contingency plans to mitigate the cyber risk, or begin lobbying for the additional budget needed for ESU and/or asset replacement.
I can barely recall… but it’s all coming back to me now
The FDA groups medical device recalls into three classes, based on the risk posed and the number of regulatory controls required. Class I recalls involve situations in which a reasonable chance of serious patient health problems or death can result. Class II recalls involve situations in which temporary or reversible health problems — or where there is a slight chance that serious health problems or death — will result. And Class III recalls involve situations in which no health problem or injury is likely to result.
Shockingly, of the 208.4 million recalls mentioned above, over 180 million were Class I!
Responding promptly to recalls requires knowing exactly which medical devices you have, what recalls are relevant, where your affected devices are located, how to smoothly reroute load demands around recalled equipment, and how to properly plan for the replacement of your recalled devices. Without a robust product monitoring and visibility program, your healthcare center is going to find itself unnecessarily handicapped.
Best Practice Tips for End of Product Life Monitoring
1. Implement active & accurate inventory monitoring
You can’t manage what you don’t measure and you certainly can’t plan for what you don’t perceive. That’s why the first step in effective end of product life monitoring needs to be establishing a comprehensive inventory system that keeps stock of every device in your network.
Once you have a full, centrally documented and manageable accounting of your medical device inventory, you’ll want to add enriching data dimensions for each device. This should include:
- The device’s expected lifespan
- Contracted support lifespan
- Extended support/security options
- Relevant department
- Connectivity dynamics
- Software status
- Operational use
- Current lifecycle stage
- Maintenance schedule.
Ideally, this information would be rounded out with MDS2 and SBoM data. With a robust viewpoint into your medical assets and associated dependencies in place, you’ll divide your entire roster of devices into like groupings for more streamlined oversight and management. At that point, you can fortify this database via API integration with FDA, ICS-CERT, MDISS MDRAP, device manufacturer, and other advisory feeds.
You can then easily set up automated alert triggers based on new advisories issued, approaching maintenance windows, regulatory obligations, lifecycle transitions, patch status, support timeframes, etc.
If you’re looking to cut down on the IT development and maintenance resources involved, solution providers like CyberMDX can step in to help you to stay in control of all your networked assets. With active and accurate inventory monitoring, you’ll have the 360° visibility that you need to identify and track your clinical assets. This way, if a device reaches the end of the line, you’ll see it coming ahead of time and be able to begin replacement procedures. You’ll also know where to find it, how many people use it (what type of operational disruption to expect), and be in a position to responsibly initiate decommissioning procedures.
2. Automate recall monitoring and react promptly
It’s crucial to prepare and implement reliable recall monitoring procedures. This means combining an effective device tracking system with live recall monitoring. You need access to up-to-date recall intelligence so that you know when you need to remove a device from your system. Again, this can be achieved by integrating FDA and manufacturer data streams with your management console and defining smart alert parameters. And here too, if you’re looking to make things easier on yourself, there are solutions available that offer this type of functionality off the shelf.
The idea is to set up a management infrastructure so that most of the hard work is done automatically by the system. At the same time, human actors will still need to promptly take action when notified of relevant issues.
In a recent case, CyberMDX reported that despite notifications, one hospital continued to field 443 devices subject to recall; out of a total roster of 1,088 connected devices. That means that more than 40% of their active medical devices had been recalled! Obviously, that’s not a sustainable or responsible way to run a healthcare delivery organization.
In order to help, timely knowledge demands timely action.
3. Create a decommissioning procedure checklist
No matter what the reason is for removing a medical device from active use, you need to follow an orderly decommissioning procedure, which should include:
- Deleting stored data
- Decontaminating the device
- Removing any identifiable labels or markings
- Dismantling the device so that it can’t be used
- Disposing of electric or hazardous waste in a safe and environmentally responsible manner
Reliable product lifecycle management tools prepare and save your decommissioning procedures, keeping them accessible for all relevant parties and ensuring that they’ve been followed correctly.
4. Plan replacements proactively and responsibly
Drawing on available information streams, you should plan replacement procurements along with system and workflow integrations of new devices as early as possible. This will prove helpful not only in terms of the smoothing the transition from old to new equipment, but in bundling purchase orders for optimal flexibility and pricing.
The clinical engineering team should work to define the operational scope of the new procurement and submit the proposal for approval from the relevant decision maker. If you have access to asset utilization data to help pinpoint your exact needs and the trajectory of their growth, that should be factored in as well.
Multiple vendors should be considered for all orders. Vendors should be asked to provide MDS2 and SBoM documentation along with detailed SLAs, outlining their long-term support and liability commitments. Intended use, general specifications, technical specifications, and strategic considerations should be built into a formal evaluation rubric to inform upon your selection criteria. Along with your data protection, compliance, and IT teams, you should conduct a review as to the basic regulatory, interoperability, and cybersecurity requirements and implications of each product considered and how they align with existing architecture and workflows.
Once a supplier is selected, the relevant product data should be fed into your inventory monitoring system. Consultations should be held immediately with IT and information security stakeholders to plan for the safe and orderly integration of your new medical devices into the existing HIT ecosystem.
Before devices are rolled out into active deployment, it should be confirmed that they are fully and accurately reflected in your inventory management system and appropriately configured to fit your intended network topology — placed in the suitable VLANs and subject to the right security policies etc.
5. Track risks and prepare to adapt on command
End of life planning is made more complicated by the shadow of withdrawn support. Manufacturers can sometimes withdraw support for your medical devices, forcing a perfectly functional item into some degree of effective obsolescence months or years earlier than expected. What’s more, the manufacturer will not always send any formal notification of withdrawal of support.
This makes it vital to not just keep an active eye on manufacturer announcements, but to stay on top of medical device security forums and industry networks, as well as keeping open and active lines of communication with your vendor reps. In so doing, you’ll not only remain abreast of any relevant changes to the software and support landscapes in which your assets exist, but you’ll be able to make fully informed decisions about whether risks stemming from lapsed support can be effectively mitigated, and if they can, you’ll know how to do so.
In either case, HDOs need to be prepared for this situation and be mindful of the possibility that they may have to decommission or radically shift their management strategy for an asset on short notice.
With today’s hospitals owning millions of medical devices and clinical assets between them, end of product life monitoring has become vital. You need to be able to remove recalled devices promptly, decommission assets safely, and keep your endpoints secure all the way through their product life. It’s also crucial to predict end of product life in advance to allow for seamless, cost-effective procurement and replacement.
CyberMDX delivers clear visibility into your clinical assets and medical devices, effective end of product life tracking, and facilitates smooth decommissioning for better patient outcomes and a healthier financial bottom line.