Smila Care Service

The publications of Smila Care Service refer to a pilot that was done in the Jyväskylä region. In the pilot study, the number of home care visits were monitored in 26 clients using the medication dosage dispenser. In the pilot the The visits of nursing staff remained unchanged for 11 clients, for 15 clients the number of visits decreased. It is to be recognized that for some clients, visits by nursing staff changed to remote contact (by phone or video call), while others had also home visits. The nursing staff was satisfied with the medication dispenser device.¹

Clients’ experiences of the device have been studied in the thesis. In the thematic interviews, it emerged that the clients were satisfied with the device. The device was considered easy to use and it was felt to increase pharmacovigilance and self-reliance.²

There are several medication dispensers on the market that remind the patient to take the medicine, for example, by sound and light. The studies present the point of view of safety, effectiveness and patient satisfaction. The use of the devices seems to improve compliance with pharmacotherapy so that medicines are almost always taken at the right time.^3-6

Literature reviews

Literature reviews have been conducted also on drug dispensing devices. Although he Smila drug dispenser has not been represented in these reviews, their key findings are presented, as they also describe the benefits of Smila.

Mertz’ descriptive review examined the users’ and nursing staff’s thoughts on medication dispensing devices. In general, it was noted that the devices were accepted and were found to increase adherence to pharmacotherapy and facilitate the management of pharmacotherapy.⁷ 

Faisal’s systematic review examined the properties of medication dispensing devices. These included the possibility to deliver several doses of medication and alerts related to medicine intake carried out by different methods. About half of the devices sent a reminder of the missed dose of medication either to the client, family member or nursing staff.⁸    

The product has undergone a risk analysis, which is regularly updated¹.

The safety and residual risks associated with the possible misuse of the product are described in the instructions for use¹. Through the medical device validation process, the manufacturer has declared that the product complies with all relevant safety standards¹. In terms of safety, operational processes and responsible parties have been defined between the distributor and the manufacturer¹. No reported adverse or hazardous events have been detected in the production use¹.

The medication dispenser’s connection to the product-related cloud service requires a sufficiently strong wireless mobile or WiFi network connection¹. In connection with the introduction, it must be ensured that these requirements are met in the operating environment in question. The network connection is required for sending alerts to professionals and for video or audio calls. The online connection also ensures that the new medication dispenser roll is fed to the right user’s device. When the product is not connected to the internet (offline mode), its basic functions, i.e. dispensing medicines and reminding a person when to take them, however, work completely normally¹.

The medication dispenser is powered by mains power but it also contains a battery that allows the device to function for 24 hours¹.

A monthly service fee per device will be charged for the use of the product.¹   User training is free of charge for personnel within the organisation.¹

The end-user’s fee is determined at the discretion of the purchasing organisation.

The use of the service may affect client fees for home care services because it may have an impact on the number of visits, the duration of the visits and possible user fee.¹

On the basis of the information provided by the distributor, it appears that the cost of using the service is reasonable when compared to providing a corresponding service by other means.¹

The assessment was carried out using the list of data security and data protection requirements for social welfare and health care procurement and the response material provided by Tamro Oy and JDM Group⁹.

Minor deficiencies

Based on the response material, the service meets the most essential requirements of data security and data protection, but during the assessment we noticed a deficiency in the service’s password management practices.

Risk management and data security testing
The service provider has processes for managing and preventing data security risks as well as an action plan for security incidents. The manufacturer has included data security as part of the software development. Based on the response material, the cloud service has undergone a penetration test, the third-party software in use has been manually audited and the hardening of the hardware has been verified by an external audit.

User management

The service does not support two-step authentication or federation of user data to an external service.  Support for two-step authentication is under development, according to the response material.

The service supports the management and restriction of user rights. It is mandatory to specify separate user rights in the service. A tracing log of user activity and data viewing is available.

During the assessment, we detected a deficiency in the password management practices of the service. The technology used for password management was not up-to-date according to generally accepted practices during the assessment, but the company had an action plan to address the deficiency. The deficiency was not seen as preventing implementation, but the client organisation should be aware of the risks associated with outdated password management practices.

Equipment

The Smila medication dispenser automatically performs software updates according to a predefined schedule. Any updates will be notified to the client organisations in advance. The updates are digitally signed and their authenticity and right will be ensured as part of the update process. The device manufacturer can manage and update devices over a network connection.

The device uses Bluetooth 4.0, GSM, and WiFi connections. When using a WiFi network, it is the responsibility of the client organisation to set it up in a secure manner.

The devices have been hardened against physical tampering.

Data protection

Tamro Oy acts together with the equipment supplier as a data processor. The client organisation acts as a data controller. As a result, the client organisation owns the registry data and the data protection impact assessment required by GDPR is the responsibility of the client organisation.

The data stored in the Service shall be stored as confidential within the European Economic area. The information stored on the devices is encrypted at rest. Different parts of the Service store as little personal data as possible in accordance with the principle of minimising data collection.

Other considerations

The Service only works as a SaaS (Software as a Service) service model.

The assessment only includes an assessment of the information security and data protection of the Smila medication dispenser unit and the cloud service. Any attachments, additional services or integrations of the device are not covered by this assessment and must be assessed separately if they are introduced by the client organisation.

In addition, we recommend that health care districts utilise the European Union Agency for Cybersecurity (ENISA) data security manual for purchases.¹⁰

The medication dispenser interface contains a touch screen and a physical function button¹.

According to the company’s announcement, special user groups have been taken into account in designing the user interface. Persons with poor eyesight and different colour visions have been taken into account in the user interface’s colour selection, as well as with audio signals and voice responses. The device pre-cuts the medication sachet to make the opening of the sachet easier for persons with fine motor problems.¹

The device sends an alarm to home care about the doses of medication that the patient missed.

Taking the medication can be ensured by video connection for persons with memory disorders, for example, but the device is not suitable for persons with advanced dementia¹.

The home care clients participating in the user experience study carried out in the home care of the City of Jyväskylä report on the ease of use of the medication dispenser². Professionals have also reported on its ease of use¹.

The Smila care service also features a browser-based user interface for professionals¹. Professionals have been involved in the testing of the user interface, and participants in the user study have reported on its ease of use¹. At the time of assessment, the professional’s user interface does not meet all WCAG 2.1 AA level requirements according to the company’s own accessibility assessment¹¹. Accessibility issues have been reported in the product accessibility statement¹¹.

The company has an electronic feedback channel and responds to the accessibility feedback within 14 days¹¹.

General guidance on procurement

The purchasing organisation must take into account the accessibility requirements laid out for digital services and note that it is the responsibility of the service provider to fulfil the requirements^12-14

The professional browser-based user interface is available for Microsoft Windows¹.

Interoperability

An integration is planned for the product in the most common electronic patient records and the Kanta Personal Health Record (Kanta PHR)¹. The Smila Medication Dispenser contains a Bluetooth Low Energy (BLE) connection through which it can be connected to transducers, measuring instruments, or sensors ¹

Technical functionality

The company uses the lifecycle standard IEC 62304 for medical devices software. It has defined and implements testing processes as part of ongoing product development. The company has notification channels for their clients through 24/7, client support in case of potential error notifications as well as processes to fix them. The company is proactive in monitoring the operation of the service to detect faults. During the past six months the product has not been out of use or operating insufficiently due to a failure.

The company has a predefined schedule for system updates. Customers are notified in advance about these and the updates don’t cause any visible disruptions for using the service in normal situations.¹

Training and product support

Tamro organizes product user training for professional users before its implementation as face-to-face training or video remote training. The training can be arranged in Finnish, Swedish, English or German. Online training material for self-learning is also available. The nurses provide introductory guidance for home care clients. Customer support for the product is available by phone 24/7.¹

Distribution of the product

The service is currently in use in Finland both in individual municipalities and in joint municipal authorities.¹

1. Digital Health Technology Assessment filled in by the company, not public information
2. Litendahl S, Vikström M. Medication robot Smila – user experiences from piloting the Smila medication robot in the home care of the City of Jyväskylä. JAMK, 2021.
3. Hannink et al 2019. A Randomized controlled efficacy study of the Medico medication dispenser in Parkinson’s disease. BMC Geriatrics 2019; 19:273- 280. https://doi.org/10.1186/s12877-019-1292-y
4. Hoffmann et al 2018. Enhanced Adherence in Patients Using an Automated Home Medication Dispenser. Journal of Healthcare Quality 2018;40(4):194- 200. https://doi.org/10.1097/JHQ.0000000000000097
5. Marek et al 2013. Nurce Care Coordination and Technology Effects on Health Status of Frail Elderly vie Enhanced Self-management of Medication: Randomized Clinical Trial to Test Efficacy. Nurs Res.2013;62(4):269-278. https://doi.org/10.1097/NNR.0b013e318298aa55
6. Henriksson et al 2016. A Prospective Randomized Trial of the Effect of Using an Electronic Monitoring Drug Dispensing Device to Improve Adherence and Compliance. Transplantation 2016;100:203-209. https://doi.org/10.1097/TP.0000000000000971
7. Mertz et al 2021. User Perception of Automated Dose Dispensed Medicine in Home Care: a Scoping Review. Healthcare 2021,9,1381. https://doi.org/10.3390/healthcare9101381
8. Faisal et al 2021. A review of features and characteristics of smart medication adherence products. Can Pharm J. (Ott)2021;154:312-323. https://doi.org/10.1177/17151635211034198
9. National Emergency Supply Agency. Cyber Health Project. Information security and data protection requirements for social welfare and health care procurement Available at   https://www.kyberturvallisuuskeskus.fi/en/ncsc-news/instructions-and-guides/information-security-and-data-protection-requirements-social Accessed on 28.4.2022
10. The European Union Agency for Cybersecurity Procurement Guidelines for Cybersecurity in Hospitals. Available at https://www.enisa.europa.eu/publications/good-practices-for-the-security-of-healthcare-services Accessed on 28.4.2022
11. Accessibility statement for Smila. Available at: https://www.tamro.fi/en/services/social-and-health-services/smila-care-services/accessibility-statement
12. Act on the Provision of Digital Services 306/2019. Available at: https://www.finlex.fi/fi/laki/alkup/2019/20190306 Accessed on 25.10.2022
13. Regional State Administrative Agency of Southern Finland, Accessibility supervision unit. The requirements of the Act on Provision of Digital Services. Available at: https://www.webaccessibility.fi/requirements-of-the-act-on-the-provision-of-digital-services/ Accessed on 20.4. 2022
14. Act on public Procurement and concession contracts 1397/2016 Available at: https://www.finlex.fi/fi/laki/alkup/2016/20161397 Accessed on 20.4. 2022

Petra Falkenbach, Senior Planning Officer, FinCCHTA

Jari Haverinen, Senior Planning Officer, FinCCHTA

Joni Liljeblad, Information Security Expert, University of Oulu