Medical Device Data Security Standards

FDA Sets Standards For Medical Device Data Security

In recent years, more people rely on technological devices to help them complete daily tasks. Individuals aren’t the only ones taking advantage of the latest advancements. Technological devices are part of the operational fabric in many U.S. industries and around the world. The health care industry is a prime example.

Every day, doctors, nurses, and other health care professionals depend on medical devices to not only perform their job as expected, but also communicate and share information securely. Unfortunately, not all of the current devices on the market are up to this task.

medical_devicesInteroperability—defined as “the ability of software or computer systems to exchange and make use of information”—is expected to become even more integral to patient care in the coming years, making it critical for medical device manufacturers to address issues that could potentially lead to device malfunction or failure, or patient injury or death.

To that end, the U.S. Food and Drug Administration (FDA) released recommendations in late 2017 designed to help electronic medical device manufacturers develop safer and more secure products.

New FDA Guidelines

At a time when interoperable medical devices are increasingly in demand, the FDA intends to help manufacturers avoid problems that could arise as these devices exchange patients’ information and use that information to further health goals.

In September 2017, the FDA released Design Considerations and Pre-market Submission Recommendations for Interoperable Medical Devices. This guide incorporates comments submitted to the FDA by medical device manufacturers and designers, as well as the general public, and offers non-binding recommendations to manufacturers.

The recommendations encourage manufacturers to:

  • Design their electronic medical devices with interoperability as an objective.
  • Conduct appropriate verification, validation, and risk management activities for their medical device products.
  • Clearly specify the devices’ relevant functional, performance, and interface characteristics to the user.

By following these recommendations, the FDA hopes that medical devices manufacturers can make it safer and more secure for medical devices to communicate with information systems, as well as each other.

Medical Device Interoperability

The FDA defines medical device interoperability as “devices (talking) to each other in a safe and effective way enabling smarter care.” Patients can see interoperability at work in clinics and hospitals all across the country. When an in-patient’s medical devices communicate with one another—or when results from diagnostic devices are transmitted to a hospital computer system—that’s interoperability. It’s easy to see how this connectivity and access could help medical professionals provide better care.

However, while interoperability can be extremely beneficial in a health care setting, the FDA identified potential health risks. For example, some medical devices may malfunction or even fail if they’re connected incorrectly. Additionally, information exchange errors—such as improperly converting pounds to kilograms, or vice versa—may also pose a risk.

Cybersecurity Concerns

Over the past few years, cybersecurity for electronic medical devices has become a high priority for the FDA. The fear is criminals could hack medical devices with cybersecurity vulnerabilities and dangerously alter their performance, or gain access to private information.

The FDA’s concern isn’t misplaced. In September 2017, the U.S. Department of Homeland Security (DHS) issued a consumer warning after identifying eight cybersecurity vulnerabilities in three versions of the Smiths Medical Medfusion 4000 wireless syringe infusion insulin pump. Though Smiths Medical eliminated the vulnerabilities from the pump’s latest model—set to release in January 2018—the vulnerabilities found in previous models remain. However, while DHS raised the alarm about this potential threat, it was also quick to clarify that it wasn’t aware of anyone trying to exploit vulnerabilities in such devices.

Award-Winning Personal Injury Representation

Dangerous medical devices can result in patient injuries or deaths. If you were harmed by an unsafe medical device, you may be entitled to compensation. Our experienced legal team can help you fight for the financial recovery you deserve. Contact McGartland Law Firm today to schedule an appointment for a free case consultation.