Home / Blogs

Ensuring Patient Safety: A Concise Guide to Post-Market Surveillance for IoMT

A significant segment of the IoT ecosystem, the Internet of Medical Things (IoMT), is projected to grow at a compounded annual growth rate of 23.7 percent (forecast period: 2022-2032). This fast growth is indicative of how rapidly IoTM is integrating into modern society, which has understandably attracted the attention of regulators.

The widespread use of IoTM devices means that their malfunction or dysfunction can affect the health and lives of many. It makes sense to subject them to rigorous regulation to make sure that they perform their functions effectively and safely. Device manufacturers, distributors, or resellers cannot simply sell their products and forget. They have the responsibility to monitor the performance, identify potential risks, and ensure the continued safety and effectiveness of the IoMT devices they offer.

Rationalizing post-market surveillance

Many businesses understand the importance of post-market surveillance for IoMT. Unfortunately, not many voluntarily do it. It can be a tedious and costly process, after all. The systematic collection, analysis, and evaluation of data involving medical devices that have already been sold to users or deployed in various healthcare settings entail additional human resources and technical costs. Businesses always seek to maximize profits and minimize expenses.

However, here are three of the most compelling reasons why businesses should consider post-market surveillance as a vital component of their ongoing product lifecycle management.

  • User or patient safety – Businesses that seek to build their reputation in the field of medical devices should regard patient/user safety as the foremost reason for post-market surveillance. There are useful insights to gain in monitoring sold or deployed products, and these insights help address issues and improve the products.
  • Legal requirements – Another crucial reason to undertake post-market surveillance is that it is compulsory in major markets. Some laws or regulations require it, particularly US FDA 21 CFR Part 822, the MedWatch product safety reporting program, and EU 2017/745 or the European Union’s Medical Device Regulation (MDR).
  • Product improvement and business growth – IoMT product manufacturers and sellers gain insights into improving their products and innovating through post-market surveillance. It serves as a tool to grow business further, as organizations establish their product’s quality, competitiveness, and reputation of ensuring user safety and complying with relevant laws or regulations.

Key goals

Post-market surveillance for IoMT products hinges on four key objectives: early detection of device issues, long-term device performance evaluation, device-user interaction monitoring,  and the identification of emerging risks. Not every business that conducts PMS uses the same processes, but their actions are generally guided by these fundamental goals.

  • Early detection of device issues – Post-market surveillance allows organizations to promptly identify and analyze the emergence of problems, issues, and other adverse events in their IoMT devices. These include software glitches, product malfunctions, inaccuracies, and other unwanted or unexpected events. Proactively monitoring real-world device performance allows device manufacturers as well as healthcare stakeholders to detect potential safety and security problems and resolve them before they aggravate into bigger problems.
  • Long-term device performance evaluation – IoMT devices are designed for long-term use. As such, it is essential to make sure that they operate reliably as intended over the expected useful life. Those responsible for post-market surveillance need to monitor the failure rates, durability, performance consistency, and other metrics to gain insights into possible changes or additions to improve the product and prevent issues from emerging.
  • Device-user interaction monitoring – Post-market surveillance is not only about finding and addressing the malfunction and other problems associated with the devices. It also examines device-user interactions to improve user experiences, trace the sources of problems, implement changes to prevent user-caused product issues, and add more features and functions in response to user feedback.
  • Identification of emerging risks – Aside from early problem detection and resolution, post-market surveillance also helps in anticipating potential issues. The adverse event reports, user feedback, as well as competitor analysis help identify emerging risks and implement the necessary safety and security improvements to address them.

Best practices

Good post-market surveillance starts with robust data collection and analysis. To get the most value out of it, organizations should develop a systematic way of gathering data and preparing them for advanced analytics. All the important details should be obtained, including the adverse events, usage frequency, user behavior, and user feedback. When it comes to data analysis, it helps to employ advanced data analysis techniques such as statistical analysis, data mining, and AI-powered data correlation.

In addition to robust data gathering and analysis, it is also important to have active collaboration. Post-market surveillance cannot be solely entrusted to a single team or a few personnel. There should also be active communication and collaboration with healthcare providers, regulators, and stakeholders to ensure data accuracy, more informed insights, and prompt response to safety concerns.

Moreover, it helps if organizations were to enforce proactive risk management. There are useful risk management frameworks like the International Organization for Standardization (ISO) 14971, which can guide the process of examining and mitigating risks. These frameworks are particularly useful to those who have limited know-how or experience with effective post-market surveillance.

It is also essential to emphasize the monitoring of the real-world performance of IoMT devices. This is done through post-market clinical follow-up studies, which entail the monitoring of device performance, efficacy, and safety as they are used in uncontrolled real-world situations. This helps verify clinical outcomes, detect problems, as well as collect information that may serve as proof that the existing system employed by the manufacturer is adequate to ensure product efficacy and safety.

Lastly, post-market surveillance should enforce policies for timely reporting and regulatory compliance. This involves a lot of paperwork or documentation, which everyone should accept as inevitable and vital to get the full benefits of doing post-market surveillance.


Post-market surveillance is not as easy as it sounds. It can be quite challenging given the enormity of the data collection and management involved and the need for in-field visibility brought about by the use of gated and isolated devices. Many encounter confusion as to what data to collect and how to proceed with the assessment. Some have a hard time gaining real-time visibility over devices that are not always online and those characterized as isolated or gated.

These challenges are far from insurmountable, though. Some organizations build DIY systems to ensure comprehensive data collection and management and gain real-time visibility over devices. These can be quite costly, though. Nevertheless, there are products designed for IoMT post-market surveillance to efficiently collect relevant data, ensure visibility, and provide deterministic security to address known and unknown threats.

User safety through surveillance

It is important to get post-market surveillance right to make sure that it leads to user safety, consistent product quality, and improvements. This is the kind of surveillance regulators encourage and consumers approve. It can lead to more costs for device manufacturers and sellers, but it is necessary to ascertain product quality and user safety. Also, proper post-market surveillance helps organizations avoid entanglements with regulators and help expand business prospects while gaining consumer trust.

By Evan Morris, Network Security Manager

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byVerisign


Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC