Blog

Drug Delivery Devices: Reliability in Every Dose | Part 1 of the Engineering Life-Critical Devices Series

July 2, 2026 Szymon Zysko

No video selected

Select a video type in the sidebar.

Drug Delivery Devices: Reliability in Every Dose | Part 1 of the Engineering Life-Critical Devices Series

At first glance, the primary challenge of developing drug delivery devices might seem straightforward: deliver the correct dose, every time. In reality, what defines a successful drug delivery device is reliability, the ability to deliver therapy consistently, safely, and without interruption, even in the face of hardware faults, user error, or changing environmental conditions.

A missed dose, an incorrect dose, or an unexpected interruption in therapy can have serious and sometimes life-threatening consequences. This makes drug delivery devices safety-critical devices, requiring a high level of engineering rigor.

This article, the first in our Engineering Life-Critical Devices Series, examines the engineering challenges of creating reliable and safe drug delivery devices, focusing on precision dosing, safety design, real-world usage, and long-term verification. We’ll also share insights from practical experiences to highlight what it takes to ensure reliability in every dose.

The engineering challenges

Precision dosing: Achieving this requires tightly integrated electromechanical architectures in which sensors, actuators, control electronics, firmware, and software operate in a coordinated and predictable manner. Small deviations in mechanical performance, sensor accuracy, timing, or control algorithms can directly affect therapy delivery.

Reliability and safety: Certain therapies require uninterrupted delivery once they begin, meaning a device must continue operating safely even when faults occur. Therefore, engineers must identify potential points of failure and implement appropriate mitigations, such as redundancy, fault-detection mechanisms, failover architectures, and backup power systems. Drug delivery devices operate in complex real-world environments where hazards can originate from environmental conditions (e.g., temperature, humidity, pressure), incorrect consumables or cartridges, user errors, or interactions with other devices. As a result, devices must be capable of responding safely to power interruptions or failures, ensuring the device either continues operation through backup mechanisms or transitions to a safe state without compromising patient safety.

Alarm reliability: A device’s alarm system must adhere to strict regulations. Devices must reliably distinguish between conditions requiring immediate intervention and those that are informational or lower priority. Achieving this balance can be challenging, particularly in acute care environments where clinicians are already exposed to large numbers of alarms. Excessive or poorly designed alarms can contribute to alarm fatigue, increasing the risk that critical warnings may be overlooked.

Real-world usability: Unlike many medical systems, drug delivery devices are often used outside controlled clinical settings. This introduces a new set of challenges as devices must be intuitive and easy to use, function in an uncontrolled environment, and account for user errors. At the same time, usability within clinical environments remains equally important. Devices must be portable, provide clear information to healthcare personnel, and support rapid decision-making in high-pressure situations.

Designing for maintenance and troubleshooting: Maintenance and troubleshooting capabilities must be considered from the earliest stages of system design. When a device is life-critical, failures must not only be detected but also diagnosed quickly and accurately. This requires comprehensive diagnostics, event logging, telemetry, and mechanisms for storing and transmitting operational data. Systems must support preventative maintenance activities, facilitate efficient root-cause analysis, and provide clear communication pathways between devices, users, and support personnel. For manufacturers managing globally distributed device fleets, lifecycle management also requires the ability to remotely monitor device health, identify fleet-wide trends, deploy software and firmware updates, implement corrective actions, and maintain visibility of device performance throughout its operational life.

Case Study: Engineering a Safety-Critical Respiratory Therapy System

S3 Connected Health worked with a client to develop a hospital-based drug delivery device designed to deliver inhaled nitric oxide (NO) therapy to patients requiring respiratory support. It is primarily used in neonatal intensive care units (NICUs) to treat premature infants whose lungs have not yet fully developed.

The device integrates directly with a ventilator’s breathing circuit, where it precisely administers controlled doses of NO gas into the airflow, and facilitates real-time monitoring and adjustment of gas concentration, tight control of dosage within clinically safe limits, and automatic detection of risk conditions or unsafe conditions. Additionally, the device includes safeguards to purge the breathing circuit before use, preventing exposure to toxic NO₂ buildup.

The device is designed to ensure uninterrupted, precise delivery of gas and must function reliably alongside a wide range of ventilators with varying configurations. Because therapy interruptions can have severe clinical consequences, fault tolerance was a core design principle throughout the architecture. Critical functions were supported by multiple layers of redundancy, including duplicate sensors, redundant gas delivery pathways, backup power capabilities, and automated failover mechanisms. The system continuously cross-checks sensor readings, monitors delivery conditions, and validates system performance to detect anomalies before they can impact therapy delivery. This combination of redundancy, fault detection, and failover design helps ensure the device can continue operating safely even when individual components or subsystems experience faults.

We created custom automated tests that allowed for large-scale, repeatable checks by simulating long therapy sessions, varying ventilator settings, and different fault scenarios. This was supported by human factors testing, where clinicians used the device in simulated ICU settings to spot usability problems and improve alarms and interfaces. Additionally, extensive compatibility testing made sure the device worked well with various third-party ventilators, validating each setup for accurate gas delivery and including only approved systems in operating guidelines.

Designing a life-critical drug-delivery system

In a drug delivery device, a failure can directly impact patient safety through an incorrect dose, a missed dose, unintended dose delivery, or an interruption of therapy. As a result, engineers must assume from the outset that faults will occur and design the system to manage them safely.

This process begins with risk management and hazard analysis. Potential failure modes must be identified early in development and evaluated based on their likelihood and potential impact on the patient. In drug delivery systems, these risks can originate from hardware failures, software defects, environmental conditions, communication interruptions, power loss, user errors, incorrect consumables or cartridges, occlusions, leaks, or failures within the delivery mechanism itself. Understanding these hazards allows development teams to establish safety requirements and implement appropriate mitigations before detailed design begins.

A key principle is fault tolerance. Wherever possible, the system should continue operating safely despite the failure of individual components. This may involve redundancy in critical sensors, processors, communication pathways, or power systems. In drug delivery devices, additional safeguards may be required to independently verify delivery parameters, detect interruptions to therapy, or confirm that the correct drug and consumables are being used. In situations where continued operation is not possible, the device must be capable of transitioning to a predefined safe state while minimizing risk to the patient.

Cybersecurity is also closely linked to patient safety. A successful attack could disrupt device operation, interfere with therapy delivery, or prevent critical alarms and communications from functioning as intended. For this reason, security controls must be designed into the system from the outset to help ensure the device remains safe and operational throughout its lifecycle.

Verification and validation play a critical role in demonstrating that these design principles have been implemented successfully. Traditional manual testing alone is rarely sufficient due to the number of operating conditions and potential fault scenarios that must be evaluated. Instead, development teams rely heavily on simulation, automation, and fault-injection techniques to assess system behavior under both expected and abnormal conditions, and eliminate the risk of regressions introduced by software or firmware changes.

Engineers routinely perform accelerated lifecycle testing, running devices through thousands of simulated delivery cycles to identify long-term degradation issues. Environmental simulations are used to evaluate performance across different temperatures, humidity levels, pressures, and operating conditions. Fault-injection testing deliberately introduces failures such as communication interruptions, sensor errors, occlusions, depleted consumables, power disruptions, corrupted inputs, or component malfunctions to verify that the device detects the issue and responds appropriately. Automated regression testing is also essential for ensuring that firmware updates or software changes do not unintentionally affect existing functionality or compromise therapy delivery.

Case Study: Engineering Continuous Therapy in the Home

S3 Connected Health worked with a medtech client to redevelop a wearable drug delivery system for home use by patients requiring continuous insulin therapy. Unlike hospital-based systems, this device needed to operate reliably in an unsupervised, real-world environment while remaining simple and intuitive for daily use.

The system consists of a handheld controller, two wearable pumps, and consumables, including an infusion set and insulin cartridges. Each pump is designed to deliver continuous therapy for up to three days, aligning with the lifespan of the infusion set and cartridge.

Because any interruption, incorrect dose, or undetected fault could have serious consequences, the device was engineered as a safety-critical system. Key development challenges included ensuring continuous therapy delivery, maintaining reliable wireless communication, supporting safe user workflows, managing the three-day battery life, and integrating with continuous glucose monitoring and automated dosing systems. Additional design considerations included the reliable detection of occlusions and infusion-site failures, prevention of under- or over-delivery events, management of reservoir and consumable lifecycles, and validation of dose-calculation algorithms to ensure safe and accurate therapy delivery.

To address these challenges, the system was designed with several key reliability features:

  • Dual-pump architecture: Two interchangeable pumps ensure that a fully charged device is always available, eliminating downtime between therapy cycles.
  • Intelligent battery management: Firmware was developed to optimize energy usage and support predictable three-day operation, while guiding users through timely device rotation.
  • Robust wireless communication: Bluetooth connectivity between the handset and pump was optimized through antenna tuning, pairing logic, and energy-efficient protocols to ensure consistent performance and regulatory compliance.
  • Enhanced fault detection: Critical issues such as occlusion detection were redesigned to ensure reliable identification of delivery interruptions and prompt user alerts.
  • Over-the-air updates: Remote firmware updates allow continuous improvement and issue resolution without requiring physical access to the device.
  •  Closed loop system: The device integrates with continuous glucose monitoring (CGM) systems and dosing algorithms to support automated therapy adjustments. This requires reliable communication, robust fault handling, and extensive validation to ensure that glucose data, dosing recommendations, and insulin delivery remain synchronized and accurate under all operating conditions.

Drug delivery systems are just one example of the complex engineering challenges involved in life-critical healthcare technologies. Be sure to follow the remainder of this series examining the challenges of developing other life-critical medical devices and the engineering approaches that help keep patients safe.