DOTmed Home MRI Oncology Ultrasound Molecular Imaging X-Ray Cardiology Health IT Business Affairs
News Home Parts & Service Operating Room CT Women's Health Proton Therapy Endoscopy HTMs Mobile Imaging
Current Location:
> This Story

Log in or Register to rate this News Story
Forward Printable StoryPrint Comment



Business Affairs Homepage

Solutionreach partners with GE to improve the patient experience Part of the Centricity Partner Program

Jeffrey Immelt Former GE chairman and CEO joins Radiology Partners’ board of directors

Siemens CEO Kaeser praises Trump's tax plan Later adds, 'I didn't congratulate him for his first year in office or anything else'

Philips to sell Dunlee facility to new CT tube company Chronos Imaging reportedly purchasing the Aurora, IL, site

Health care supplier stocks recover after Amazon announces market entry Online retail giant sets sights on medical supply business

Amazon and its effect on the health care industry How will new alliances and targeting pharma disrupt the status quo?

Philips acquires AGITO Medical to ramp up multi-vendor service capabilities Service and refurb company has facilities throughout Europe

Philips to invest in new R&D facility in Cleveland, Ohio Will also cease manufacturing operations there

California launches Aetna probe after incendiary testimony by insurer's former SoCal medical director

Varian acquires Mobius Medical Systems Will expand the company's QA software portfolio

Medical Device Cybersecurity Act of 2017: benefits and burdens

An editorial by Robert Kerwin
General Counsel, IAMERS

Shortly before the summer congressional recess, Senator Blumenthal (D.-CT) filed a bill to amend the Federal Food, Drug, and Cosmetic Act to provide cybersecurity protections for medical devices. S. 1656, if approved, will require manufacturers to provide a report card for indicating the cybersecurity functions of cyber devices.

The contents of the report card would contain: (a) a disclosure statement by the manufacturer of medical device security; (b) a traceability matrix that establishes design components and traces compensating cybersecurity controls; (c) provides providers with industry standard compensating controls for improving cybersecurity;(d) includes a cybersecurity risk assessment conducted by the manufacturer or a third party explaining the risk of the device to patient safety and clinical hazards; (e) indicates whether the device is capable of being remotely accessed. If the device can be remotely accessed the bill would require that the report card disclose an indication of any security measures and access protocols the device has in place to secure such access.

Story Continues Below Advertisement

RaySafe helps you avoid unnecessary radiation

RaySafe solutions are designed to minimize the need for user interaction, bringing unprecedented simplicity & usability to the X-ray room. We're committed to establishing a radiation safety culture wherever technicians & medical staff encounter radiation.

The Manufacturer's report card would be disclosed on a confidential basis to any health care industry entity that the FDA determines to have a valid interest. The manufacturer would be required to submit an annual update to the FDA and to any other third-party authorized by the manufacturer. The manufacturer would be required to obtain consent from the health care provider and patient prior to access. (The health care provider will be charged to obtain consent from the patient). The manufacturer will be required to notify the provider when accessing the device remotely, will maintain an audit log for each time the manufacturer accesses the device remotely, and make the access log accessible to the provider.

Automated tools would be installed to track access or identify attempts at unauthorized access to any cyber capability of the device. The manufacturer would be required to provide free cybersecurity fixes or updates until the end-of-life of the equipment or 10 years after the date on which the manufacturer discontinues marketing the device.

While requiring a medical device cyber report card and compensating controls to be disclosed is laudable, the virtual absence of third-party access to the cyber report and the need to have the manufacturer approve access has huge implications for competition and for strategic advantage to the manufacturer.

Additionally, the audit provisions give the manufacturer an ability to pitch for business on installations and service. The bill needs to be modified to permit access by third-parties authorized by the health care provider, and remove discretion from the manufacturer to determine unilaterally the end-of-life of the equipment.

Business Affairs Homepage

You Must Be Logged In To Post A Comment

Increase Your
Brand Awareness
Auctions + Private Sales
Get The
Best Price
Buy Equipment/Parts
Find The
Lowest Price
Daily News
Read The
Latest News
Browse All
DOTmed Users
Ethics on DOTmed
View Our
Ethics Program
Gold Parts Vendor Program
Receive PH
Gold Service Dealer Program
Receive RFP/PS
Healthcare Providers
See all
HCP Tools
A Job
Parts Hunter +EasyPay
Get Parts
Recently Certified
View Recently
Certified Users
Recently Rated
View Recently
Certified Users
Rental Central
Rent Equipment
For Less
Sell Equipment/Parts
Get The
Most Money
Service Technicians Forum
Find Help
And Advice
Simple RFP
Get Equipment
Virtual Trade Show
Find Service
For Equipment
Access and use of this site is subject to the terms and conditions of our LEGAL NOTICE & PRIVACY NOTICE
Property of and Proprietary to, Inc. Copyright ©2001-2018, Inc.