This blog contains the video and a detailed summary of the conversation from our December 14th mobile SaMD app webinar.
Traditionally, due to the number of challenges related to regulatory, quality and safety requirements, MedTech mobile app development is slower and more time consuming than the average commercial (i.e., non-MedTech) app.
Over the past 10+ years of bringing connected health solutions to market, MedTech innovators have adapted a suite of software development tools that are a must-have for any developer of mobile SaMD apps. These tools not only accelerate initial app development, but also make it significantly easier to deploy to patients at scale and improve the app faster.
Orthogonal held a webinar on December 14th, 2022, reviewing three classes of tools developers need to use to succeed in the mobile SaMD app marketplace in 2023: Mobile App Security, Crash Analytics and Product Analytics. When used together, they give early and detailed visibility into the operation of your medical device application, enable faster testing and deployment of app updates, and more efficient and effective ongoing monitoring and support of your apps after patients and providers use them.
Our panel, moderated by Randy Horton, Orthogonal’s Chief Solutions Officer, was composed of both experts in the mobile application development ecosystem as well as experienced medical device mobile app developers:
1. As SaMD is integrated into all areas of healthcare, the potential for wide-scale cyber attacks and app tampering grows. Mobile app security is of paramount importance to SaMD to safeguard protected health information and ensure patient safety.
2. Crash analytics not only help engineers diagnose edge cases that lead to crashes, but also provide insight into broader weaknesses in an app’s code. They contribute to a reliable user experience, which is crucial for SaMD apps as interrupting users while their health is being affected is unacceptable.
3. Product analytics leverages the strengths of software to continuously improve SaMD apps based quantitative tracking of actual patient usage data at scale. Ultimately, it results in a patient-centered, engaging healthcare experience.
The following is a summary of the webinar’s discussion, edited for conciseness and clarity.
Mobile app security is important for any app, but of paramount importance to a mobile SaMD app that interfaces with a person’s health and stores protected health information.
Anton Baranenko, Product Manager at Guardsquare, a mobile app security solutions company, said the best practice for mobile app security is to manage and mitigate application risk throughout all stages of the software development life cycle. “Security is not something that you hastily slap on at the end of your lifecycle, or a magical tool that’s going to protect your application,” Anton said. “Instead, you plan, implement, continuously verify and continuously improve your application protection.”
Anton brought up the risk of app tampering – where information exchanged between the app or a provider and a patient or a group of patients is intentionally changed to cause harm. App tampering requires technical skill, but compared to famous medical tampering cases, such as the 1982 Chicago Tylenol murders, it is significantly more scalable and more difficult to control by the app owner.
Targeted app tampering can cause real harm to patients, from delivering unreliable readings, damaging the medical device an app interfaces with, redirecting communication from an authorized medical professional to a malicious actor, or sending a copy of patient data to an unauthorized third party. In a worst-case scenario, it could cause severe harm or even death.
Managing the risks that come from app tampering is hard because the probability of tampering occurring is difficult to estimate. As there are no statistics on app tampering in the market, it’s difficult to predict as well. Developers may use app attestation – technology that checks whether the app running on a device is a genuine app – to provide reasonable protection against app tampering. Anton encourages its use, but cautions that it is not good enough on its own; other risk management tools should accompany it.
Brett Stewart of Orthogonal brought up Software Development Kits (SDK) as another area developers need to pay attention to. Many SaMD companies are looking to create an SDK for third party use, especially with the advent of telemedicine apps. Developers need to ensure that their SDKs carry the same protection and security as their apps – not only from the standpoint of protecting users, but also protecting their IP as it is shared with third parties. Anton agreed on the importance of keeping the IP and core functionality protected.
Automated app security tools help establish a baseline protection for specific groups of risk, whereas manual tests go beyond the baseline to address additional vulnerabilities. The feedback loop of a manual penetration test can be long, however, so Anton recommends integrating automated risk testing and mitigation into short development sprints.
When a piece of software has an unforeseen error and crashes, the reason for the crash may not be obvious. Crash analytics is a suite of tools that collects data around what happened when the application crashed. Jacob Radkiewicz, Senior Vice President of Engineering, uses crash analytics to diagnose issues at e-commerce fulfillment company ShipBob. ShipBob is a fast-growing company, valued at over $1 billion, that provides Amazon-grade fulfillment logistics to independent e-commerce vendors that choose not to handle logistics in-house or outsource to Amazon. ShipBob has hundreds of fulfillment centers around the world, where workers use ShipBob’s app to pick, package and ship orders for the company’s 5,550+ vendor customers.
The potential causes for application crashes are varied. “I think every error that you run into has its own unique personality and behaviors that led to it,” said Jacob. “Sometimes it’s something as simple as somebody ‘rage clicking’ on a button because they’re frustrated with the application, and sometimes it’s as complicated as too many threats causing threat exhaustion or something else that was unforeseen in the making of the application.”
Continuity and high availability are important to ShipBob’s business, as e-commerce orders are constantly coming in and going out through their app to their fulfillment workers. Crash analytics help engineers figure out the edge cases and their causes. They’ve also helped the team identify more prevalent issues to mitigate. “When we started using crash analytics to diagnose these things, that’s when we got significantly better at preventing them in the future,” Jacob said.
In the past, ShipBob’s engineers used a manual ticketing system to sort through crash reports. When an issue arose, they would jump into action and use crash data dumps to figure out what went wrong. Recently, the team transitioned to a more proactive approach. They analyze patterns in the crash analytics data to proactively fix issues that could lead to a crash.
A webinar attendee asked if Jacob’s team worries about identifiable or private information being scooped up in crash analytics. This was a highly relevant question in regards to SaMD; as SaMD can store personally identifiable information and protected health information, it’s especially important to keep this data from leaking in a crash report. Jacob said his team has invested significant time and effort into ensuring that their crash analytics data do not inadvertently scoop up these types of identifiable information.
Crash analytics is not a “just turn it on” solution. It takes some learning to use effectively, as the data dumps provided by crash analytical tools are highly detailed. Engineers will need to get familiar with sifting through the large amounts of data to identify the pattern of issues.
The work of monitoring for crashes is never done, because the app ecosystem and the hardware it runs on are always changing. Crash analytics, like mobile app security, help developers stay ahead of crises and maintain a level of certainty in a fast-moving environment.
Product analytics measures user behavior of apps to better understand how real people use them and how they can be improved to satisfy user needs. Understanding user behavior allows designers, developers, product leaders and product managers to make informed decisions and smartly employ their time and resources, said Matt Finch, VP – Head of Global Sales Engineering at Mixpanel, a product analytics solutions company.
Mobile app security and crash analytics help SaMD developers mitigate some of the challenges that come from delivering essential care through a smartphone app. Product analytics leverages the strength of software to be continuously updated after it’s on the market, and can lead to improvement of the SaMD app – optimizing user experience (UX) and user interfaces, streamlining app pathways, adding desired new features – at a level that traditional medical device manufacturers could only dream of achieving.
Product analytics helps developers ask smart questions, explore the data behind those questions, build something meaningful based on the data, and then have the ability, once it’s out in the market, to see if it had the intended impact. What developers learn from that process informs their next questions and powers the cycle of product design.
For a medical device, understanding the pathways a user takes, and how easily they navigate those pathways, is a crucial part of good UX design. By instrumenting key parts of the user experience, a user’s interaction with the app can be tracked down to the click. For example, if users get stuck in a loop and can’t find the answer they’re looking for, the data can pinpoint where they’re getting stuck and indicate how developers should intervene.
One of Mixpanel’s guiding principles is that “data represents truth.” Matt describes the way users interact with applications as black and white. Either they’re using the feature or they’re not; either they’re struggling to use it or they love it. Getting that kind of feedback in real-time lets developers iterate faster and design applications better and more efficiently, resulting in a continuously improving product that users want to use.
Randy Horton agreed that product analytics accelerate product development and noted that it can support two other types of functions for SaMD. First, it can help direct one-to-one support of users: if a patient or provider calls in needing assistance, it’s possible to look at the exact path they took through the app. Second, in the future, Randy believes product analytics could be a data input for AI to personalize recommendations for medical treatment.
Bob Moll, Principal UX Architect at Orthogonal, weighed in on the relationship between product analytics and human factor studies. Bob expressed the benefit of having both quantitative data from product analytics and qualitative data from human factors studies. “Quantitative data can clue you in as to where there might be an issue; qualitative data can give you the why’s and the specifics behind the issue,” he said. The UX team uses quantitative data derived from product analytics to inform actual user interviews in a way that qualitative data alone can’t accomplish.
Our speakers weighed in on the following question: What are the likely trends for medical devices in 2023?
Anton Baranenko of Guardsquare believes medical mobile applications will grow as a category. New apps will emerge that are more adaptive to patient needs and make better use of the hardware they run on to deliver patient-specific treatment and diagnostic data (For more on diagnostics on consumer hardware, see our webinar on Clinical Diagnostics on Consumer Electronics (CD-CE).
The downside to this innovation is the increased application tampering risk to patients. To provide individualized care, these apps will need to gather more specific patient data, and developers will need to protect that data at all costs. Consumers are also getting more used to speedier resolutions of attacks or breaches, so security teams will need to keep up the tempo without sacrificing quality or safety.
Jacob Radkiewicz of ShipBob continued Anton’s thoughts about consumer expectations. Users of medical device apps are starting to expect them to be more interactive, and are less tolerant of things going wrong. As the user base of a SaMD app grows, it becomes less feasible to manually address every crash, making automated tools like crash analytics so valuable.
Matt Finch of Mixpanel noted the growing trend of AI and Machine Learning (ML) across multiple industries. Though AI/ML definitely has a place, Matt cautioned its usage. Mistakes made by an algorithm have significant potential for harm, and patients don’t want guesses with their health.
Bob Moll of Orthogonal echoed the increasing connectivity of the smartphone to the physical medical device. Smartphones can provide a more intimate look into what’s going on in a device than the device itself, and quantitative tools show developers how a person is interacting with the therapy. “The value-add of the smartphone and the ability of the user to interface with their therapy is tremendous. We’re really just getting started,” he said.
Brett Stewart of Orthogonal agreed with the previous points. He sees mobile SaMD apps capturing not just signals from bodies, but also signals of emotional wellness, and using these signals to solve difficult problems for people. Signals and response to those signals will inform the user about trends in their lives and their environment, and help them move forward.
Jacob Radkiewicz, Senior Vice President of Engineering, ShipBob
Jacob is the Vice President of Engineering at ShipBob. He has over seven years of experience in software engineering and architecture management. Prior to joining ShipBob, Jacob was one of the three original engineering talents that helped build the big data/machine learning architecture for the Uptake platform. He was a key strategic player in prioritizing features, planning delivery, and choosing business direction while building Uptake to a $2 Billion dollar valuation.
Matt Finch, VP – Head of Global Sales Engineering, Mixpanel
Matt is Head of Global Sales Engineering at Mixpanel and thrives on solving customer problems with great technology. He is also an industry leader in Product Led Sales Engineering and shares his passion with the wider Pre Sales community as a speaker and contributor.
Anton Baranenko, Product Manager, Guardsquare
Anton Baranenko is a full-time Product Manager at Guardsquare, responsible for the iOS application protection solutions. He is passionate about technology and has more than 20 years experience in secure software development. Prior to joining Guardsquare, Anton worked for 8 years in the medical field, building medical softwares that have successfully passed numerous FDA and CE mark audits.
Brett Stewart, Principal Solutions Architect, Orthogonal
Brett is a technology architect responsible for solutions engineering for a wide range of SaMD client projects and system architectures. He brings over 20 years of experience delivering enterprise and mobile software solutions in industries ranging from diabetes care to national intelligence, where he developed his knowledge on how to engineer systems to capture core competencies and allow for flexibility. Brett worked as the architectural and operational lead for a medication adherence app that reached the #1 ranking in the Health and Wellness category on the Apple App Store.
Bob Moll, Principal UX Architect, Orthogonal
Bob Moll directs user experience and human factors initiatives for Orthogonal’s SaMD projects. He oversees user definition, use environment analysis, user workflow modeling, and interface design and development for FDA in an agile environment. Over the past two decades, Bob has worked with a range of enterprises, from Fortune 500 companies to innovative startups, designing successful new products from scratch and reenergizing existing products with improved user experiences. Bob has served clients and a wide range of their users in the financial services, education, and medical design spaces.
Randy Horton, Chief Solutions Officer, Orthogonal
Randy has spent over a decade working with healthcare and life sciences organizations to tackle the Quadruple Aim: 1) optimizing health system performance by improving the individual experience of care, 2) advancing the health of populations, 3) reducing the per capita cost of care, and 4) enhancing the work-life of those who deliver care. Randy brings strong experience, expertise, and creative business thinking to his leadership role – along with nearly three decades of experience with Internet-enabled digital transformation and a passion for being a connector of people and ideas. He helps organizations break through to their “what’s next” by building new capabilities and launching innovative, digitally enabled – and highly successful – products and services.