by
Lauren Dubinsky, Senior Reporter | February 14, 2017
From the January 2017 issue of HealthCare Business News magazine
They should also inform health care providers of the security software installed in the devices as well as security upgrades and software at risk. If the devices communicate using connections that aren’t covered by the hospital’s firewall, the manufacturer should have secure controls in place to access the network and use technology that doesn’t compromise security. According to MITA, medical device manufacturers are increasingly being considering business associates by their customers if their devices interact with patient data. The Health Information Technology for Economic and Clinical Health Act requires business associates to protect sensitive information.
For medical device manufacturers, the HITECH Act defines the minimum level of security and privacy to comply with regulations. “These things behave like the Internet of Things [because] there is machine-to- machine communication,” says Primo. “When an order is placed, the demographic information of the patient is automatically populated in the worklist on that modality.” The Association for the Advancement of Medical Instrumentation (AAMI) is working to help manufacturers improve the security of their devices. The FDA added AAMI’s information security recommendations to its list of recognized standards in July 2016. “Health care providers are demanding more security for their devices and manufacturers themselves know that there is a risk associated with their devices,” says Geoffrey Pastoe, co-chair of the AAMI design security workgroup. “The thing that is probably foremost in their mind right now is the push by the FDA to make devices more secure.”
Ad Statistics
Times Displayed: 45539
Times Visited: 1299 Ampronix, a Top Master Distributor for Sony Medical, provides Sales, Service & Exchanges for Sony Surgical Displays, Printers, & More. Rely on Us for Expert Support Tailored to Your Needs. Email info@ampronix.com or Call 949-273-8000 for Premier Pricing.
The AAMI TIR57 technical report provides manufacturers with guidance on developing a cybersecurity risk management process for medical devices. From there, they can take action and correct any issues. Pastoe believes that risk management is not the only thing that is needed to maintain the security of devices. In a new technical report, AAMI will address post-market security management.
The hospitals’ role
Many health care executives don’t know if their organization is fully prepared to prevent damage that hackers can cause, including device malfunctions, service disruptions and patient data breaches, according to ECRI. ECRI offers a Cybersecurity Gap Analysis Service, which was launched in November. It identifies network-connected devices and their associated risks, manages the latest security patches for medical devices, prioritizes devices based on stored data and functionality and ensures that appropriate training is carried out.
