However, there are some new concerns around the management, privacy and security of personal data. Medical device manufacturers must address these issues in order to ensure safety as well as broad adoption of their products and services, which use AI technologies.
Georg Heidenreich, who coordinates Technical Regulations and Standardization at Siemens Healthcare, is also involved in IEC Technical Committee 62, which produces international standards for electrical equipment in medical practice. He leads the group working specifically on safety, security and effectiveness of health software and IT systems. e-tech caught up with Heidenreich to find out the latest developments and the role standards have to play in delivering safe, innovative technologies.
The main aim of standardization is to provide certainty to the manufacturers, auditors and users and finally to governments and citizens. Society in general needs to have these assurances if it is going to adopt innovative technologies.
“Governments, authorities and manufacturers see the need to develop standards for data handling in systems using AI to assure the healthcare community. We don’t want to leave a gap here. IEC has a very important role to play when it comes to medical devices. There is an expectation to achieve safety and performance of such devices through regulations and standards, which IEC can develop to provide a foundation for going to market with certainty”, says Heidenreich.
Some AI technologies have been around for several decades in healthcare and are well-established, such as automated medication dispensing systems. These allow doctors, surgeons and nurses to manage medication more effectively and safely in hospitals and health centres.
Nonetheless, the system’s framework must still be supervised by people. The physician will consider the medication proposal from the machine and then decide whether or not to follow the advice.
“From a technical perspective, the so-called symbolic AI system uses sets of rules to decide what and how much medication to administer to a patient. The rules can be put into other systems, they can be reviewed, made machine-readable or extended with other rules. From the regulatory and standards perspective, the safety and performance aspects are well-established even if there are new technologies coming into markets”, says Heidenreich.
In contrast to symbolic systems, other numeric systems learn by taking probability into account. They are used to help doctors find the best treatments for patients. If a patient presents with certain symptoms, the system mines numerous earlier cases, just as in clinical trials. It looks for similar cases and their concluding diagnoses, which the doctor may consider when deciding the treatment.
On a larger scale, this type of system is being used to process volumes of X-ray images, MRI or other images to find, for example, tissue tumours. While more complex, the general principle relies on a set of historical, annotated images with a known diagnosis, which has a human assertion or certainty behind it. These are then analysed against current patient images, in order to enhance a doctor’s treatment decision. The aim is to augment human intelligence, rather than trying to replace it.
As Heidenreich explains, within these numeric systems, there are two classes of algorithms: one which learns at the manufacturer’s site only and remains “fixed”, and the other, which continues to learn on site, for example at a hospital.
Triage expert software systems are used to manage situations in which ambulances bring patients after accidents or in emergency situations to the hospital. The triage systems are trained to work out quickly which patients need the most urgent treatment. Triage is also used to assign the critical resources, including doctors and available rooms and medical equipment, to the most urgent patients.
“Manufacturers typically do not take responsibility for “learning” systems. Instead, the hospitals tailor a general purpose system to their needs. The system performs as a doctor would, by using the answers to a list of questions to decide when and how to treat the patient, and suggests the outcome to the doctor. This is accomplished by taking into account contextual factors, such as how the accident or vulnerability occurred and what the symptoms are”, explains Heidenreich.
Heidenreich notes that there are no appropriate standards to extend to the manufacturer, which detail what has to be taken into account for safety of those numeric systems. Such systems depend highly on accurate, comprehensive “historic” data from clinical trials.
“The data is the device! We need a standard which defines how to handle this data in terms of integrity and validity, and meets safety and performance goals that are the basis of regulatory market access for medical devices”, he adds.
In current systems, the software itself – the algorithm and the programming technology – is critical for safety and performance, whereas for the more recent numeric systems, the data is critical.
This means that cyber security has become a very important consideration, because the data pool becomes the asset for which it is vital to ensure safety, performance and integrity.
“Currently, there are two proposals in the pipeline, which are expected to advance over the coming year. The first is to assess the applicability of existing standards, such as ISO 14971 Risk Management, IEC 62304 Software Lifecycle and others, for products using AI. The other proposal suggests developing a standard for handling data that is intended for decision-making, for example, sensitive data taken from clinical trial IT systems and other clinical routine data sources. An appropriate data handling system should combine information engineering with the safe and trustworthy handling already known for biomaterials”, Heidenreich concludes.
As well as developing international standards for medical devices, IEC and ISO Joint Technical Committee (JTC 1) work together to produce international standards for 22 different information technologies, including artificial intelligence, the Internet of Things and virtual and augmented reality, which are used increasingly in healthcare applications. JTC 1 also covers cyber security for the protection of data and users of intelligent products and services, such as connected medical devices and systems, which help doctors to decide the best treatments for patients.
Another way to ensure smart medical devices are safe and data remains protected and private is through testing and certification. IECEE, the IEC System of Conformity Assessment Schemes for Electrotechnical Equipment and Components, ensures that electrical and electronic devices and equipment meet expectations in terms of performance, safety, reliability and other criteria by testing and certifying these against international standards developed by IEC.
The system covers risks to patients, those who operate the equipment – doctors, nurses and technicians and maintenance personnel. More recently, IECEE has begun to include activities related to cybersecurity for the medical industry, to ensure user safety from potential cyber threats and data privacy.