Cybersecurity continues to gain attention as advancements in smart medical devices and platforms are made, and more providers opt for the use of connected medical devices. Beyond the technology itself, what makes the landscape more challenging to navigate is a multitude of guidelines, specifications, and standards set forth by various entities, including government, private, and hybrids of the two regarding cybersecurity practices for medical devices.
In addition to the U.S. regulatory landscape, there are also the international requirements, for example, Health Canada guidance on premarket requirements for medical device cybersecurity (2019) the Australia Therapeutic Goods Administration (TGA) medical device cybersecurity guidance for industry (2019), and the European Medical Devices Regulation (MDR) and In-vitro Diagnostic Medical Devices Regulation (IVDR).
It is important to note that both U.S. and international cyber security-specific requirements are in addition to other regulations dealing with protecting or processing of personal data stored in medical devices. For example, at the E.U. level, in addition to the MDR/IVDR regulations, the NIS Directive (E.U.) 2016/1148 and the General Data Protection Regulation (E.U.) 2016/679 (GDPR), and the E.U. Cybersecurity Act (Regulation (E.U.) 2019/881), are also relevant to medical devices.
The key U.S. federal agencies, the Food and Drug Administration (FDA), Office of the National Coordinator for Health I.T. (ONC), and the Federal Communications Commission (FCC), each have unique responsibilities in the health I.T. arena and are working together on strategies and recommendations for an appropriate, risk-based regulatory framework.
Read the full article below.
To learn more about us and connect, please visit HERE.
For link to the references, please visit HERE.
Cybersecurity_and_Medical_Devices_Soody_TronsonNotice and Disclaimer
The content in this article (and site) is merely intended as a non-exhaustive informational resource. The best practice is to find someone who has the expertise necessary to provide you with meaningful legal advice. The information in this article (and site) neither constitute legal advice nor creates an attorney-client relationship. Readers should not act upon this information without seeking professional counsel. This information is provided without any knowledge as to the reader’s industry, identity, or specific circumstances. The application and impact of relevant laws will vary from jurisdiction to jurisdiction. There may also be delays, omissions, or inaccuracies in information contained in this article (and site). Material contained in this article (and site) may be considered advertising under the professional rules of conduct. The hiring of a lawyer is an important decision that should not be based solely on advertisements.