The Cardio-Pad™ Medical Device: From a Risk and Compliance Perspective

Carlson Ngwobela^*
*Correspondence: Carlson Ngwobela, European Campus Rottal-Inn, Deggendorf Institute of Technology, Germany, Email:

Keywords

Cardio-pad design • Health care • Cameroon • Data protection

Abbreviations

ANTIC: National Agency for Communication and Information Technologies • CIA: Confidentiality Integrity and Availability • DDR RAM: Double Data Rate Random Access Memory • ECG: Electrocardiogram • FDA: Food and Drug Administration • GDPR: General Data Protection Regulation • GHTF: Global Harmonization Task Force • GPS: Global Positioning System • GSM/GPRS: Global System for Mobile/ General Packet Radio Services • HER: Electronic Health Records • HIT: Health Information Technologies • ISMG: Information Security Media Group • ISO: International Organization for standardization • JPEG: Joint Photographic Expert Group • MDD: Medical Device Directive • MDR: Medical Device Regulation • NDC: National Data Center • PKI: Public Key Infrastructure • SIM: Subscriber Identity Module • USB: Universal Serial Bus

Introduction

Venturing into the field of healthcare and improving the quality of healthcare delivery using technology, always brightens the faces of masses. These same brightened faces immediately become dark, demand clarifications and even sanctions, when a healthcare delivery procedure produces negative or unexpected outcomes. Control mechanisms often do not really control the effects of uncertainties in the healthcare sector. Consequently, regulations in the healthcare sector have over the years adopted heavy legal sanctions to be imposed on healthcare delivery products which do not comply to standards, and compliance because they become susceptible to negative outcomes during healthcare delivery.

The World Health Organization (WHO) and other national health authorities have acknowledged that the use of technology in health care is becoming a necessary strategy to overcome the shortage of health professionals and improve the quality of healthcare delivery in low-to-middle income countries. The Cardio-Pad™, developed by Arthur Zang of Cameroon is used to perform some sought of tele-cardiology. In principle, it can be used to carry out ECG’s in remote areas, use Wi-Fi to transmit the test results to specialists. These physicians will then provide assistance or provide aid for case management [1].

There is no law on data protection in Cameroon. However, the preamble of the Constitution of the Republic of Cameroon, Law N°. 96-06 of 18 January 1996 makes provision for privacy of communications [2]. With security of health data being a major threat to the continuous evolvement of technology in healthcare, and the unfavorable conditions of doing business in Cameroon, government support and statute guaranteeing privacy of communication is lacking. There are increasingly high levels of corruption added to the deteriorating state of development because there is no government structure (or the structure is highly corrupt and dysfunctional) to enforce laws on privacy [3]. Taking into consideration therefore the laxity of the compliance regulation systems in Cameroon and the absence of institutions that should regularly check and monitor the development, deployment, functionality, and disposal of newly designed products against international standards, the aim of this paper is to comparatively analyse the risks and compliances associated with the production and functioning of the Cardio-Pad™ as it is, to international standards.

In brief, the Cardio-Pad™ is a touchscreen electronic hand tablet with the following internal main components: A dual core processor, an internal memory, a Global System for Mobile/General Packet Radio Services (GSM/ GPRS) for data transmission, a SIM card connector, GPS, Bluetooth and Wi-Fi modules, a lithium battery and two USB ports. A complete package also has external components which are ECG electrodes and cables, and a Bluetooth sensor box. The Bluetooth sensor box can detect heart signals due to the connected electrodes to the patient. It then digitalises these signals and transfers them to the Cardio-Pad™ via Bluetooth. The Cardio-Pad™ can perform multiple functions of including displaying the 12-lead ECG graph output using the Cardio-Pad™ graph software. It can also transfer of patients’ data through any accredited phone network to a National Data Centre. A cardiologist can have access to this data, interpret the data and provide aid in the diagnosis and management of patients. A Cardio-Pad™ scope program permits this device to function like a scope, meaning it can perform real-time monitoring and recording of the heart’s electrical activity. This is detailed within the Cardio-Pad™ user guide V.1, that the device is capable of performing realtime monitoring of vital cardiac parameters. No accessories are however found in the Cardio-Pad™ kit for these purposes [4].

Since its first design in 2014, several improvements have been made. First, it uses to have just an in-bulit battery, with little or no description of its power ratings. Progress has not been made in improving the battery power, but a complete package now contains a solar panel. This makes this medical device rechargeable now using solar energy. Consequently, making it more suitable for use in underserved areas where electricity supply is limited. Second, A4 paper printouts can now be done due to the fact that Cardio-Pad™ is compatible with all printers. Therefore, ECG displays can be printed and stored in patients’ folders since Cameroon’s healthcare system is still operating mostly on paper-based records. This particular function really fits into the description of rural areas in Sub-Saharan Africa where electronic health records are little known. Furthermore, smart phones can now be used with a Cardio-Pad™ concordingly. The developer says the information recorded by a Cardio-Pad™ can be transmitted to both another Cardio-Pad™ and to any smartphone to generate ECG images in multiple file formats. This is possible through a software which can be freely downloaded from the Cardio-Pad™ website [5].

Cameroon where the Cardio-Pad™ is produced and seeks to analyze the possible risks that Cardio-Pad™ is facing despite its contribution to the improvement in healthcare interventions in cardiovascular diseases in Cameroon and sub-Saharan Africa. Standard risk management principles and to some extent, laxity by the regulation and compliance system in Cameroon, are used in this paper to shed more light on some of the challenges Cardio- PadTM could encounter in its quest in becoming an international medical product.

Research Methodology

A qualitative comparative search method was used to gather data and information in this paper. Qualitative comparison of information about Cameroon to the Western world was carried out with search terms like “Medical devices”, “Health care risks”, “Data protection”, “Health care delivery Standards”, “Risk management in Healthcare”, “Compliance standards in Healthcare” and other risks and healthcare related terms. Due to the absence of sufficient information about these terms in the case of Cameroon, deductive and inductive statements were used at different stages throughout this paper. Results obtained from the searches provided the base on which suggested risk examples were developed and analyzed using risk management principles, and on which suggested solutions provided to help mitigate these risks.

Existing laws, regulations and data protection acts in Cameroon were reviewed. The processes and requirements of setting up a medical technology unit in Cameroon were analyzed and compared to that of other countries in Europe, the USA and in Asia. The role of each participant or stakeholder, involved in the collaborative provision of high-quality healthcare delivery to citizens in Cameroon, was compared to the role of participants or stakeholders in the other countries.

A review of the individual components used to design, construct, and assemble the Cardio-Pad™ done. A similar review was conducted on the functioning of the Cardio-Pad™, considering the context and geographical area. A schema of the modus operandi was analyzed step by step, loopholes regarding the quality of data protection mechanisms between participating entities uncovered and possible reasons and recommendations documented.

Healthcare technologies, compliance Acts, frame works for review of medical devices such as the Global Harmonization Task Force (GHTF) and International Organization for standardization (ISO) were consulted. The data compliance policies regulating the healthcare sector were reviewed and compared to the level of application in Cameroon. The consequences of not adhering to data protection acts, not implementing effective regulatory activities and not properly applying risk management principles were shown through simple risk examples that Cardio-Pad™ could drown into.

Four examples of these possible risks were deduced, one from compliance risk, one from hazard risk, one from control risk and one from opportunity risk. The impact of each of the examples on the strategic and operational objectives of Cardio-Pad™ was analyzed using the paced risk management principle.

Results

Setting up a healthcare industry in Cameroon requires consent from the Ministry of Public Health, Ministry of commerce and Ministry of Finance. These ministries all have requirements in the form of laws which must be met. Medical products have extended requirements specific to the health sector, and as such involve other ministries such as the Ministry of Post and Telecommunications. When a review of all necessary documents is completed, these ministries may send a team of experts to visit and conduct clearances of the product. Teams of experts from different domains related to product in question are expected to visit the site of production of this product from time to time, to access and perform regulations. Certification validating the commencement of the product is issued and the product can start operating. The Ministry of Public Health and the National Council of Medical Doctors act as regulators in the healthcare sector.

The president of Cameroon created by decree, The National Agency for Communication, and Information Technologies (ANTIC), under the Ministry of Post and Telecommunications. ANTIC establishes policies requesting that the manufacturing of medical devices must comply with international standards and with data protection acts in particular such as the General Data Protection Regulation (GDPR).

The EU’s Medical Device Directive has been in place ever since and functions in regulating implantable and medical devices. It will be replaced by the new Medical Device Regulation. In the USA, the Center for Devices and Radiological Health of the US Food and Drug Administration (FDA) is in charge of ensuring that standard compliance is met when developing medical devices [6]. These institutions carry out testing to assess the extent to which medical devices meet compliance standards. Certifications are always issued to validate products and companies which have met the standards.

Despite numerous decrees and bills passed by the president of Cameroon, there is lack of effective regulation and conformity to standards of products manufactured or shipped to Cameroon. There is shortage of qualified and trained personnel, no investment of sufficient human and financial effort in approaching, apprehending, and imposing sanctions of defaulters of basic data protection rights.

The individual small components such as transistors, Double Data Rate Random Access Memory, Dual core processor, internal memory storage and other internal components used to assemble the Cardio-Pad™ are manufactured by companies which adhere to legal compliance. The Bluetooth sensor box, electrodes, software used with Cardio-Pad™ have not been certified by any national or international body to be of demanded standards.

The Cardio-Pad™ kit contains no devices that can be used to perform real time monitoring of the electrical activities of the heart nor monitor vital signs such as blood pressure and respiratory rate. It is however stated in its usual manual that it performs these healthcare intervention activities. Data is collected, stored, and transmitted by the Cardio-Pad™ as it functions. There is mention of a National Data Center where patient’s data is transferred to, to be accessed by a specialist physician. A web search with the terms “National Data Center Cameroon”, or “Health Data Storage Cameroon” gives no clue to the existing of such a structure in Cameroon. A National Data Center is therefore not found anywhere in Cameroon. However, individual hospitals and some specialist hospitals do have small data storage facilities, which cannot be termed National.

The commercialization and sale of the Cardio-Pad™ has been limited to rural areas in Sub-Saharan Africa, India, and Nepal. The non-certification of Cardio-Pad™ by international bodies is acompliance risk.

Sensors from the electrodes placed on patients’ thoracic area use radio waves to transmit data between the bluetooth sensor box and the Cardio- PadTM. Research has it that “Scientific study provides evidence that some individuals may experience arrhythmia, heart palpitations, heart flutter, or rapid heartbeat and/or vasovagal symptoms such as dizziness, nausea, profuse sweating and syncope when exposed to electromagnetic devices” This is a hazard risk which could possibly result from the use of Cardio-Pad™ [7].

Rural areas in Cameroon are not only short of qualified personnel, but also lack basic amenities such as sufficient electricity supply, clean water, and stable telecommunication network signals. Transmission of healthcare data cannot be solely dependent on cell phones in such areas where the frequency of network signal failure is high, the possibility of no electricity to charge appliances is high and at varying seasons of the year, the possibility of rainfall for two or more consecutive days is possible. These points are all indicators of control risks. The exact time when any of these events might occur is not known.

Developed countries manufacture medical products of certified standards which suit their geographical context. Re-strategizing strategic objectives to mainly focus and improve the healthcare delivery situation in Sub-Saharan African is an opportunity to be aimed at by the Cardio-Pad™ manufacturing company. Several other diseases are plaguing these regions in Sub-Saharan Africa. It is possible to concentrate efforts to adapt and improve healthcare intervention Cardio-Pad™ made regarding these diseases. Investing in a networking area to facilitate the functioning and transfer of healthcare data by the Cardio-Pad™ team is an opportunity risk.

Discussion

Most countries around the world today are heavily in the use of technology in healthcare systems. These countries intend to improve the quality of healthcare delivery to its citizens through the use of ICTs [8]. In Cameroon, the ANTIC Decree NO2019/150 of 22 March 2019, section 2 paragraph 1, article 4(c) emphasizes that standard techniques in the production and interoperability of IT equipment must be respected. Extrapolating from this decree, manufacturing, use, storage, and transmission of medical devices must respect the General Data Protection Regulation of the European Statute.

As per the Law, the Ministry of Public Health has a duty to monitor the evolution of issues related to security and certification activities in the country but has failed woefully in the discharge of its duties. There is no follow-up of the activities of companies to ensure that the law is implemented or complied with, leaving companies at the mercy of their own acts. The lack of monitoring activities or follow-up, the aim, which is to ensure compliance, accounts for the rise of violation of the law, in particular, the rights of individuals. The country’s poor centralized nature of government is behind its current state of affairs in the country. To maintain public confidence in the Law and hence the protection of individual rights to privacy, it is necessary for the government to do more [9].

Healthcare stake holders who adopt Health Information Technologies (HIT) need to put in place a concrete security systemto deal with IT security and privacy. Such systems consist of a group of security rubrics which function with respect to security policies which have been defined. Policies in security systems refer to protocols that permits or refuses possible actions, events, or something related to security [10].

An IT security policy therefore ensures that the components of an Information system, which are the main IT assets of an organization, respond continuously to required levels of integrity, availability, and confidentiality [11].

The term confidentiality actually means “restricting information to persons belonging to a set of specifically authorized recipients.” Confidentiality therefore exclusively obliges just authorized persons to have access to data, disregarding the data’s current state of being (stored, transmitted, treated). Encryption of data or any other means used to control access to a system can be used to achieve confidentiality. Apart from these technological means, professional silence can be used or relied on as a moral disposition to achieve confidentiality. With regard to encryption, a survey of Information Security Media Group(ISMG)in 2014 provided evidence that showed that encryption hardly applied to data stored or transmitted through various mobile means, despite the fact that encryption is generally applied for health data transmitted across exposed networks. Confidentiality requirements respond to privacy concerns that are of significant importance in health care systems. Healthcare data demands total privacy.

The integrity criterion seeks to ensure that the information will always be unchanged whenever it is modified without authorisation. That data accidental lost by authorised users can still be recovered.

Availability criterion tries making a system always available for an autorised user to utilise it. Systems are made up of hardware, software, data and people. In the absence of malfunctioning of any of these components, then system failure unfortunately results. The available criterion therefore ensures that systems can be accessed by authorised people. This criterionen compasses aspects that stem from the ability to adapt to the needs of the system as performance changes, resisting hardware and software failures as well as providing data backup recovery when data is lost.

The Cardio-Pad™ has no known data protection technique in use. However, it is assumed that healthcare providers and personnel respect the fundamental principles of the National council of Medical Doctors in Cameroon especially with respect to CIA.

The Cardio-Pad™ has to make it possible that only authorized persons have access to the data collected. This is to ensure the confidentiality constraint. This constraint is particularly difficult because the Cardio-Pad™ is designed such that non-health personnel in rural areas can be able to carry out healthcare intervention. It will therefore be important to encrypt the data generated during the intervention process, as well as during transmission to the National Data Center. The Public Key Infrastructure (PKI) unit located in the capital of Cameroon provides access to keys which can be used in this process. Education of non-health personnel who carry out these interventions on the consequences of not abiding to confidentiality of data should be carried out, and an undertaking should be signed by these personnel.

To maintain the integrity of data, the use of strong password mechanisms should be established whenever access to data is to be permitted. Logged data should be stored to keep track of changes made to data and know who made a modification to data. An intranet should be used for transfer of healthcare data, rather than the internet through the public telephone communication network. The use of an intranet in combination with a good firewall should be a top priority to enact data protection with the functioning of Cardio-Pad™.

Another good technique to maintaining the integrity of data will be to establish a reference output for all possible ranges of data input values. This means that certain input data value readings from the electrodes, should always produce a particular type of analog graph output. With these reference outputs, every time data is read by a specialist, it compares the generated output to reference outputs. Whenever there is gross disparity, then the integrity of the data should be questioned. This integrity technique can be performed using software.

Systems cannot work without data and other resources. Therefore, data must always be available for processing, automation and decisions to be made. To ensure that healthcare data is always available for use, the Cardio-Pad™ team must ensure that data is being backed up. An incremental backup system is recommended here where only data that has been changed is saved. Backing up data with such a system uses minimal resources. The Cardio-Pad™ can be used to print outputs on A4 paper for storage. This is because the healthcare system in Cameroon is not computerized. The storage areas of these printouts must be physically locked and clad with both water and fire proofs.

ISO Guide 73 BS 31100 defines risk management as the ability to control and direct an organisation’s approach to risk through linked activities. Risk management is an ongoing process which never stops. To manage the risks suggested in this paper that could hinder the Cardio-Pad™ product from achieving its objectives, key dependencies must be analyzed, monitored, and improved. This will require that the use of PACED (Proportionality, Aligned, Comprehensive, Embedded, Dynamic) principle which uses the idea that risks can be identified and controlled. Every activity stated in this paper, has either a long, medium-or short-term goal, which is aimed at mitigating the concerned risk.

A risk management department needs to be set up within the Cardio- PadTM. This department will develop a risk framework conforming to healthcare standards to be used within this company. In unison with other departments within the company, this department will identify risks, perform risk assessment, and respond to risks. Risk control and overview will also be a continuous process and the results regularly communicated to every department of the company. Using the PACED principle and risk levels of sophistication, this department will inform the stakeholders of the healthcare standards they are non-compliant with. It should be recalled that the Cardio- PadTM was born out of an initial idea of creating Analog to Digital Converters. The growth of that idea into a medical device production company might have made the stakeholders unaware of compliance obligations in this sector. The risk management department has to devote time and resources in informing the stakeholders of the challenges with respect to compliance in the healthcare sector. The fear of the sanctions of producing a non-certified product, should orientate every activity of this company.

Within Cameroon, not conforming to the laws set aside by the state will lead to financial sanctions. In other countries such as Germany, this product will be taken off the market, and the company sanctioned for fraudulent practice. This will ensure that the activities are proportionate the level of risk being faced.

Reforming of stakeholders’ objectives should be done, such that the general objective of just reaching out to people in rural areas should be reformed to include short term objectives at each step along the path to reaching the overall objective. This will ensure that activities during design, transportation to site of use, usage of device, and feedback are aligned with the objectives. The company should embed into its activities, a culture of communication where every activity carried out is documented and reports are sent to appropriate hierarchy. The Cardio-Pad™ team should carry out activities that respect international norms, and not just the laws put in place by the government of Cameroon. Activities as such will prove the comprehensiveness of the risks at stake. Conforming to the new informed regulations and standards of healthcare and taking actions to comply with them is already being dynamic. The risk management department should work with the stakeholders to get a risk management framework, which is aligned with the goals of the company, and also to the healthcare sector. This framework should be used as a reference in evaluating the activities and risks confronted by the company.

Because of the particular nature of compliance risks, they are often considered a separate category of risk and they are often managed or minimized differently. Many organizations will wish to ensure full compliance with all rules and regulations and run zero risk in this category.

Treating or terminating the hazard risk mention in this paper is (should be) of utmost priority by the Cardio-Pad™design team. The impact of this hazard risk could lead to death of a patient, or further health complications. In Cameroon, this could adversely affect the reputation of the company, but being the only product of its kind and haven increased the likelihood of patients in rural areas having access to treatment, the degree to which the reputation will affected will be negligible. In comparison, if the impact of this risk were to materialize in other regions, this product’s reputation will be damaged, and many patients and healthcare providers will be aiming for different products.

To be proportionate in this case, the activities that lead to the fabrication of the electrodes and Bluetooth sensor box must be compliant to electrode manufacturing standards. Research should be done on what quantity of electromagnetic signals is needed to initiate a side effect on a patient. This value should be compared to that produced by the electrodes and Bluetooth sensor box. Furthermore, the duration for which this amount of signal is produced when this device is turned on, should be documented, and inserted into the usual manual. This is an activity strictly aligned with the functioning of the Cardio-Pad™. An automatic system could also be designed to turn off the device before it reaches the time limit for which sufficient signals are produced which can induce harm. Research about producing alternatives to electrodes or using Wi-Fi to transmit data should be comprehensive of the need to completely avoid any risk caused by similar devices. These alternative systems or devices should be of great quality and comply with the risk framework of the company. Education and training on the use of this device is the main activity to be carried out to mitigate this risk. A follow up team should be created to constantly provide support on the use of this device. Communication is an important embedded activity when describing all the factors that strive to mitigate this hazard risk. This is because as alternative devices will be tested and integrated into the main device, so will the manner of functioning change. Users of this device will therefore need to be informed of the changes.

A control risk is an uncertain risk. The impact of the uncertain risk described in this paper varies according to occurrence of the uncontrollable event and the duration for which it occurs. The impact could be loss of data, in situations where there is abrupt disruption in network coverage. This means no intervention can be carried out until network coverage is re-established, to permit the complete transfer of data to the National Data Center where a physician can review it and prescribe and intervention procedure. Another impact could be the possibility of the device not being able to function due to the lack of electricity. This means nothing can actually be done to gather data needed for the prescription of the required intervention.

In the developed world, the probability of such a risk occurring is very minimal because even with torrential rainfalls, power shortages are not known to occur. Network coverage might be disrupted, but this usually does not last for long. Even in the event of poor network coverage, hospitals are staffed with specialists who could always intervene.

Recent developments in meteorological technology have made it possible to determine when and how much rainfall will be experienced on a certain day. Monitoring the weather conditions of a place to ascertain when it is feasible to implement a healthcare intervention is a strategic activity to be implemented when using the Cardio-Pad™. This monitoring activity can be realized with the use of embedded software within this product. This software can use an alarm system to inform healthcare personnel of the weather conditions to enable them make decisions.

The Cardio-Pad™ kit is already waterproof, which is a great means of mitigating other control risk. It is delivered with a keyboard to compensate if the touchpad gets bad, and also a solar battery to supply electric current in event of power shortage. Transfer of health data to the National Data Center for analysis is only possible when there is network coverage. There is no guarantee that network coverage will always be available in rural areas, and even if available, the strength of the signals is usually a problem. A distributed and safe system could be developed where gathered data is immediately saved to a cloud. This could be effective in that a network will not really be needed to transfer data, but on the other hand, since rural areas have a few or no people at all who are versed with using sophisticated software, a lot of training needs to be done. This system should be used as a backup whenever network coverage is absent, and other control mechanisms to treat the patient initiated, while waiting for the return of favorable network coverage. This will make the entire healthcare intervention flexible and dynamic to changes, all in a bit to provide decisions that pay full regard to risk considerations. These control mechanisms could be drugs to sustain the patient at a stable state.

The control risk example discussed in this paper, opens avenues for opportunity risks. Investing in networking solutions in rural areas, will provide the possibility of allowing this company to produce other products to intervene not just in Cardiovascular diseases, but other diseases plaguing these areas. The impact of this risk in Cameroon cuts across almost every sector -from providing better communication in these areas, to improving the living conditions of people in this area. Education will also be improved, but most importantly, treatment of the diseases will be feasible. Also, recognition of this product by the government and international bodies should not be left out.

Due to competition with other world class products in the same sector, the commercialization of Cardio-Pad™ has been a disappointment in other regions of the world, where healthcare systems are better than that Sub-Saharan Africa. These other regions do not also have rural areas with characteristics typical to that of Sub-Saharan Africa. It is for these reasons that adapting this product to these particular rural areas in Sub-Saharan Africa is worth the risk. Investing in better network and communication structures will in the long run benefit not only stakeholders in the healthcare sector, but every other sector. Good network structure is a basic requirement for telemedical practice.

Cardio-Pad™ is not used in Europe, the Americas or in Australia. The designer, Arthur Zang has received several awards for this milestone achievement. This device is bringing smiles to many people in the rural Sub- Saharan Africa; yet it is little known to the western world. This can be attributed to the fact that Cardio-Pad™ is not certified and does not meet healthcare compliance Acts and legislations in these regions. This is the major challenge that this product will face in case it was to be used in Europe. There is no detail report on how the risks of this product can be managed, and there is also no documentation, be it on the company’s website or in the user manual whether or not it has ever been regulated.

The healthcare system in Europe is far more advanced than in Cameroon. The healthcare system in these regions is mainly provided by the state through public hospitals. Good quality hospitals are located only in big cities, and patients are required to pay before receiving healthcare intervention. This is in contrast to Europe where the healthcare system is such that it is mandatory to be covered by either a public or private insurance company with access to doctors relatively easy and by appointment. Europe uses Electronic Health Records (EHR) and the healthcare system is 75 to 80 percent dependent on technology, in contrast to these regions where it is still paper based. With EHRs and the good networking of healthcare centers, some cardiac monitors in Europe possess high quality software which can process and automate data to certain level. For instance, data generated is compared to some standard reference and depending on the nature of the output information gotten from this processed comparison, a message is sent to the patient requiring a simple intervention, such as drinking more water, be carried out. When a specialist’s healthcare intervention is needed, these devices transfer patient data to the reach of specialist who can initiate an intervention depending on the nature of the received data. These monitors are mostly implanted, or wearables, and consequently do not need the physical presence of another person to generate data-making them easy to use.

This is again in contrast to the Cardio-Pad™ which requires the presence of another person before data can be generated. The size of the device and its numerous components makes its cumbersome to carry around. It lacks software which can help process and make decisions based on generated data. Instead, generated data still has to traverse a complex networking architecture before decisions are made about the kind of intervention to be carried out. To be used in a country out of Sub-Saharan Africa therefore, this device has to be able to carry out better time management by using software to improve its processing abilities. Improving processing and automation abilities is a form of time management. Efficient time management is very critical in healthcare delivery as it might lead to preventive healthcare interventions. Clinically therefore, the Cardio-Pad™ does aid in providing data to be analyzed and information extracted to be used for healthcare intervention, but as compared to other devices in Europe, it does not help in processing this data which could lead to efficient time management.

Conclusion

The Cardio-Pad™ device is the first of its kind in Sub-Saharan Africa and it is improving the access to and quality of healthcare delivery in this region. Before its design, the cost of performing cardiovascular interventions in rural areas was too high for the citizens in these areas. However, this device is being bought by healthcare providers in Cameroon, who then use it in providing healthcare delivery. This has reduced the cost of performing cardiovascular interventions both in the rural and urban areas.

However, from a risk and compliance point of view, this device has got a long way to go to meet up with the internationally prescribed standards which govern medical devices. The risks management strategies associated with the use of this device are being neglected and the government of Cameroon is being far too complacent in its role in enacting proper measures that respect international norms. This is not putting pressure on the Cardio-Pad™ design team to continuously strive to improve their product and adapt it to the growing needs of its citizens in these areas. Regulation of medical devices is to ensure that companies reduce their risks to a very low level and are able to manage these risks. The impact of a risk in the healthcare sector is on the life of humans. Unfortunately, this rationale is being under-looked in favor of the financial stability and reputation of both the government and the company. The absence of laws which punishes breach of data policies in Cameroon also contributes to the attachment of negative attributes to this device. Consequently, this device does not get the backing of the author of this paper, especially to be used out of Cameroon. The susceptibility of this device to risks and data breaches in the Western world is not worth the risk. A device which does not meet the internationally recognized standards of operation should not be used.

With this being said, a little show of commitment and effort by the Cardio- PadTM manufacturing team and the government of Cameroon to meet these standards will transform this device in no time to be recommended in any situation. This show of effort should begin with the government of Cameroon providing sufficient financial and human support in ensuring that laws are respected. The government should strive for internationally recognized standards as a guide to regulate the activities in Cameroon.

References

1. Bahtiyar Şerif and Mehmet Ufuk Çağlayan. “Trust assessment of security for e-health systems.” Electron Commer Res Appl 3 (2014): 164-177.
2. Julia Adler-Milstein, Elettra Ronchi, Genna R Cohen and Laura A Pannella Winn, et al. “Benchmarking health IT among OECD countries: Better data for better policy.” J Am Med Inform Assoc 21 (2014): 111-116.
3. Dehling Tobias and Ali Sunyaev. “Secure provision of patient-centered health information technology services in public networks—leveraging security and privacy features provided by the German nation-wide health information technology infrastructure.” Electronic Markets 24 (2014): 89-99.
4. Havas Magda, Jeffrey Marrongelle, Bernhard Pollner and Elizabeth Kelley, et al. “Provocation study using heart rate variability shows microwave radiation from 2.4 GHz cordless phone affects autonomic nervous system.”Eur J Oncol 5 (2010).
5. Hopkin, Paul. Fundamentals of risk management: Understanding, evaluating, and implementing effective risk management. London, Philadelphia: Kogan Page. (2010).
6. Jarow Jonathan P and John H Baxley. “Medical devices: US medical device regulation.” Urologic Oncol 33 (2015): 128-132.
7. Molungu, Thomas. “Internal Control Strategies to Mitigate Fraud in Small Manufacturing Businesses in Cameroon.” Walden Dissertations and Doctoral Studies. (2019).
8. Jean Jacques N Noubiap, Joseph Kamtchum-Tatuene, Chris Nadège Nganou-Gnindjio and Ahmadou M Jingi. “The Cardio-Pad™ project: progress and remaining challenges.” Cardiovas Diagn Ther 7 (2017): 98-101.
9. Overview of Cameroon’s Digital Landscape. (2020).
10. Risk Types: Compliance Risks. (2020).
11. Uwizeyemungu Sylvestre, Placide Poba-Nzaou and Michael Cantinotti. “European Hospitals' Transition Toward Fully Electronic-Based Systems: Do Information Technology Security and Privacy Practices Follow?” JMIR Med Informat 7 (2019): e11211.