Responsibilities of healthcare professionals
The responsibilities of healthcare professionals involved in implanting devices are set out in General Medical Council guidance, and in other guidance specific to their specialism.44 For example, Royal College of Surgeons guidance states that surgeons should ensure any new implant they use complies with European standards and is certified by the competent body.45 It also states that patients must be provided with adequate time before any surgery to discuss possible implications, risks and benefits, and to make a fully informed decision.
Relationships of trust and professional responsibility are embedded in clinical practice. However, in some cases other interests can be involved in the uptake of implants.46 Studies in the US and Australia have highlighted conflicts of interests arising from relationships between surgeons and medical implant providers that incentivise the use of new implants.47 These kinds of relationships are alleged to have played a role in the adoption of vaginal mesh in the UK.48
Doctors have a responsibility to report implantation of devices to any existing registers, and to report adverse incidents that put, or could put, the safety of a patient at risk.49 However, it is not clear that this always happens. The Yellow Card scheme, which aims to capture adverse events involving medicines and devices, has seen a recent decline in reporting of adverse drug reactions.50
Challenges for consent and decision making
Uncertainty about or a lack of evidence on the long-term effects of implants can make it difficult for patients and doctors to make decisions about their use.51 Implants that incorporate software might change or be upgraded after implantation, adding to the difficulty of predicting outcomes for patients in the long term.52 Uncertainty does not necessarily mean informed consent cannot be given by patients.53 However, in some cases patients have felt they were not adequately alerted to known risks associated with implants.54
Where implants are novel or particularly invasive, such as brain stimulation devices or cardiac defibrillators, it has been recommended that counselling for the implications of living with the implant should be part of the initial consent procedure.55 This could include discussion with patients and their families about decisions that may need to be made about deactivating implants, such as cardioverter defibrillators, at the end of life.56
Liability if something goes wrong
If medical implants fail or cause harm, manufacturers can be held responsible under consumer safety legislation.57 Recently, over 300 UK patients whose hip implants had failed brought legal action against the manufacturer under the Consumer Protection Act 1987.58 DePuy, the manufacturer, separately agreed to pay the NHS to cover the cost of monitoring and operating on patients.59 There have been calls for the Government to create a no-fault compensation scheme for those injured by defective medical devices, funded by manufacturers.60
Sometimes medical implants are modified by patients themselves. For example, the project #OpenAPS is developing ways of connecting a continuous glucose sensor and insulin pump to form a closed loop system that automatically maintains safe glucose levels in people with diabetes. Instructions for how to modify devices are shared online so that it can be replicated by others.61 This kind of practice raises questions about liability and responsibility if something goes wrong. For example, while a user might be held responsible for modifying an implant counter to the manufacturer’s instructions, the possibility of hacking the implant might be attributed to a security vulnerability for which the manufacturer might be liable.62
Patient access to medical implants
Access to implants can vary across the UK. For example, there is significant variation between NHS trusts in access to cataract lens replacement.63 The types of implants used in different trusts can also vary. A 2015 review found significant variation between NHS trusts in choice of orthopaedic implants, with some trusts using more expensive implants despite no evidence of them being superior to cheaper alternatives. This was thought to be related to factors including local preferences and the influence of marketing by implant companies.64
The pace of development of implant technology has not necessarily reflected patient need. For example, pacemakers have undergone dramatic changes in design and reliability since they were first implanted in the early 1930s. By comparison, shunts used to treat fluid on the brain have changed very little in 50 years, even though four-out-of-ten shunts will malfunction in the first year after surgery.65 Innovation might be driven by market size or value, meaning that the development of implants for small patient groups can fall behind.66 The Nuffield Council has suggested that state intervention in the market could be justified to secure the social benefits of innovation through direct reward for socially valued innovations.67
Challenges for innovation
Medical technology businesses, the majority of which are small- and medium-size enterprises (SMEs), face challenges in bringing implant innovation to market in the UK. In particular, there can be a lack of funding to support the translation of early stage research into commercially viable products.68
Measures have been introduced by the Government and research funders in the UK to support the development of health technologies.69 The Accelerated Access Collaborative (AAC) – a partnership of UK patient groups, the Government, industry, and the NHS – has been set up with the aim of identifying and supporting promising new technologies, including implants and innovations that aim to address significant unmet need, and speed up access for patients in the NHS.70 HealthTech Connect, a new online system run by NICE, allows manufacturers to register new health products while they are in development to access earlier support and evaluation, potentially speeding up adoption in the NHS.71
Responsible use of patient data
Implants that collect and transmit data (see Box 1) raise questions about who should have access to, control or own data, and about infringements of privacy for patients. In some cases, data from implants are collected by the manufacturer and shared with healthcare professionals. Patients do not necessarily have access to the data – even though they relate to their own health status – and often do not have the ability to control the functionality of their implant.72
Data collected by implants could be of interest to actors outside the healthcare system. In a recent US criminal court case, data collected by a defendant’s pacemaker were obtained by prosecutors using a search warrant and used as evidence to convict him for fraud.73 Allowing data to be used in court may affect whether patients are willing to use implants given that, once implanted, the individual often will not have the option of deactivating or removing it.74
Security issues raised by medical implants
Connected devices could be exposed to security breaches such as the unauthorised accessing or hacking of an implant.75 No cyber-attacks on implants are known to have been carried out, but researchers have demonstrated that attacks would be possible in cardiac defibrillators, pacemakers, and insulin pumps.76 In 2017, a vulnerability was discovered in a brand of pacemakers used in nearly half a million US patients that could allow an unauthorised user to reprogram pacemakers and cause battery loss or inappropriate pacing.77 Human error, lax security procedures, and poor usability of programmes associated with software can increase the risk of security breaches.78
Current medical device regulations do not include requirements to demonstrate cyber security of implants before they can be approved. Post-marketing surveillance and adverse event reporting has so far not focused on potential security breaches.79
The UK Department of Health and Social Care has published a code of conduct for data-driven health and care technology that highlights the need to make security integral to the design of new technologies. It states that the new EU Regulation on medical devices will give the MHRA increased oversight, and improve the cyber security of connected medical devices.80 The Government has also committed funding towards digital security and cyber security, for example through the Industrial Strategy Challenge fund.81
44 GMC (2013) Good medical practice.
45 Royal College of Surgeons (2014) Good surgical practice.
46 Swedish National Council on Medical Ethics (2016) Ethical assessments at the border between health and medical care and research (summary in English).
47 Rogers WA and Johnson J (2013) Addressing within-role conflicts of interest in surgery J Bioeth Inq 10: 219-25; Johnson J and Rogers W (2014) Joint issues–conflicts of interest, the ASR hip and suggestions for managing surgical conflicts of interest BMC Med Ethics 15: 63; Cohen D (2011) Out of joint: the story of the ASR BMJ 342: d2905; Tanne JH (2007) US makers of joint replacements are fined for paying surgeons to use their devices BMJ 335: 1065.
48 Gornall J (2018) Vaginal mesh implants: putting the relations between UK doctors and industry in plain sight BMJ 363: k4164.
49 GMC (2013) Good medical practice.
50 Gov.UK (17 May 2019) Yellow card: please help to reverse the decline in reporting of suspected adverse drug reactions.
51 Fraser AG et al. (2018) The need for transparency of clinical evidence for medical devices in Europe Lancet 392: 521-30.
52 Quigley M and Ayihongbe S (2018) Everyday cyborgs: on integrated persons and integrated goods Med Law Rev 26: 276–308.
53 Pattinson SD (2009) Consent and informational responsibility J Med Ethics 35: 176–9.
54 ICIJ (15 January 2019) Patients across the world outraged by failure to inform them of device dangers. This has been Bioethics briefingthe main theme in UK vaginal mesh litigation cases: NHS Resolution (2018) Submission to The Independent Medicines and Medical Devices Safety Review.
55 Nuffield Council on Bioethics (2013) Novel neurotechnologies: intervening in the brain; Khan P (2017) Importance of Counselling ICD Patients: The role of cardiac physiologists in Psychological, emotional, social and cognitive aspects of implantable cardiac devices Proietti R et al., eds.
56 Steiner JM et al. (2018) Moral distress at the end of a life: when family and clinicians do not agree on implantable cardioverter-defibrillator deactivation J Pain Symptom Manag 55: 530-4.
57 Consumer Protection Act 1987.
58 The BMJ News (22 May 2018) UK patients lose legal claim that DePuy metal-on-metal hip implant was “defective”.
59 The Guardian (26 November 2018) Firm pays out to NHS over defective hip replacements.
60 Leigh Day (26 November 2018) Leading medical devices lawyer calls for ‘Nordic style’ compensation scheme for patients.
61 See: https://openaps.org.
62 Quigley M and Ayihongbe S (2018) Everyday cyborgs: on integrated persons and integrated goods Med Law Rev 26: 276–308.
63 RNIB (2016) Surgery deferred, sight denied.
64 British Orthopaedic Association (2015) A national review of adult elective orthopaedic services in England: getting it right the first time.
65 Soler GJ (2018) A review of cerebral shunts, current technologies, and future endeavors Yale J Bil Med 91: 313-21; NHS (2017) Complications – Hydrocephalus.
66 Nuffield Council on Bioethics (2013) Novel neurotechnologies: intervening in the brain.
67 Nuffield Council on Bioethics (2012) Emerging biotechnologies: technology, choice and the public good.
68 Office for Life Sciences (2017) Life sciences: industrial strategy; A detailed account of challenges facing small businesses developing medical devices is available in: Nuffield Council on Bioethics (2013) Novel neurotechnologies: intervening in the brain.
69 See, for example, Gov.uk (2018) Biomedical catalyst: what it is and how to apply for funding; Gov.uk (14 July 2017) £86 million funding announced for new medicine and technology; NIHR (no date) Supporting innovation and development of new medical technologies and diagnostics.
70 Gov.uk (2 May 2019) NHS patients to get faster access to pioneering treatments; NICE (2019) Identifying high potential products and accelerating access to market.
71 See: https://www.healthtechconnect.org.uk/.
72 Harmon SHE, Haddow G, and Gilman L (2015) New risks inadequately managed: the case of smart implants and medical device regulation Law Innov Technol 7: 231-52.
73 McLeod CA (2018) A telltale heart: exploring the constitutionality of the use of personal technology to incriminate individuals SSRN.
74 The RAND blog (15 May 2017) Using digital data in criminal investigations: where and how to draw the line?.
75 US Government Accountability Office (2012) Medical devices: FDA should expand its consideration of information security for certain types of devices.
76 Halperin D et al. (2008) Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses Security and Privacy, 2008 IEEE Symposium on Security and Privacy; Li C (2011) Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services.
77 FDA (2017) Firmware update to address cybersecurity vulnerabilities identified in Abbott’s (formerly St. Jude Medical’s) implantable cardiac pacemakers: FDA safety communication.
78 Pycroft L and Aziz T (2018) Security of implantable medical devices with wireless connections: The dangers of cyberattacks Expert Rev Med Devices 15: 403-6.
79 Leverett E et al. (2017) Standardisation and Certification of the ‘internet of things’ 16th Annual Workshop on the Economics of Information Security (WEIS 2017).
80 Department of Health and Social Care (2019) Code of conduct for data-driven health and care technology.
81 Gov.uk (4 February 2019) Improve cyber security in the Internet of Things: apply for funds.