It is tempting to want to purchase inexpensive, commercial off-the-shelf (COTS) tablets for use in medical facilities or to interface with medical equipment. Unfortunately, there are several technical, regulatory and security issues that could prevent you from doing that. Technical issues, FDA, and HIPAA security rules are just three potential pot holes for COTS tablets. Custom Android tablets for medical applications can be the answer and Modified-COTS custom tablets can get you to market quickly and with lower costs.
Medical Grade Tablet – Technical Issue
There are many unique devices in hospitals and doctor’s offices that a tablet could communicate with to facilitate the logging, processing, and management of data. Tablets are perfect for visualizing data, processing results and for sharing that data with patients or other medical personnel. Finding an off-the-shelf tablet that can seamlessly interface with various pieces of equipment may be impossible. Off-the-shelf tablets have other potential issues such as being too fragile for this environment, short product life-cycle, limited battery run-time, poor display readability in strong lighting or outdoor applications, as well as many others. Finally, the IT manager will want to control the tablet’s software to prevent unwarranted use or access. Access to the operating system may not be possible without voiding the warranty on a COTS tablet and some of the security requirements imposed on medical tablets may require just that.
If the tablet is going to be used in an application that requires FDA approval of the device, using a COTS tablet would become prohibitively costly. COTS tablet companies constantly change components, software and model numbers. Each change could require a recertification with FDA – a process that takes quite a long time and money. The FDA’s multi-step process for approval of Class I, II and III medical devices starts at product design and requires documentation throughout the development process. For Class II and III devices, strict manufacturing practices need to be followed and the device must be manufactured under the strict medical ISO 13485 in an approved manufacturing plant. COTS tablets are typically not built under this standard and the manufacturers do not provide the appropriate documentation and tracking necessary to meet FDA approval.
HIPAA Title II establishes the policies and procedures for maintaining privacy and security of individually identifiable health information. Medical personnel can us a tablet to collect and display data, lab and test results, and personal information on an individual patient. In order to conform to HIPAA the tablet would need to be designed to meet the Security Rule to protect such data. The security necessary to protect Electronic Protected Health Information (EPHI) includes administrative security, physical security, and technical security. Administrative security includes such things as the ability to create accounts and allow access to EPHI to only need-to-know medical personnel. Physical security addresses items such as access control, removal of hardware, and theft. While technical security addresses protection from intruders such as hackers, unauthorized personnel and encryption of data. While some of these features are included in off-the-shelf tablets, a locked operating system does not give an IT manager the level of control necessary to ensure all the necessary levels of security.
The Answer – Custom Android Tablets for Medical Applications
If you have a medical application in need of an Android or Linux tablet, the best way to go is to design your system to the required application and develop the tablet to meet all your technical needs and all the regulatory and security requirements. This may seem like a daunting task. InHand’s Modified-COTS approach begins with a proven tablet running all necessary software. Prototypes can quickly be put together to begin the FDA process. Also, since the tablet is being customized, all requirements (connectors, security, look and feel, branding, labeling, environmental, etc.) can be designed in to your specification. The software is under your full control and all security features can be implemented, from lockdown of bootloader to secure remote updates to physical tamper protection. The device can even be programmed to wipe its data if it is removed from a facility. And, since the device is designed for long life, you can expect to be able to manufacture the same tablet for 5-10 years!
Therefore, if you have to meet stringent medical device requirements and want control of your devices, consider a Modified-COTS approach for your next device design. InHand can get you to market faster, less expensively, and with lower risk.