Medical devices are a wonder of the modern age. “Smart” infusion pumps deliver drugs perfectly dosed for individual patients. Easy-to-use AEDs (Automatic Electronic Defibrillators) can bring heart-attack victims back from the brink of death. Pacemakers and artificial hearts keep people alive by ensuring that blood is pumped smoothly around their bodies.
However, as these devices have become more capable, they have also become more complex. More than half of the medical devices sold in America (the world’s largest health-care market) rely on software, and often lots of it. The software in a pacemaker may require over 80,000 lines of code, a drug-infusion pump 170,000 lines, and an MRI (Magnetic Resonance Imaging) scanner more than 7 million lines.
This growing reliance on software causes problems that are familiar to anyone who has ever used a computer: bugs, crashes, and vulnerability to digital attacks. One in three of all software-based medical devices sold in America between 1999 and 2005 were recalled for software failure. Dr. Kevin Fu, a computer science professor at the University of Massachusetts, calculates that such recalls have affected over 1.5 million individual devices since 2002. In 2012, researchers at McAfee, a computer-security firm, said they had found a way to get an implanted insulin pump to deliver 45 days’ worth of insulin in one go. And in 2008, Dr. Fu and his colleagues published a paper detailing the remote, wireless reprogramming of an implantable defibrillator.
When software in a medical device malfunctions, the consequences can be far more serious than just having to reboot your PC. During the 1980s, a bug in the software of Therac-25 radiotherapy machines caused massive overdoses of radiation to be delivered to several patients, killing at least five. America’s Food and Drug Administration (FDA) has linked problems with drug-infusion pumps to nearly 20,000 serious injuries and over 700 deaths between 2005 and 2009. Software errors were the most frequently cited problem.
In addition to accidental malfunctions, wireless and networked medical devices are also vulnerable to attacks by malicious hackers. Dr. Fu and his colleagues showed how an implantable cardioverter defibrillator could be remotely reprogrammed either to withhold therapy when it is needed or, even worse, to deliver unnecessary shocks. Dr. Fu says that when it comes to testing their software, device manufacturers lack the safety culture found in other high-risk industries such as aviation, and are failing to keep up with the latest advances in software engineering. Insup Lee, professor of computer science at the University of Pennsylvania, agrees: “Many manufacturers do not have the expertise or the willingness to utilize new tools being developed in computer science,” he says.
Just how bad it is, though, no one knows for sure. The software used in the vast majority of medical devices is closed and proprietary. This prevents rivals from copying each other’s code or checking for patent infringements. It also makes it harder to expose flaws. The FDA, which could demand to see the source code for every device it approves, does not routinely do so, but instead leaves it to manufacturers to validate their own software.
Frustrated by the lack of co-operation from manufacturers, some academics now want to reinvent the medical-device industry from the ground up, using open-source techniques. In open-source systems, the source code is freely shared and can be viewed and modified by anyone who wants to see how it works or build an improved version of it. Exposing a design to many hands and eyes, the theory goes, results in safer products.
The Generic Infusion Pump project, a joint effort between the University of Pennsylvania and the FDA, is taking these troublesome devices back to basics. The researchers began not by building a device or writing code but by imagining everything that could possibly go wrong with a drug-infusion pump. Mathematical models of existing and new pump designs were tested against the possible risks, and the best-performing models were used to generate code, which was installed on a second-hand infusion pump bought online for $20.
Equally ambitious is the Open-source Medical Device initiative at the University of Wisconsin-Madison. Two medical physicists, Rock Mackie and Surrender Prajapati, are designing a machine to combine radiotherapy with high resolution CT (computed tomography) and PET (positron-emission tomography) scanning. Their aim is to supply, at zero cost, everything necessary to build the device from scratch, including hardware specifications, source code, assembly instructions, suggested parts—and even recommendations on where to buy them and how much to pay. The machine should cost about a quarter as much as a commercial scanner, making it attractive in the developing world, says Dr. Prajapati. “Existing devices are expensive both to buy and maintain,” he says, whereas the open-source model is more sustainable. “If you can build it yourself, you can fix it yourself when something breaks.”
Open-source devices are also to be found literally at the cutting edge of medical science. An open-source surgical robot called Raven, designed at the University of Washington in Seattle, provides an affordable platform for researchers around the world to experiment with new techniques and technologies for robotic surgery.
All these open-source systems address very different problems in medical science, but they have one thing in common: all are currently prohibited for use on live human patients. To be used in a clinical setting, open-source devices must first undergo the same expensive and lengthy FDA approval processes as any other medical device. FDA regulations do not yet require software to be analyzed for bugs, but they do insist on a rigorous paper trail detailing its development. This is not always a good fit with the collaborative and often informal nature of open-source coding.
The high cost of navigating the regulatory regime has forced some not-for-profit, open-source projects to alter their business models. “In the 1990s we developed an excellent radiation-therapy treatment planning system and tried to give it away to other clinics,” says Dr. Mackie. “But when we were told by the FDA that we should get our software approved, the hospital wasn’t willing to fund it.” He formed a spin-off firm specifically to get FDA approval. It took four years and cost millions of dollars. The software was subsequently sold as a traditional, closed-source product.
Others are skirting America’s regulatory system altogether. The Raven surgical robot is intended for research use on animals, while the Open Source Medical Device scanner will be large enough only to accommodate rats and rabbits. However, says Dr. Mackie, there is nothing to stop anyone taking the design and putting it through a regulatory process in another country. “It may even happen that the device will be used on humans in parts of the world where strict regulation does not exist,” he says. “We would hope that if it is used in such a way, it will be well-enough-designed not to hurt anybody.”
The FDA is gradually embracing openness. The Medical Device PlugandPlay (MD PnP) Program, a 10million-dollar initiative funded by the National Institutes of Health with the support of the FDA, is working to set open standards for interconnecting devices from different manufacturers. This would mean that, say, a blood-pressure cuff could instruct a drug pump to stop delivering medication if it sensed that a patient was suffering an adverse reaction.
Eventually, medical devices might evolve into collections of specialized (and possibly proprietary) accessories, with the primary computing and safety features managed by an open-source hub.
In the meantime, there are moves afoot to improve the overall security and reliability of software in medical devices. America’s National Institute of Standards and Technology has just recommended that a single agency, probably the FDA, should be responsible for approving and tracking cybersecurity in medical devices, and the FDA is reevaluating its ability to cope with the growing use of software.
Such changes cannot happen too soon. “When a plane falls out of the sky, people notice,” says Dr. Fu. “But when one or two people are hurt by a medical device, or even if hundreds are hurt in different parts of the country, nobody notices.” With ever more complex devices, opening up the hidden heart of medical technology makes a great deal of sense.
コメントを残す