FDA Issues Security and Interoperability Guidance for Medical Devices
The U.S. Food and Drug Administration is calling for health IT experts to advise on newly issued draft guidance for medical devices when it comes to cyberthreats and interoperability.
As Health IT Interoperability reported, the FDA published draft guidance in connection with each subject in the first month of 2016. The administration addressed cybersecurity issues in guidance published on Jan. 22. It then put the focus on interoperability with a Jan. 26 release.
Medical Devices and Cybersecurity
Regarding cybersecurity, the FDA has made it clear in recent presentations that it views medical devices that contain software and programmable logic as “the largest attack surface for national security today.”
The danger posed by attackers penetrating hospital and other medical networks, the FDA noted, includes the potential compromise of confidential data and damage to network integrity that can impede care providers on the job. The latter could prevent doctors and health care professionals from accessing critical information when they need it most.
Issues around device and software interoperability pose similar problems: A nonstandardized data exchange environment presents the risk of critical equipment being unable to provide necessary information related to patient care.
According to Lexology, the newly drafted cybersecurity guidance looks to establish requirements around product design, risk management programs and response and recovery protocols when cyberthreats become realities in the hospital space. The guidance draft also calls for a definition of standard procedures around rules for how compromises are disclosed and reported.
In the case of interoperability, the FDA’s guidance draft prescribes an approach starting early in the device life cycle, implementing design-level checks against potential data interface disconnects and defining how information will be accessible and usable in clinical scenarios. The interoperability standards are meant to ensure that data is portable across a myriad of medical environments and that patient safety is secured no matter the device combination.
Neither guidance drafts are final or in effect. Both issued documents now enter a 90-day public comment phase. As the Federal Register outlined, submissions are accepted via the Federal eRulemaking Portal or by mail at the FDA’s Division of Dockets Management.
Image Source: Wikimedia Commons