Close
Dr Andrew Mkwashi is a Research Fellow in Regulation and Standardization of Connected, Intelligent Medical Devices (REG-MEDTECH)
Can you briefly describe what your research project is about?
The REG-MEDTECH project, which is led by Dr Irina Brass, is about understanding the extent to which current regulatory frameworks and standards address the critical challenges and unique risks posed by Connected, Intelligent Medical devices (CIMDs) and provide possible solutions to these challenges. REG-MEDTECH is an EPSRC-funded project, part of the prestigious PETRAS National Centre of Excellence on IoT Systems Cybersecurity. The digital healthcare sector is undergoing a rapid transformation and in recent years there has been a lot of changes such as; advancement and availability of new technologies, accelerated adoption and use of Artificial Intelligent (AI) systems that are typically implemented as software in medical devices or as Software as a Medical Device (SaMD), massive adoption of interconnected devices that can monitor health and deliver medication as well as provide remote care services through implanted devices. In addition, healthcare institutions are now opting for cloud migration and digital transformation of medical records to accelerate communication between staff, patients and other organisations.
However, the use of CIMDs entails some considerable risks to human health. Coupled with increased cybersecurity breaches in which interoperability issues have been the root cause, new ethical and legal questions have been raised regarding transparency, privacy, integrity and accountability of these devices. As CIMDs forms part of the Internet-of-Medical-Things (IoMT) ecosystem that facilitates the collection, analysis, and transmission of health data, regulation is therefore one mechanism to help balance the benefits and risks of new CIMDs. While many manufacturers are evolving toward more standardized modes of CIMDs data communication, there is no specific or singular method or industry conformance requirement that is mandated as part of a general manufacturing standard for communication. There are also some gaps in standards that address the integrity of algorithmic decision-making and data science (e.g. bias elimination, repeatability, reliability and performance in line with intended use) as well as standards that ensure transparency with users and patients (e.g. usability, trust, accountability). Some standards do not contain explicit provisions on cybersecurity but they provide some guidance for the implementation of security controls.
From these critical challenges, the REG-MEDTECH project explores possible broader adjustments in the standardisation and regulation of CIMDs, which would promote safer device connectivity, and contribute optimally to the digital healthcare sector objectives. We do this by interrogating the utilization of embedded artificial intelligence in CIMDs, analyzing the cybersecurity challenges and data integrity issues as an opportunity for strengthening CIMDs regulation and standards.
How is it different from other research projects in the topic?
Many research projects have concentrated mainly on the information side of what technology can do. However, very little attention to date has been focused on the medical device connectivity side and its associated regulatory challenges, the concern of the current project. Among the few research projects that address this aspect is a study done by the European data protection authorities that have discussed the protection of privacy and data in IoMT and has provided some implementation guidelines to meet legal frameworks. Recently, the U.S. Food and Drug Administration (FDA), Health Canada, and the United Kingdom’s Medicines and Healthcare products Regulatory Agency (MHRA) have jointly issued the Good Machine Learning Practice for Medical Device Development Guiding Principles. These guiding principles promote safe, effective, and high-quality medical devices that use artificial intelligence and machine learning (AI/ML). While these works constitute important contributions to the issue at hand, they do not provide solutions specific to the unique CIMDs environment that consider the increased sensitivity of data and criticality of operations in CIMDs environments.
Moreover, many researchers have presented general security guidelines for IoMT. In this REG-MEDTECH project, we will provide an overview of currently published AI, cybersecurity and data integrity regulations, standards, and guidelines in the context of CIMD software. This overview will serve as an input to establish and maintain procedures that address cyberattack prevention, detection, and response/recovery. In addition, the REG-MEDTECH project will highlight important gaps in regulatory standards and recommend modernization of these current standards and guidance to align with the advancements of AI in CIMDs including specific guidance for change controls, clear definitions on how transparent outputs are required to be and explicit guidance on compliance to the general safety data protection regulations.
What do you find exciting about this project?
I have always been drawn to technology and I have a keen interest in all the meticulous behind the scenes research work that generates safer and healthier technologies and alter patients’ lives for the better. Therefore, there are three things in this project that excites me most: first, is working in partnership with key medical device industry leaders and leading standards-makers such as the British Standards Institute (BSI) who have unique knowledge of regulatory frameworks, to understand evolving threats and risks to patient safety, security, and privacy and to explore opportunities that enhance patient outcomes.
Second, I am also finding that being part of the Digital Technologies Policy Laboratory (DTPL) team is incredibly exciting because there is so much to learn and know about in the cybersecurity space. This is a dynamic and creative community of professionals who share simple goals: 1) to develop responses to the challenges and opportunities of emerging technologies and (2) to ensure technology and information is used for good, whether it is through code, hardware or policies.
The third thing that gives oxygen to my dreams and makes me super excited is having an awareness that this project will contribute towards the development of a CIMDs regulatory framework, which is coherent with the PETRAS aims and other facets of the digital healthcare sector objectives and responsive to the dynamic needs of health care stakeholders.
What are you working on now to prepare for the next stage of the project?
In this project, we proposed to develop a standards mapping tool that could be used by different stakeholders as a guideline of existing and in-progress standards and guidance documents. This tool will draw upon all of the previously related research projects. To enable the development of this standards mapping tool, I am therefore analysing systematically the existing standards and combining previous research projects to prepare for the next stage of the project which will be addressing thoroughly the artificial intelligence, cybersecurity and data integrity considerations for all CIMDs scenarios.
It has also been an honour to work so closely with Dr Irina Brass (the Principal Investigator on this project), whose work in the field is an inspiration to me.