How a fake hip showed up failings in European device regulation
BMJ 2012; 345 doi: https://doi.org/10.1136/bmj.e7090 (Published 24 October 2012) Cite this as: BMJ 2012;345:e7090
All rapid responses
Rapid responses are electronic comments to the editor. They enable our users to debate issues raised in articles published on bmj.com. A rapid response is first posted online. If you need the URL (web address) of an individual response, simply click on the response headline and copy the URL from the browser window. A proportion of responses will, after editing, be published online and in the print journal as letters, which are indexed in PubMed. Rapid responses are not indexed in PubMed and they are not journal articles. The BMJ reserves the right to remove responses which are being wilfully misrepresented as published articles or when it is brought to our attention that a response spreads misinformation.
From March 2022, the word limit for rapid responses will be 600 words not including references and author details. We will no longer post responses that exceed this limit.
The word limit for letters selected from posted responses remains 300 words.
This investigation should have far-reaching consequences for the currently ongoing revision of the medical devices directive in the European Union. Hopefully, the European Parliament uses this report as an argument against the recent proposal of the European Commission.
For Germany, however, it would be important to know which TUV company was approached with the fake dossier. Among the 16 German notified bodies, there are "TÜV Süd", "TÜV Nordrhein" and "TÜV Nord" (full list at: http://www.dimdi.de/static/de/mpg/adress/benannte-stellen/bs-akt.htm). Although these three companies carry similar names because of historic reasons, they are separate legal entities and even competitors in the European market. It is also known that the 3 TUV companies follow quite different internal policies when evaluating the clinical data in an application for CE conformity assessment.
Competing interests: No competing interests
Congratulations on your excellent investigative journalism on faulty medical devices.
I would like to suggest that you extend the scope of your investigation to IVDs (in vitro diagnostic medical devices).
The European regulatory process for IVDs is even more lax than that for devices. For example, for some types of IVD, a CE mark can be obtained by simply by self certification.
Unfortunately for the patients who are misagnosed, faulty diagnostic test devices are (I would guess) unlikely to create the scandal that faulty treatment devices have.
So, now would be the best time possible to put pressure on the authorities to improve the systems for ensuring the safety of medical treatment devices and diagnostic test devices.
Here's a challenge for you: get a CE mark for an IVD that reads the tea leaves in the bottom of a cup.
Competing interests: No competing interests
Congratulations for doing this article.
Next target could be the computer programs that are used like for archiving and workstations.
As far as I know there is actually no safety regulation available.
It would good to do before anything happens.
Competing interests: No competing interests
Re: How a fake hip showed up failings in European device regulation
To the Editor,
Well done to the BMJ and Telegraph on this seminal undercover investigation exposing the cowboys of the medical device regulation industry.
We will highlight that the investigation only exposes the tip of the iceberg. Firstly we argue that the standard of many of the basic tools we use in the healthcare setting are not fit for purpose. Secondly we will describe the importance of also providing regulation for the security of medical devices with wireless capabilities.
A medical device can be defined as an object that improves or prolongs a patient’s quality of life, other than by pharmacological means. However we extend this definition to include objects in a patient’s environment that can positively influence medical care. The humble bedside lamp, one of the most basic needs for patient care, is used as our example. If patient bedside lamps were considered as medical devices they would be designed to meet a set of regulations; easy for a patient with poor vision to switch on at night, easy to manoeuvre to aid the aseptic insertion of a peripheral venous catheter, bright enough to perform a bedside examination, easy to clean, and energy efficient. Sadly we are yet to find a hospital ward where all these basic criteria are met for all the bedside lamps. Indeed it is embarrassing to see a colorectal consultant resorting to using a smartphone flashlight to examine a patient’s back passage. The design of objects in a patient’s environment can impact on their quality of medical care just as much as the medical devices. For this reason perhaps medical device regulations should be drawn for objects in the healthcare environment.
In today’s wireless age we can use implantable medical devices to modulate and communicate the internal milieu without laying a finger on the patient. These devices are controlled by software that can be intercepted very easily [1]. Aside from a potential breach of patient confidentiality, this poses the opportunity for malicious hacking. Indeed computer scientists have conducted experiments where commercially available implantable cardiac defibrillators (ICD) have been wirelessly intercepted with potentially lethal consequences [2]. In experiments using an ICD and animal meat, scientists were able to wirelessly change patient identification, disable the device and even induce fibrillation. This is a terrifying prospect. We feel there is a strong case for interdisciplinary collaboration when assessing failure modes in software equipped medical devices. Regulators must take the security of wireless medical devices very seriously to avoid the breeching of patient confidentiality and medical device hacking.
Advances in technology including the wireless capabilities of medical devices brings a host of benefits to the patient. Medical device regulation must keep abreast with these advances whilst addressing potential threats. However medical device innovation must be facilitated not stifled. This will be the biggest challenge for medical device regulation and one that must be met as technology advances exponentially.
1. Kramer DB, Baker M, Ransford B, Molina-Markham A, Stewart Q, Fu K et al. Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance. PLoS One. 2012;7(7):e40200
2. www.ted.com/talks/avi_rubin_all_your_devices_can_be_hacked.html (accessed 03 November 2012).
Competing interests: No competing interests