Medical implants

Policy Briefing

Published 19/06/2019

Medical implants cover
X ray pacemaker 596x330

Ethical challenges for policy and governance

Responsibilities of healthcare professionals

The responsibilities of healthcare professionals involved in implanting devices are set out in General Medical Council guidance, and in other guidance specific to their specialism. For example, Royal College of Surgeons guidance states that surgeons should ensure any new implant they use complies with European standards and is certified by the competent body. It also states that patients must be provided with adequate time before any surgery to discuss possible implications, risks and benefits, and to make a fully informed decision.

Relationships of trust and professional responsibility are embedded in clinical practice. However, in some cases other interests can be involved in the uptake of implants. Studies in the US and Australia have highlighted conflicts of interests arising from relationships between surgeons and medical implant providers that incentivise the use of new implants.* These kinds of relationships are alleged to have played a role in the adoption of vaginal mesh in the UK.**

Doctors have a responsibility to report implantation of devices to any existing registers, and to report adverse incidents that put, or could put, the safety of a patient at risk. However, it is not clear that this always happens. The Yellow Card scheme, which aims to capture adverse events involving medicines and devices, has seen a recent decline in reporting of adverse drug reactions.

Challenges for consent and decision making

Uncertainty about or a lack of evidence on the long-term effects of implants can make it difficult for patients and doctors to make decisions about their use. Implants that incorporate software might change or be upgraded after implantation, adding to the difficulty of predicting outcomes for patients in the long term. Uncertainty does not necessarily mean informed consent cannot be given by patients. However, in some cases patients have felt they were not adequately alerted to known risks associated with implants.

Where implants are novel or particularly invasive, such as brain stimulation devices or cardiac defibrillators, it has been recommended that counselling for the implications of living with the implant should be part of the initial consent procedure. This could include discussion with patients and their families about decisions that may need to be made about deactivating implants, such as cardioverter defibrillators, at the end of life.

Liability if something goes wrong

If medical implants fail or cause harm, manufacturers can be held responsible under consumer safety legislation. Recently, over 300 UK patients whose hip implants had failed brought legal action against the manufacturer under the Consumer Protection Act 1987. DePuy, the manufacturer, separately agreed to pay the NHS to cover the cost of monitoring and operating on patients. There have been calls for the Government to create a no-fault compensation scheme for those injured by defective medical devices, funded by manufacturers.

Sometimes medical implants are modified by patients themselves. For example, the project #OpenAPS is developing ways of connecting a continuous glucose sensor and insulin pump to form a closed loop system that automatically maintains safe glucose levels in people with diabetes. Instructions for how to modify devices are shared online so that it can be replicated by others. This kind of practice raises questions about liability and responsibility if something goes wrong. For example, while a user might be held responsible for modifying an implant counter to the manufacturer’s instructions, the possibility of hacking the implant might be attributed to a security vulnerability for which the manufacturer might be liable.

Patient access to medical implants

Access to implants can vary across the UK. For example, there is significant variation between NHS trusts in access to cataract lens replacement. The types of implants used in different trusts can also vary. A 2015 review found significant variation between NHS trusts in choice of orthopaedic implants, with some trusts using more expensive implants despite no evidence of them being superior to cheaper alternatives. This was thought to be related to factors including local preferences and the influence of marketing by implant companies.

The pace of development of implant technology has not necessarily reflected patient need. For example, pacemakers have undergone dramatic changes in design and reliability since they were first implanted in the early 1930s. By comparison, shunts used to treat fluid on the brain have changed very little in 50 years, even though four-out-of-ten shunts will malfunction in the first year after surgery. Innovation might be driven by market size or value, meaning that the development of implants for small patient groups can fall behind. The Nuffield Council has suggested that state intervention in the market could be justified to secure the social benefits of innovation through direct reward for socially valued innovations.

Challenges for innovation

Medical technology businesses, the majority of which are small- and medium-size enterprises (SMEs), face challenges in bringing implant innovation to market in the UK. In particular, there can be a lack of funding to support the translation of early stage research into commercially viable products.***

Measures have been introduced by the Government and research funders in the UK to support the development of health technologies.+ The Accelerated Access Collaborative (AAC) – a partnership of UK patient groups, the Government, industry, and the NHS – has been set up with the aim of identifying and supporting promising new technologies, including implants and innovations that aim to address significant unmet need, and speed up access for patients in the NHS. HealthTech Connect, a new online system run by NICE, allows manufacturers to register new health products while they are in development to access earlier support and evaluation, potentially speeding up adoption in the NHS.

Responsible use of patient data

Implants that collect and transmit data (see Box 1) raise questions about who should have access to, control or own data, and about infringements of privacy for patients. In some cases, data from implants are collected by the manufacturer and shared with healthcare professionals. Patients do not necessarily have access to the data – even though they relate to their own health status – and often do not have the ability to control the functionality of their implant.

Data collected by implants could be of interest to actors outside the healthcare system. In a recent US criminal court case, data collected by a defendant’s pacemaker were obtained by prosecutors using a search warrant and used as evidence to convict him for fraud. Allowing data to be used in court may affect whether patients are willing to use implants given that, once implanted, the individual often will not have the option of deactivating or removing it.

Security issues raised by medical implants

Connected devices could be exposed to security breaches such as the unauthorised accessing or hacking of an implant. No cyber-attacks on implants are known to have been carried out, but researchers have demonstrated that attacks would be possible in cardiac defibrillators, pacemakers, and insulin pumps. In 2017, a vulnerability was discovered in a brand of pacemakers used in nearly half a million US patients that could allow an unauthorised user to reprogram pacemakers and cause battery loss or inappropriate pacing. Human error, lax security procedures, and poor usability of programmes associated with software can increase the risk of security breaches.

Current medical device regulations do not include requirements to demonstrate cyber security of implants before they can be approved. Post-marketing surveillance and adverse event reporting has so far not focused on potential security breaches.

The UK Department of Health and Social Care has published a code of conduct for data-driven health and care technology that highlights the need to make security integral to the design of new technologies. It states that the new EU Regulation on medical devices will give the MHRA increased oversight, and improve the cyber security of connected medical devices. The Government has also committed funding towards digital security and cyber security, for example through the Industrial Strategy Challenge fund.


*See also: Cohen D (2011) Out of joint: the story of the ASR BMJ 342: d2905; Tanne JH (2007) US makers of joint replacements are fined for paying surgeons to use their devices BMJ 335: 1065.

**This has been the main theme in UK vaginal mesh litigation cases: NHS Resolution (2018) Submission to The Independent Medicines and Medical Devices Safety Review.

***A detailed account of challenges facing small businesses developing medical devices is available in: Nuffield Council on Bioethics (2013) Novel neurotechnologies: intervening in the brain.

+ See, for example, (2018) Biomedical catalyst: what it is and how to apply for funding; (14 July 2017) £86 million funding announced for new medicine and technology; NIHR (no date) Supporting innovation and development of new medical technologies and diagnostics.