The IT Law Wiki


Medical device includes surgical and medical instruments, orthopedic, prosthetic, and surgical appliances and supplies; dental equipment and supplies; x-ray apparatus, tubes, related irradiation apparatus; electrotherapy and electromedical apparatus; ophthalmic equipment; and in-vitro diagnostic substances.

Historical background[]

Prior to the digital age, medical devices were generally built using analog components in relatively simple designs, with relatively simple user interfaces and limited functionality. The primary method of controlling risk to patients was competent human intervention. Life spans of these devices tended to be rather long, corresponding to the rate of technological change and established business models.

Over the last 20 or so years, designs for medical devices have evolved from analog to digital systems. Today, software, microprocessor, sensor, and actuator technologies are ubiquitous in these devices. Some of the more complex devices can have a million or more lines of code. Most devices contain embedded systems[1] that rely on a combination of proprietary, commercial off-the-shelf (COTS) and custom software or software-of-unknown-pedigree (SOUP) components. These systems are highly proprietary and increasingly dependent on software to provide greater levels of device robustness and functionality. Designs continue to rely, however, on competent human intervention as the ultimate risk-control measure.

Current medical device systems[]

There are numerous issues that have arisen in connection with current medical device systems:


Device architectures are highly proprietary, not interoperable, and rely heavily on professionals to provide inputs and assess outputs. Embedded systems are, for the most part, open-loop. Exceptions (closed-loop) tend to be implantable devices such as implantable cardioverter defibrillators (ICDs) or cochlear prosthetics (with soft operational deadlines). Any network communication is largely for the purpose of diagnostic output. Complex instruction set computer (CISC) and reduced instruction set computer (RISC) architectures are commonly used. Multicore and system-on-a-chip (SoC) architectures and flexible reconfigurable architectures, such as field programmable gate arrays (FPGAs), are becoming more common in device designs.

Development methods[]

Current software development methods range from older methods such as structured programming to object-oriented programming paradigms where objects are instantiated at run-time. Formal methods-based design and analysis are not widely used. Human resource-intensive, system-based verification and validation activities are conducted to demonstrate that a device will perform as intended. Use of static-analysis tools on implemented code is limited. Development platforms do not facilitate integration of hardware, software, and human factors in design, development, and manufacturing.

Emerging medical device systems[]

Emerging medical device systems may be characterized as those systems that are pushing the envelope of regulated technology. Examples are closed-loop or networked device systems.

In today's health care environment, it is common to have a patient connected to several medical devices simultaneously. These devices may be delivering drugs, regulating breathing, or reporting a physiological status. Caregivers must aggregate, analyze, and react to this information in a coordinated way. In the operating room, for example, one may find many devices providing life-supporting functions and multiple medical professionals interoperating based on information provided by the various devices (and their own observations). Humans are subject to fatigue, miscommunication, distractions, misinterpretation of information, information overload, and other factors. These factors can combine to contribute to an undesirable patient outcome.

The digital technology found in most medical devices today would make it rather easy (at least conceptually) to collect device information, aggregate it, and either present it to a health care provider for some action or use it to trigger an autonomous action by a device. For example, it is routine to simultaneously display data from pulse oximeters, EKGs, and blood-pressure devices to monitor patients with cardiac problems; devices delivering radiation treatment to a tumor in an organ that moves can sense organ motion and direct a radiation beam calibrated to the movement.

The need to provide health care services in a home-care environment, or deliver expert medical practice remotely (telemedicine, emergency response), or perform online clinical lab analysis further underscores the central role of advanced networking and distributed communication of medical information (via electronic health records) in emerging care systems. Adding computing and control mechanisms to the critical medical information communicated (via networking) establishes a fundamental prerequisite to high-confidence cyber-physical medical systems. This must be done in a way that supports the principled development and implementation of systems of medical systems.


Emerging medical device architecture is beginning to provide wired and wireless interfaces to facilitate networked communication of device (patient) data. But attempts to aggregate medical data between devices that were designed to operate separately are resulting in unintended or accidental (virtual) couplings.

The device procurement process historically has established "stove-piped families" of proprietary devices that are not designed to interoperate with other "families" of devices. Ad-hoc attempts to integrate provider processes and the families of proprietary devices have resulted in very loosely coupled "stealth" networks that can involve transferring data between devices via memory stick, PDA (Bluetooth and IR communication), barcoding, or other technologies.

Clearly, there is a need for rationally designed high-confidence medical device cyber-physical architectures.

To optimize patient care, multiple cyber-physical devices must interoperate together smoothly at a very high level of confidence. Interoperability facilitates and accelerates aggregation of patient information that can be used to improve patient care and treatment outcomes. To that end, there are emerging efforts of health care providers to develop closed-loop, interoperable medical systems.

Development methods[]

Neither past nor current development methods are adequate for engineering these complex emerging medical systems. There is a need to be able reliably to compose, not only highly trustworthy systems from diverse components, but also highly trustworthy systems of systems. Medical device design oriented toward a holistic approach that integrates functional, computational, and communication designs in the presence of uncertain patient models in both normal and abnormal conditions is needed.

It is our view that the emerging development methods must scale across the device industry’s entire problem set as well as its diverse development skill levels. The ability for third parties to trust all aspects of design and development results is key to device innovation.

Future medical devices: High-confidence cyber-physical systems (CPS)[]

As technological advances and innovation permit medical device systems to decrease in size while increasing in capabilities, it is reasonable to expect that future devices could evolve into ubiquitous supervisory-control, patient-centric systems performing autonomous, cooperative, and coordinated actions.


Ongoing research seems headed toward the merging of physiological, biological, engineered, and physical systems for health care that include, for example, biomechanical systems, nano/bio devices, bionics, or even pure (programmable) biological systems. Enabled by advances in both biological understanding and IT, medical devices and systems of the future can be expected to continue the trend towards heterogeneous configurable personalized systems far more capable, and also more complex, than today’s.

Development methods[]

As the architecture of medical systems evolves from the domain of macro- and micro-mechanical systems to nanoscale CPS and biological systems, development methods must fundamentally change. It is likely that a greater dependence on, and trust in, physical and biological models will become necessary.

Future developments[]

From a scientific and technological "push" perspective, progress in biomedical technology inevitably will be propelled by discoveries in biology and medicine; new biosensing and bioactuation inventions; advances in bio- and nano-materials and structures; the miniaturization, enhanced control, and increasing mobility of technologies such as mass spectrometry, ultrasound, and resonance-based imaging. Many of these are made possible by concurrent advances in the cyber technologies that enable the exploitation and precise control of physical technologies. Biological and medical advances can be expected to open new possibilities for interventions at all levels: system, organ, cellular, molecular, or even atomic.


  1. Embedded systems are becoming critical in medicine because they increasingly control functions of, and communicate with, patients themselves as well as engineered systems. Device life spans are shrinking due to more rapid innovation in enabling technologies and the demand for more robust systems. The pressures of rising health care costs, an aging population, and diminishing medical professional resources are also driving health-care providers to seek technological innovations to maintain or improve patient care as efficiently as possible.