Save the Date - Our next Clean Sweep Live Auction will be on Tuesday, September 26th at 9:30AM EST

DOTmed Home MRI Oncology Ultrasound Molecular Imaging X-Ray Cardiology Health IT Business Affairs
News Home Parts & Service Operating Room CT Women's Health Proton Therapy Endoscopy HTMs Mobile Imaging
Current Location:
> This Story

Log in or Register to rate this News Story
Forward Printable StoryPrint Comment


Business Affairs Homepage

Alpha Imaging acquires Medical Imaging Systems Will provide services to customers in 16 states

Invicro acquires Imanova Creating the world’s largest provider of translational imaging services

Resilience Capital Partners acquires three medical device service and manufacturing companies Forms Innovatus Imaging Corporation

Mazor Robotics and Medtronic enter next phase of strategic partnership Medtronic to make a $40 million investment

Dr. Michael A. DeVita EarlySense appoints first chief medical officer

For Philips, Asia-Pacific is filled with opportunity Number of people over age 60 in region projected to hit 1.3 billion by 2050

Nandini Ramani Outcome Health hires first chief engineering officer

Patient face-time is radiology's big goal, but it doesn't pay as well Radiologists struggle with 'competing priorities' as they seek to maintain incomes under Medicare cuts

Philips moves to consolidate offices in Nashville area Will create about 800 new jobs in 'center of expertise'

Dr. Jeffrey S. Fine NYU Langone Hospital - Brooklyn appoints new chief of rehabilitation medicine

Medical Device Cybersecurity Act of 2017: benefits and burdens

An editorial by Robert Kerwin
General Counsel, IAMERS

Shortly before the summer congressional recess, Senator Blumenthal (D.-CT) filed a bill to amend the Federal Food, Drug, and Cosmetic Act to provide cybersecurity protections for medical devices. S. 1656, if approved, will require manufacturers to provide a report card for indicating the cybersecurity functions of cyber devices.

The contents of the report card would contain: (a) a disclosure statement by the manufacturer of medical device security; (b) a traceability matrix that establishes design components and traces compensating cybersecurity controls; (c) provides providers with industry standard compensating controls for improving cybersecurity;(d) includes a cybersecurity risk assessment conducted by the manufacturer or a third party explaining the risk of the device to patient safety and clinical hazards; (e) indicates whether the device is capable of being remotely accessed. If the device can be remotely accessed the bill would require that the report card disclose an indication of any security measures and access protocols the device has in place to secure such access.

Story Continues Below Advertisement

RaySafe helps you avoid unnecessary radiation

RaySafe solutions are designed to minimize the need for user interaction, bringing unprecedented simplicity & usability to the X-ray room. We're committed to establishing a radiation safety culture wherever technicians & medical staff encounter radiation.

The Manufacturer's report card would be disclosed on a confidential basis to any health care industry entity that the FDA determines to have a valid interest. The manufacturer would be required to submit an annual update to the FDA and to any other third-party authorized by the manufacturer. The manufacturer would be required to obtain consent from the health care provider and patient prior to access. (The health care provider will be charged to obtain consent from the patient). The manufacturer will be required to notify the provider when accessing the device remotely, will maintain an audit log for each time the manufacturer accesses the device remotely, and make the access log accessible to the provider.

Automated tools would be installed to track access or identify attempts at unauthorized access to any cyber capability of the device. The manufacturer would be required to provide free cybersecurity fixes or updates until the end-of-life of the equipment or 10 years after the date on which the manufacturer discontinues marketing the device.

While requiring a medical device cyber report card and compensating controls to be disclosed is laudable, the virtual absence of third-party access to the cyber report and the need to have the manufacturer approve access has huge implications for competition and for strategic advantage to the manufacturer.

Additionally, the audit provisions give the manufacturer an ability to pitch for business on installations and service. The bill needs to be modified to permit access by third-parties authorized by the health care provider, and remove discretion from the manufacturer to determine unilaterally the end-of-life of the equipment.

Business Affairs Homepage

You Must Be Logged In To Post A Comment

Increase Your
Brand Awareness
Auctions + Private Sales
Get The
Best Price
Buy Equipment/Parts
Find The
Lowest Price
Daily News
Read The
Latest News
Browse All
DOTmed Users
Ethics on DOTmed
View Our
Ethics Program
Gold Parts Vendor Program
Receive PH
Gold Service Dealer Program
Receive RFP/PS
Healthcare Providers
See all
HCP Tools
A Job
Parts Hunter +EasyPay
Get Parts
Recently Certified
View Recently
Certified Users
Recently Rated
View Recently
Certified Users
Rental Central
Rent Equipment
For Less
Sell Equipment/Parts
Get The
Most Money
Service Technicians Forum
Find Help
And Advice
Simple RFP
Get Equipment
Virtual Trade Show
Find Service
For Equipment
Access and use of this site is subject to the terms and conditions of our LEGAL NOTICE & PRIVACY NOTICE
Property of and Proprietary to DOTmed.com, Inc. Copyright ©2001-2017 DOTmed.com, Inc.