engineering the
embedded world

Medical Engineering

Let us develop your product! From the moment your idea is born all the way to production!

As provider of development services, we develop complete medical devices, electronic components, firmware, and mechanical construction. The development takes place in the customer process or in our own ISO 13485 certified process. The field of medical products starts with portable devices and ends with complex systems such as medical robots and implants. These also meet the highest requirements such as risk class III (MDR), software safety class C (IEC 62304), and cybersecurity SL 3 (IEC 62443). Mastering the complexity of demanding development projects and ensuring safety through cybersecurity are probably the most important competencies of the business unit.

In addition, we advise our customers on risk management, standard-compliant documentation and usability. We excel in the timely provision of premium hardware and software as well as documentation suitable for successful approval in Europe and the USA. On request we transfer our know-how and the norm-compliant processes to our customers.

Engineering Services

  • We develop complete medical devices for you in the fields of hardware, software and housing construction, including the documentation required for approval.
  • From use cases, our system engineering competently creates the functional product requirements.
  • We design the HMI for maximum usability.
  • The hardware meets the high requirements of EN 60601-1.
    • The reliability of portable devices is based on our experience in battery management and radio interfaces.
  • The software meets the software safety classes up to C.
    • The platforms range from compact embedded boards through Linux-based boards and PCs to medical apps.
    • Electronic records of device-specific process sequences, such as the logging of sensor data or user-dependent GUI inputs, can be implemented in accordance with 21 CFR 11.
  • The mechanical design realises protection classes up to IP69K.
  • We implement functional safety (single fault safety) consistently and transparently.
  • We manage IT risks competently and certified according to ISO 31000. Thus, the implemented solutions for cybersecurity and the combination of safety&security are process-compliant. Furthermore, we support the PSIRT teams.
  • For the implementation of communication solutions in hospitals, we have many years of experience with HIS (Hospital Information System, HL 7, GDT).
  • For the Internet of Medical Things (IoMT) we develop complete devices ready for approval and implement interfaces.
  • The verification & validation is carried out efficiently and automatised in a specialised department.
  • The approvals include CE for medical products, FDA and UL.
  • Lab and production equipment can be developed according to GAMP® 5.

Communication

embeX masters the implementation of the following communication standards:

  • HL7 (Connectivity with HIS: Hospital Information System)
  • GDT
  • ISO / IEEE 11073 “Service-oriented Device Connectivity”
  • Standards such as Bluetooth, BLE, MQTT, USB, Ethernet, Wifi and CAN
USB
WiFi, WLAN

Cybersecurity for Medical Products

For medical technology, the German equavalent to the FDA, BfArM, has clarified: „Manufacturers and operators must increasingly focus on the IT security of networked medical devices: Cybersecurity is an essential prerequisite for medical device safety and patient protection”.

As a leading development service provider in product security and functional safety, embeX combines know-how from both areas to safeguard safety through security. The normative security extensions of the known safety-oriented standards are implemented.

 

 

On the one hand, synergies arise in the development of safe and securen products, as both areas place high demands on the diligence of development and predictable behaviour. On the other hand, it is necessary to weigh up the balance between a large number of opposing objectives of the safety concepts on a project-specific basis, which is shown in a table.

ISO 14971 and AAMI TIR 57 describe that the risk analyses of safety and security are fundamentally coupled. The challenge in development is therefore to select the risk-minimising measures of both areas in such a way that they do not interfere with each other.

Secure software must be developed through secure coding and this property must be proven in pen tests.

After development, the support of the products over the product life cycle is supported by the Product Security Incidence Response Teams (PSIRT) in accordance with IEC 81001-5-1. The EU is currently planning the harmonisation of IEC 81001-5-1 with a target date of 24 May 2024, as reported by the Johner Institute.

As trainers, we offer training courses on selected topics in medical technology via the “TÜV Süd Academie”, e.g. “IT Security of Medical Devices”.

Developed Products

For our customers, we have developed both diagnostic and therapeutic medical products for the most diverse areas of medical technology. You will find our expertise in anything involving electronic technology: In the OR, on intensive care units, in hospitals, and in the homecare sector. In infusion and medication pumps, gateways, medical robots, operating tables, surgical lamps, endoscopy systems. In small, mobile devices or large equipment.

Consulting

  • Set-up and maintenance of development processes
  • Risk management in accordance with EN ISO 14971
  • Preparation and professional examination of technical concepts, in particular for functional safety and cybersecurity including the combination safety&security
  • Assessment and revision of documents relevant for approval
  • Establishment of processes for the Product Security Incident Response Team (PSIRT)

Standards and Directives

We are certified to EN ISO 13485 and work to the following standards and directives among others

  • Medical Device Regulation (MDR, EU) 2017/745
  • FDA 21 CFR Parts 11 and 820
  • IEC 60601-1: “Medical electrical equipment – Part 1: General requirements for basic safety and essential performance”
  • IEC 60601-2: “Particular requirements for the basic safety of medical equipment”
  • IEC 61010: “Safety requirements for electrical equipment for measurement, control, and laboratory use”
  • IEC 62366: “Medical devices - Application of usability engineering to medical devices”
  • IEC 62304: “Medical device software - Software life-cycle processes”
  • ISO 14971: “Medical devices - Application of risk management to medical devices”
  • FDA Guidances:
    • Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions” (Draft 2022)
    • “Postmarket Management of Cybersecurity in Medical Devices”
  • IEC 62443: “Industrial communication networks - Network and system security”
  • AAMI TIR 57: “Principles for medical device security”
  • IEC 81001-5-1: “Health software and health IT systems safety, effectiveness and security”
  • IEC TR 60601-4-5: “Medical electrical equipment ... Safety-related technical security specifications”

Further Reading

Who to contact

Dr. Kai Borgwarth

Head of Business Unit Medical Engineering
Director Marketing and Sales

Fon:    +49 761 479799-677
Mobile: +49 151 4223 2542
k.borgwarth(at)embeX.de

Download vCard

Contact

Tel.: +49 761 479799-677
k.borgwarth(at)embeX.de