While acknowledging that the FDA is continuing to seek stakeholder input on this topic and will evaluate this input, the FDA plainly stated its thinking with regard to opponents of the exemption:
“FDA therefore does not share
the view that an exemption from liability under 17 U.S.C. §1201 for circumvention conducted solely for purpose of diagnosis, maintenance, or repair of medical devices would necessarily and materially jeopardize the safety and effectiveness of medical devices in the United States with respect to cybersecurity…”(emphasis supplied).
Though it is not known what the final impact of the FDA’s supportive letter to the Copyright Office will be, Stephen Grimes of Strategic Healthcare Technology Associations, a knowledgeable industry observer and co-author of the AAMI Medical Device Cybersecurity Guide, saw the FDA letter and its implications as quite impactful.
“Once again, the FDA has demonstrated a willingness to look past unfounded claims of quality and cybersecurity risks being strongly voiced by parties who may possess other motives," Grimes said.
It will be very interesting in the coming months to learn of the final determination of the petition. What is also quite interesting is the FDA seems to be readily acknowledging that device servicing entities may be well positioned to help identify and address security vulnerabilities. Stay tuned.
About the author: Robert J. Kerwin is general counsel for IAMERS, the International Association of Medical Equipment Remarketers and Servicers.Back to HCB News