DOTmed Home MRI Oncology Ultrasound Molecular Imaging X-Ray Cardiology Health IT Business Affairs
News Home Parts & Service Operating Room CT Women's Health Proton Therapy Endoscopy HTMs Mobile Imaging
Current Location:
> This Story

Log in or Register to rate this News Story
Forward Printable StoryPrint Comment


Business Affairs Homepage

Shanghai Pharma to acquire Cardinal Health China business for $1.2 billion Deal includes pharma and medical products distribution business

ACR chair urges congress to fund low-dose radiation research Last BEIR report on effects of low-dose exposure issued over 10 years ago

GE to whittle down, focus more on health care CEO Flannery also plans to prioritize aviation and power businesses

First Lady of Mozambique visits KPI Healthcare headquarters Finalizing medical equipment contract to reduce mortality in African nation

Konica Minolta signs group purchasing agreement with Premier for the Exa platform The three-year deal brings special pricing to 3,900 hospitals

Siemens Healthineers IPO: New details from CEO, Joe Kaeser Internal preparations expected to conclude by March

Mike Kaufmann Cardinal Health names new CEO

Why employers with dispersed workforces should care about physician quality Lower quality treatment yields higher systemwide expenses

Imaging departments stay afloat during hurricanes Advice from the front lines of Harvey and Irma

Stryker partners with Philips to offer new and reprocessed ECG leads for one low price May divert millions of pounds of waste from landfills per year

Medical Device Cybersecurity Act of 2017: benefits and burdens

An editorial by Robert Kerwin
General Counsel, IAMERS

Shortly before the summer congressional recess, Senator Blumenthal (D.-CT) filed a bill to amend the Federal Food, Drug, and Cosmetic Act to provide cybersecurity protections for medical devices. S. 1656, if approved, will require manufacturers to provide a report card for indicating the cybersecurity functions of cyber devices.

The contents of the report card would contain: (a) a disclosure statement by the manufacturer of medical device security; (b) a traceability matrix that establishes design components and traces compensating cybersecurity controls; (c) provides providers with industry standard compensating controls for improving cybersecurity;(d) includes a cybersecurity risk assessment conducted by the manufacturer or a third party explaining the risk of the device to patient safety and clinical hazards; (e) indicates whether the device is capable of being remotely accessed. If the device can be remotely accessed the bill would require that the report card disclose an indication of any security measures and access protocols the device has in place to secure such access.

Story Continues Below Advertisement

CT, MRI, NM, SPECT/CT, PET & PET/CT service, refurbished systems and parts

Accelerate your ROI with our Black Diamond Certified refurbished systems. One year warranty - ISO 13485 Certified - FDA registered - Over 65k parts in inventory

The Manufacturer's report card would be disclosed on a confidential basis to any health care industry entity that the FDA determines to have a valid interest. The manufacturer would be required to submit an annual update to the FDA and to any other third-party authorized by the manufacturer. The manufacturer would be required to obtain consent from the health care provider and patient prior to access. (The health care provider will be charged to obtain consent from the patient). The manufacturer will be required to notify the provider when accessing the device remotely, will maintain an audit log for each time the manufacturer accesses the device remotely, and make the access log accessible to the provider.

Automated tools would be installed to track access or identify attempts at unauthorized access to any cyber capability of the device. The manufacturer would be required to provide free cybersecurity fixes or updates until the end-of-life of the equipment or 10 years after the date on which the manufacturer discontinues marketing the device.

While requiring a medical device cyber report card and compensating controls to be disclosed is laudable, the virtual absence of third-party access to the cyber report and the need to have the manufacturer approve access has huge implications for competition and for strategic advantage to the manufacturer.

Additionally, the audit provisions give the manufacturer an ability to pitch for business on installations and service. The bill needs to be modified to permit access by third-parties authorized by the health care provider, and remove discretion from the manufacturer to determine unilaterally the end-of-life of the equipment.

Business Affairs Homepage

You Must Be Logged In To Post A Comment

Increase Your
Brand Awareness
Auctions + Private Sales
Get The
Best Price
Buy Equipment/Parts
Find The
Lowest Price
Daily News
Read The
Latest News
Browse All
DOTmed Users
Ethics on DOTmed
View Our
Ethics Program
Gold Parts Vendor Program
Receive PH
Gold Service Dealer Program
Receive RFP/PS
Healthcare Providers
See all
HCP Tools
A Job
Parts Hunter +EasyPay
Get Parts
Recently Certified
View Recently
Certified Users
Recently Rated
View Recently
Certified Users
Rental Central
Rent Equipment
For Less
Sell Equipment/Parts
Get The
Most Money
Service Technicians Forum
Find Help
And Advice
Simple RFP
Get Equipment
Virtual Trade Show
Find Service
For Equipment
Access and use of this site is subject to the terms and conditions of our LEGAL NOTICE & PRIVACY NOTICE
Property of and Proprietary to, Inc. Copyright ©2001-2017, Inc.