FDA Issues Security and Interoperability Guidance for Medical Devices

By: James O'Brien| - Leave a comment

The U.S. Food and Drug Administration is calling for health IT experts to advise on newly issued draft guidance for medical devices when it comes to cyberthreats and interoperability.

As Health IT Interoperability reported, the FDA published draft guidance in connection with each subject in the first month of 2016. The administration addressed cybersecurity issues in guidance published on Jan. 22. It then put the focus on interoperability with a Jan. 26 release.

Medical Devices and Cybersecurity

Regarding cybersecurity, the FDA has made it clear in recent presentations that it views medical devices that contain software and programmable logic as “the largest attack surface for national security today.”

The danger posed by attackers penetrating hospital and other medical networks, the FDA noted, includes the potential compromise of confidential data and damage to network integrity that can impede care providers on the job. The latter could prevent doctors and health care professionals from accessing critical information when they need it most.

Issues around device and software interoperability pose similar problems: A nonstandardized data exchange environment presents the risk of critical equipment being unable to provide necessary information related to patient care.

According to Lexology, the newly drafted cybersecurity guidance looks to establish requirements around product design, risk management programs and response and recovery protocols when cyberthreats become realities in the hospital space. The guidance draft also calls for a definition of standard procedures around rules for how compromises are disclosed and reported.

Working Together

In the case of interoperability, the FDA’s guidance draft prescribes an approach starting early in the device life cycle, implementing design-level checks against potential data interface disconnects and defining how information will be accessible and usable in clinical scenarios. The interoperability standards are meant to ensure that data is portable across a myriad of medical environments and that patient safety is secured no matter the device combination.

Neither guidance drafts are final or in effect. Both issued documents now enter a 90-day public comment phase. As the Federal Register outlined, submissions are accepted via the Federal eRulemaking Portal or by mail at the FDA’s Division of Dockets Management.

Image Source: Wikimedia Commons

Topics: ,


About The Author

James O'Brien

Freelance Writer

As a journalist and writer in the branded content space, James O'Brien covers business, technology, social media, marketing, film, food, wine, writing and news. The Nieman Journalism Lab has called his work in the custom content space "sponsored content done right." He has written for major regional newspapers, and he has managed and edited established, startup and turnaround newsrooms in varied markets, from community papers to major-city dailies. He consults for firms and businesses — startups to seasoned — on the creation of effective content strategies and the establishment of practical editorial calendars for enacting them. O'Brien holds a Ph.D. in Editorial Studies from the Editorial Institute at Boston University, where he researched and edited Bob Dylan's other-than-song writings. He is engaged in a bibliography for Oxford University Press, covering writings about filmmaker John Cassavetes. He is the author of "The Indie Writer's Survival Guide." His short stories and poetry are published in numerous journals and magazines.

Articles by James O'Brien
See All Posts