A medical device is any device intended to be used for medical purposes. Thus what differentiates a medical device from an everyday device is its intended use. Medical devices benefit patients by helping health care providers diagnose and treat patients and helping patients overcome sickness or disease, improving their quality of life. Significant potential for hazards are inherent when using a device for medical purposes and thus medical devices must be proved safe and effective with reasonable assurance before regulating governments allow marketing of the device in their country. As a general rule, as the associated risk of the device increases the amount of testing required to establish safety and efficacy also increases. Further, as associated risk increases the potential benefit to the patient must also increase.
Discovery of what would be considered a medical device by modern standards dates as far back as c. 7000 BC in Baluchistan where Neolithic dentists used flint-tipped drills and bowstrings. Study of archeology and Roman medical literature also indicate that many types of medical devices were in widespread use during the time of ancient Rome. In the United States it wasn't until the Federal Food, Drug, and Cosmetic Act (FD&C Act) in 1938 that medical devices were regulated. Later in 1976, the Medical Device Amendments to the FD&C Act established medical device regulation and oversight as we know it today in the United States. Medical device regulation in Europe as we know it today came into effect in the 1993 by what is collectively known as the Medical Device Directive (MDD). On May 26th, 2017 the Medical Device Regulation (MDR) replaced the MDD.
Medical devices vary in both their intended use and indications for use. Examples range from simple, low-risk devices such as tongue depressors, medical thermometers, disposable gloves, and bedpans to complex, high-risk devices that are implanted and sustain life. One example of high-risk devices are those with Embedded software such as pacemakers, and which assist in the conduct of medical testing, implants, and prostheses. Items as intricate as housings for cochlear implants are manufactured through the deep drawn and shallow drawn manufacturing processes. The design of medical devices constitutes a major segment of the field of biomedical engineering.
The global medical device market reached roughly $209 billion USD in 2006 and was estimated to be between $220 and $250 billion USD in 2013. The United States controls ~40% of the global market followed by Europe (25%), Japan (15%), and the rest of the world (20%). Although collectively Europe has a larger share, Japan has the second largest country market share. The largest market shares in Europe (in order of market share size) belong to Germany, Italy, France, and the United Kingdom. The rest of the world comprises regions like (in no particular order) Australia, Canada, China, India, and Iran. This article discusses what constitutes a medical device in these different regions and throughout the article these regions will be discussed in order of their global market share.
A global definition for medical device is difficult to establish because there are numerous regulatory bodies worldwide overseeing the marketing of medical devices. Although these bodies often collaborate and discuss the definition in general, there are subtle differences in wording that prevent a global harmonization of the definition of a medical device, thus the appropriate definition of a medical device depends on the region. Often a portion of the definition of a medical device is intended to differentiate between medical devices and drugs, as the regulatory requirements of the two are different. Definitions also often recognize In vitro diagnostics as a subclass of medical devices and establish accessories as medical devices.
Section 201(h) of the Federal Food Drug & Cosmetic (FD&C) Act defines a device as an "instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is:
which does not achieve its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of its primary intended purposes. The term 'device' does not include software functions excluded pursuant to section 520(o)."
According to Article 1 of Council Directive 93/42/EEC, ‘medical device’ means any "instrument, apparatus, appliance, software, material or other article, whether used alone or in combination, including the software intended by its manufacturer to be used specifically for diagnostic and/or therapeutic purposes and necessary for its proper application, intended by the manufacturer to be used for human beings for the purpose of:
and which does not achieve its principal intended action in or on the human body by pharmacological, immunological or metabolic means, but which may be assisted in its function by such means;"
Based on the New Approach, rules that relate to safety and performance of medical devices were harmonised in the EU in the 1990s. The New Approach, defined in a European Council Resolution of May 1985, represents an innovative way of technical harmonisation. It aims to remove technical barriers to trade and dispel the consequent uncertainty for economic operators, to facilitate free movement of goods inside the EU.
The core legal framework consists of three directives:
They aim at ensuring a high level of protection of human health and safety and the good functioning of the Single Market. These three main directives have been supplemented over time by several modifying and implementing directives, including the last technical revision brought about by Directive 2007/47 EC.
The government of each Member State must appoint a competent authority responsible for medical devices. The competent authority (CA) is a body with authority to act on behalf of the member state to ensure that member state government transposes requirements of medical device directives into national law and applies them. The CA reports to the minister of health in the member state. The CA in one Member State has no jurisdiction in any other member state, but exchanges information and tries to reach common positions.
In the UK, for example, the Medicines and Healthcare products Regulatory Agency (MHRA) acts as a CA. In Italy it is the Ministero Salute (Ministry of Health) Medical devices must not be mistaken with medicinal products. In the EU, all medical devices must be identified with the CE mark.
In September 2012, the European Commission proposed new legislation aimed at enhancing safety, traceability, and transparency.
Article 2, Paragraph 4, of the Pharmaceutical Affairs Law (PAL) defines medical devices as "instruments and apparatus intended for use in diagnosis, cure or prevention of diseases in humans or other animals; intended to affect the structure or functions of the body of man or other animals."
The term medical device, as defined in the Food and Drugs Act, is "any article, instrument, apparatus or contrivance, including any component, part or accessory thereof, manufactured, sold or represented for use in: the diagnosis, treatment, mitigation or prevention of a disease, disorder or abnormal physical state, or its symptoms, in a human being; the restoration, correction or modification of a body function or the body structure of a human being; the diagnosis of pregnancy in a human being; or the care of a human being during pregnancy and at and after the birth of a child, including the care of the child. It also includes a contraceptive device but does not include a drug."
The term covers a wide range of health or medical instruments used in the treatment, mitigation, diagnosis or prevention of a disease or abnormal physical condition. Health Canada reviews medical devices to assess their safety, effectiveness, and quality before authorizing their sale in Canada. According to the Act, medical device does not include any device that is intended for use in relation to animals."
The regulatory authorities recognize different classes of medical devices based on their potential for harm if misused, design complexity, and their use characteristics. Each country or region defines these categories in different ways. The authorities also recognize that some devices are provided in combination with drugs, and regulation of these combination products takes this factor into consideration.
Classifying medical devices based on their risk is essential for maintaining patient safety while simultaneously facilitating marketing of medical products. By establishing different risk classifications, lower risk devices, for example a stethoscope or tongue depressor, are not required to undergo the same level of testing that higher risk devices such as artificial pacemakers undergo. Establishing a hierarchy of risk classification allows regulatory bodies to provide flexibility when reviewing medical devices.
Under the Food, Drug, and Cosmetic Act, the U.S. Food and Drug Administration recognizes three classes of medical devices, based on the level of control necessary to assure safety and effectiveness.
Class I devices are subject to the least regulatory control and are not intended to help support or sustain life or be substantially important in preventing impairment to human health, and may not present an unreasonable risk of illness or injury. Examples of Class I devices include elastic bandages, examination gloves, and hand-held surgical instruments.
Class II devices are subject to special labeling requirements, mandatory performance standards and postmarket surveillance. Examples of Class II devices include acupuncture needles, powered wheelchairs, infusion pumps, air purifiers, and surgical drapes.
Class III devices are usually those that support or sustain human life, are of substantial importance in preventing impairment of human health, or present a potential, unreasonable risk of illness or injury and require premarket approval. Examples of Class III devices include implantable pacemaker, pulse generators, HIV diagnostic tests, automated external defibrillators, and endosseous implants.
The classification of medical devices in the European Union is outlined in Article IX of the Council Directive 93/42/EEC. There are basically four classes, ranging from low risk to high risk.
The authorization of medical devices is guaranteed by a Declaration of Conformity. This declaration is issued by the manufacturer itself, but for products in Class Is, Im, IIa, IIb or III, it must be verified by a Certificate of Conformity issued by a Notified Body. A Notified Body is a public or private organisation that has been accredited to validate the compliance of the device to the European Directive. Medical devices that pertain to class I (on condition they do not require sterilization or do not measure a function) can be marketed purely by self-certification.
The European classification depends on rules that involve the medical device's duration of body contact, invasive character, use of an energy source, effect on the central circulation or nervous system, diagnostic impact, or incorporation of a medicinal product. Certified medical devices should have the CE mark on the packaging, insert leaflets, etc.. These packagings should also show harmonised pictograms and EN standardised logos to indicate essential features such as instructions for use, expiry date, manufacturer, sterile, don't reuse, etc.
In November 2018 the Federal Administrative Court of Switzerland decided that the "Sympto" app, used to analyze a woman's menstrual cycle, was a medical device because it calculates a fertility window for each woman using personal data. The manufacturer, Sympto-Therm Foundation, argued that this was a didactic, not a medical process. the court laid down that an app is a medical device if it is to be used for any of the medical purposes provided by law, and creates or modifies health information by calculations or comparison, providing information about an individual patient.
Medical devices (excluding in vitro diagnostics) in Japan are classified into four classes based on risk:
Classes I and II distinguish between extremely low and low risk devices. Classes III and IV, moderate and high risk respectively, are highly and specially controlled medical devices. In vitro diagnostics have three risk classifications.
For the remaining regions in the world the risk classifications are generally similar to the United States, European Union, and Japan or are a variant combining two or more of the three countries' risk classifications.
The classification of medical devices in Australia is outlined in section 41BD of the Therapeutic Goods Act 1989 and Regulation 3.2 of the Therapeutic Goods Regulations 2002, under control of the Therapeutic Goods Administration. Similarly to the EU classification, they rank in several categories, by order of increasing risk and associated required level of control. Various rules identify the device's category
|Classification||Level of Risk|
|Class I - measuring or Class I - supplied sterile or class IIa||Low - medium|
|Class IIb||Medium - high|
|Active implantable medical devices (AIMD)||High|
The Medical Devices Bureau of Health Canada recognizes four classes of medical devices based on the level of control necessary to assure the safety and effectiveness of the device. Class I devices present the lowest potential risk and do not require a licence. Class II devices require the manufacturer's declaration of device safety and effectiveness, whereas Class III and IV devices present a greater potential risk and are subject to in-depth scrutiny. A guidance document for device classification is published by Health Canada.
Canadian classes of medical devices correspond to the European Council Directive 93/42/EEC (MDD) devices:
Iran produces about 2,000 types of medical devices and medical supplies, such as appliances, dental supplies, disposable sterile medical items, laboratory machines, various biomaterials and dental implants. 400 Medical products are produced at the C and D risk class with all of them licensed by the Iranian Health Ministry in terms of safety and performance based on EU-standards.
Some Iranian medical devices are produced according to the European Union standards.
Some producers in Iran export medical devices and supplies which adhere to European Union standards to applicant countries, including 40 Asian and European countries.
Some Iranian producers export their products to foreign countries.
The ISO standards for medical devices are covered by ICS 11.100.20 and 11.040.01. The quality and risk management regarding the topic for regulatory purposes is convened by ISO 13485 and ISO 14971. ISO 13485:2003 is applicable to all providers and manufacturers of medical devices, components, contract services and distributors of medical devices. The standard is the basis for regulatory compliance in local markets, and most export markets. Additionally, ISO 9001:2008 sets precedence because it signifies that a company engages in the creation of new products. It requires that the development of manufactured products have an approval process and a set of rigorous quality standards and development records before the product is distributed. Further standards are IEC 60601-1 which is for electrical devices (mains-powered as well as battery powered), EN 45502-1 which is for Active implantable medical devices, and IEC 62304 for medical software. The US FDA also published a series of guidances for industry regarding this topic against 21 CFR 820 Subchapter H—Medical Devices. Subpart B includes quality system requirements, an important component of which are design controls (21 CFR 820.30). To meet the demands of these industry regulation standards, a growing number of medical device distributors are putting the complaint management process at the forefront of their quality management practices. This approach further mitigates risks and increases visibility of quality issues.
Starting in the late 1980s the FDA increased its involvement in reviewing the development of medical device software. The precipitant for change was a radiation therapy device (Therac-25) that overdosed patients because of software coding errors. FDA is now focused on regulatory oversight on medical device software development process and system-level testing.
A 2011 study by Dr. Diana Zuckerman and Paul Brown of the National Center for Health Research, and Dr. Steven Nissen of the Cleveland Clinic, published in the Archives of Internal Medicine, showed that most medical devices recalled in the last five years for "serious health problems or death" had been previously approved by the FDA using the less stringent, and cheaper, 510(k) process. In a few cases the devices had been deemed so low-risk that they did not need FDA regulation. Of the 113 devices recalled, 35 were for cardiovascular issues. This may lead to a reevaluation of FDA procedures and better oversight.
A 2014 study by Dr. Diana Zuckerman, Paul Brown, and Dr. Aditi Das of the National Center for Health Research, published in JAMA Internal Medicine, examined the scientific evidence that is publicly available about medical implants that were cleared by the FDA 510(k) process from 2008-2012. They found that scientific evidence supporting “substantial equivalence” to other devices already on the market was required by law to be publicly available, but the information was available for only 16% of the randomly selected implants, and only 10% provided clinical data. Of the more than 1,100 predicate implants that the new implants were substantially equivalent to, only 3% had any publicly available scientific evidence, and only 1% had clinical evidence of safety or effectiveness. The researchers concluded that publicly available scientific evidence on implants was needed to protect the public health.
In 2014-2015 a new international agreement, the Medical Device Single Audit Program (MDSAP), was put in place with five participant countries: Australia, Brazil, Canada, Japan, and the United States. The aim of this program was to "develop a process that allows a single audit, or inspection to ensure the medical device regulatory requirements for all five countries are satisfied".
In 2017, an article in the policy journal Milbank Quarterly criticized the FDA for its failure to safeguard electronic health records and other device software from hacking and other cybersecurity threats, stating “current regulations are necessary but not sufficient for ensuring patient safety by identifying and eliminating dangerous defects in software currently on the market”. They added that legislative changes resulting from the law entitled the 21st Century Cures Act “will further deregulate health IT, reducing safeguards that facilitate the reporting and timely recall of flawed medical software that could harm patients".
A study published in 2018 in the Milbank Quarterly, a peer-reviewed policy journal, investigated whether studies reviewed by the FDA for high-risk medical devices are proven safe and effective for women, minorities, or patients over 65 years of age.  The law encourages patient diversity in clinical trials submitted to the FDA for review. The study determined that most high-risk medical devices are not tested and analyzed to ensure that they are safe and effective for all major demographic groups. Therefore, they do not provide information about safety or effectiveness that would help patients and physicians make well informed decisions.
In 2018, an investigation involving journalists across 36 countries coordinated by the International Consortium of Investigative Journalists (ICIJ) prompted calls for reform in the United States, particularly around the 510(k) substantial equivalence process; the investigation prompted similar calls in the UK and Europe Union.
Medical device packaging is highly regulated. Often medical devices and products are sterilized in the package. Sterility must be maintained throughout distribution to allow immediate use by physicians. A series of special packaging tests measure the ability of the package to maintain sterility. Relevant standards include:
Medical device cleanliness has come under greater scrutiny since 2000, when Sulzer Orthopedics recalled several thousand metal hip implants that contained a manufacturing residue. Based on this event, ASTM established a new task group (F04.15.17) for established test methods, guidance documents, and other standards to address cleanliness of medical devices. This task group has issued two standards for permanent implants to date: 1. ASTM F2459: Standard test method for extracting residue from metallic medical components and quantifying via gravimetric analysis 2. ASTM F2847: Standard Practice for Reporting and Assessment of Residues on Single Use Implants 3. ASTM F3172: Standard Guide for Validating Cleaning Processes Used During the Manufacture of Medical Devices
In addition, the cleanliness of re-usable devices has led to a series of standards, including:
The ASTM F04.15.17 task group is working on several new standards that involve designing implants for cleaning, selection and testing of brushes for cleaning reusable devices, and cleaning assessment of medical devices made by additive manufacturing. Additionally, the FDA is establishing new guidelines for reprocessing reusable medical devices, such as orthoscopic shavers, endoscopes, and suction tubes.
Medical device manufacturing requires a level of process control according to the classification of the device. Higher risk; more controls. When in the initial R&D phase, manufacturers are now beginning to design for manufacturability. This means products can be more precision-engineered to for production to result in shorter lead times, tighter tolerances and more advanced specifications and prototypes. These days, with the aid of CAD or modelling platforms, the work is now much faster, and this can act also as a tool for strategic design generation as well as a marketing tool.
Failure to meet cost targets will lead to substantial losses for an organisation. In addition, with global competition, the R&D of new devices is not just a necessity, it is an imperative for medical device manufacturers. The realisation of a new design can be very costly, especially with the shorter product life cycle. As technology advances, there is typically a level of quality, safety and reliability that increases exponentially with time.
For example, initial models of the artificial cardiac pacemaker were external support devices that transmits pulses of electricity to the heart muscles via electrode leads on the chest. The electrodes contact the heart directly through the chest, allowing stimulation pulses to pass through the body. Recipients of this typically suffered infection at the entrance of the electrodes, which led to the subsequent trial of the first internal pacemaker, with electrodes attached to the myocardium by thoracotomy. Future developments led to the isotope-power source that would last for the lifespan of the patient.[page needed]
With the rise of smartphone usage in the medical space, in 2013, the FDA issued to regulate mobile medical applications and protect users from their unintended use, soon followed by European and other regulatory agencies. This guidance distinguishes the apps subjected to regulation based on the marketing claims of the apps. Incorporation of the guidelines during the development phase of such apps can be considered as developing a medical device; the regulations have to adapt and propositions for expedite approval may be required due to the nature of 'versions' of mobile application development.
On September 25, 2013 the FDA released a draft guidance document for regulation of mobile medical applications, to clarify what kind of mobile apps related to health would not be regulated, and which would be.
Medical devices such as pacemakers, insulin pumps, operating room monitors, defibrillators, and surgical instruments, including deep-brain stimulators, can incorporate the ability to transmit vital health information from a patient's body to medical professionals. Some of these devices can be remotely controlled. This has engendered concern about privacy and security issues, human error, and technical glitches with this technology. While only a few studies have looked at the susceptibility of medical devices to hacking, there is a risk. In 2008, computer scientists proved that pacemakers and defibrillators can be hacked wirelessly via radio hardware, an antenna, and a personal computer. These researchers showed they could shut down a combination heart defibrillator and pacemaker and reprogram it to deliver potentially lethal shocks or run out its battery. Jay Radcliff, a security researcher interested in the security of medical devices, raised fears about the safety of these devices. He shared his concerns at the Black Hat security conference. Radcliff fears that the devices are vulnerable and has found that a lethal attack is possible against those with insulin pumps and glucose monitors. Some medical device makers downplay the threat from such attacks and argue that the demonstrated attacks have been performed by skilled security researchers and are unlikely to occur in the real world. At the same time, other makers have asked software security experts to investigate the safety of their devices. As recently as June 2011, security experts showed that by using readily available hardware and a user manual, a scientist could both tap into the information on the system of a wireless insulin pump in combination with a glucose monitor. With the PIN of the device, the scientist could wirelessly control the dosage of the insulin. Anand Raghunathan, a researcher in this study, explains that medical devices are getting smaller and lighter so that they can be easily worn. The downside is that additional security features would put an extra strain on the battery and size and drive up prices. Dr. William Maisel offered some thoughts on the motivation to engage in this activity. Motivation to do this hacking might include acquisition of private information for financial gain or competitive advantage; damage to a device manufacturer's reputation; sabotage; intent to inflict financial or personal injury or just satisfaction for the attacker. Researchers suggest a few safeguards. One would be to use rolling codes. Another solution is to use a technology called "body-coupled communication" that uses the human skin as a wave guide for wireless communication. On 28 December 2016 the US Food and Drug Administration released its recommendations that are not legally enforceable for how medical device manufacturers should maintain the security of Internet-connected devices.
Similar to hazards, cybersecurity threats and vulnerabilities cannot be eliminated entirely but must be managed and reduced to a reasonable level. When designing medical devices, the tier of cybersecurity risk should be determined early in the process in order to establish a cybersecurity vulnerability and management approach (including a set of cybersecurity design controls). The medical device design approach employed should be consistent with the NIST Cybersecurity Framework for managing cybersecurity-related risks.
There are several basic types:
The identification of medical devices has been recently improved by the introduction of Unique Device Identification (UDI) and standardised naming using the Global Medical Device Nomenclature (GMDN) which have been endorsed by the International Medical Device Regulatory Forum (IMDRF).
A biomedical equipment technician (BMET) is a vital component of the healthcare delivery system. Employed primarily by hospitals, BMETs are the people responsible for maintaining a facility's medical equipment. BMET mainly act as an interface between doctor and equipment.