engineering the
embedded world

Medical Engineering

Let us develop your medical product! From the moment your idea is born all the way to production!

As provider of development services, we develop complete medical devices, electronic components, firmware, and mechanical construction. The development takes place in the customer process or in our own ISO 13485 certified process. The field of medical products starts with portable devices and ends with complex systems such as medical robots and implants. These also meet the highest requirements such as risk class III (MDR), software safety class C (IEC 62304), and cybersecurity SL 3 (IEC 62443). Mastering the complexity of demanding development projects and ensuring safety through cybersecurity are probably the most important competencies of the business unit.

In addition, we advise our customers on risk management, standard-compliant documentation and usability. We excel in the timely provision of premium hardware and software as well as documentation suitable for successful approval in Europe and the USA. On request we transfer our know-how and the norm-compliant processes to our customers.

Engineering Services

  • We develop complete medical devices for you in the fields of hardware, software and housing construction, including the documentation required for approval.
  • From use cases, our system engineering competently creates the functional product requirements.
  • We design the HMI for maximum usability.
  • The hardware meets the high requirements of EN 60601-1.
    • The reliability of portable devices is based on our experience in battery management and radio interfaces.
  • The software meets the software safety classes up to C.
    • The platforms range from compact embedded boards through Linux-based boards and PCs to medical apps.
    • Electronic records of device-specific process sequences, such as the logging of sensor data or user-dependent GUI inputs, can be implemented in accordance with 21 CFR 11.
  • The mechanical design realises protection classes up to IP69K.
  • We implement functional safety (single fault safety) consistently and transparently.
  • We manage IT risks competently and certified according to ISO 31000. Thus, the implemented solutions for cybersecurity and the combination of safety&security are process-compliant. Furthermore, we support the PSIRT teams.
  • For Vector Informatik GmbH we develop the SDC stack according to IEEE 11073 and integrate it into medical devices with detailed system knowledge.
  • We have many years of experience in connecting devices to the HIS (Hospital Information System, HL 7, GDT).
  • For the Internet of Medical Things (IoMT) we develop complete devices ready for approval and implement interfaces.
  • The verification & validation is carried out efficiently and automatised in a specialised department.
  • The approvals include CE for medical products, FDA and UL.
  • Lab and production equipment can be developed according to GAMP® 5.

Communication

embeX masters the implementation of the following communication standards and integration of stacks:

  • Standards such as Bluetooth, BLE, MQTT, USB, Ethernet, WiFi and CAN
  • IEEE 11073: “Service-oriented Device Connectivity” (SDC)
  • HL7 - GDT

As trainers, we offer training courses on selected topics in medical technology via the “TÜV Süd Akademie”, e.g. “Interoperability of Medical Products”.

WiFi, WLAN
USB

Cybersecurity for Medical Products

As a leading development service provider in product security and functional safety, embeX combines know-how from both areas to safeguard safety through security. The normative security extensions of the known safety-oriented standards are implemented.

 

 

On the one hand, synergies arise in the development of safe and securen products, as both areas place high demands on the diligence of development and predictable behaviour. On the other hand, it is necessary to weigh up the balance between a large number of opposing objectives of the safety and security concepts on a project-specific basis, which is shown in a table.

ISO 14971,  MDCG 2019-16 and AAMI TIR 57 describe that the risk analyses of safety and security are fundamentally coupled. The challenge in development is therefore to select the risk-minimising measures of both areas in such a way that they do not interfere with each other.

Secure software must be developed through secure coding and this property must be proven in pen tests.

After development, the support of the products over the product life cycle is supported by the Product Security Incidence Response Teams (PSIRT) in accordance with IEC 81001-5-1. The EU is currently planning the harmonisation of IEC 81001-5-1 with a target date of 24 May 2024, as reported by the Johner Institute.

As trainers, we offer training courses on selected topics in medical technology via the “TÜV Süd Akademie”, e.g. “IT Security of Medical Devices”.

 

Series production and life cycle

  • Once development is complete, we responsibly outsource your production - or that of an EMS - and accompany your product through its entire life cycle with the support of the Product Security Incident Response Team (PSIRT).
  • We take the pressure off your team by providing competent support for your successful brand-name products.
  • In the event of component discontinuations, we will help you updating your products.
  • With partners, we offer a worldwide exchange and repair service for your medical devices.

 

Consulting

  • Set-up and maintenance of development processes
  • Risk management in accordance with EN ISO 14971
  • Preparation and professional examination of technical concepts, in particular for functional safety and cybersecurity including the combination safety&security
  • Assessment and revision of documents relevant for approval
  • Establishment of processes for the Product Security Incident Response Team (PSIRT)

Developed Products

For our customers, we have developed both diagnostic and therapeutic medical products for the most diverse areas of medical technology. You will find our expertise in anything involving electronic technology: In the OR, on intensive care units, in hospitals, and in the homecare sector. In infusion and medication pumps, gateways, medical robots, operating tables, surgical lamps, endoscopy systems. In small, mobile devices or large equipment.

Standards and Directives

We are certified to EN ISO 13485 and work to the following standards and directives among others

  • Medical Device Regulation (MDR) EU 2017/745
  • FDA 21 CFR Parts 11 and 820
  • IEC 60601-1: “Medical electrical equipment – Part 1: General requirements for basic safety and essential performance”
  • IEC 60601-2: “Particular requirements for the basic safety of medical equipment”
  • IEC 61010: “Safety requirements for electrical equipment for measurement, control, and laboratory use”
  • IEC 62366-1: “Medical devices - Application of usability engineering to medical devices”
  • IEC 62304: “Medical device software - Software life-cycle processes”
  • ISO 14971: “Medical devices - Application of risk management to medical devices”
  • MDCG 2019-16: “Guidance on Cybersecurity for medical devices”
  • IEC 62443: “Industrial communication networks - Network and system security”
  • IEC 81001-5-1: “Health software and health IT systems safety, effectiveness and security”
  • IEC TR 60601-4-5: “Medical electrical equipment ... Safety-related technical security specifications”
  • FDA Guidances:
    • “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions” (Draft 2022)
    • “Postmarket Management of Cybersecurity in Medical Devices”
  • AAMI TIR 57: “Principles for medical device security”
  • IEEE 11073: “Service-oriented Device Connectivity (SDC)”

Further Reading

Who to contact

Dr. Kai Borgwarth

Head of Business Unit Medical Engineering
Marketing and Sales

Fon:    +49 761 479799-677
Mobile: +49 151 4223 2542
k.borgwarth(at)embeX.de

Download vCard

Contact

Tel.: +49 761 479799-677
k.borgwarth(at)embeX.de