FDA Issues Medical Device Secure Data Exchange Guidance

‘Recommendations for Smart, Safe and Secure Interactions’

The Food and Drug Administration has issued final premarket guidance for how medical device manufacturers should address secure data exchange between devices and with other health IT systems.

The guidance “outlines our recommendations for smart, safe and secure interactions among medical devices and other information systems,” Bakul Patel, associate director for digital health in the FDA’s Center for Devices and Radiological Health, notes in a blog announcing the new guidance.

The guidance highlights an important consideration when it comes to medical devices, says Mac McMillan, president of security consulting firm CynergisTek. “It’s important to not only protect the data while at rest on the device, but also as it transmits that data from device to network/application,” he says. “Poorly architected transfer mechanisms can put the information at risk as well as the system.”

Recommendations for Device Makers

Patel notes that FDA’s guidance specifically recommends that all medical device manufacturers:

  • Design their devices with interoperability as an objective;
  • Conduct appropriate verification, validation and risk management activities;
  • Clearly specify the relevant functional, performance and interface characteristics to.

“When premarket submission to the FDA is required, this guidance provides clarity and recommendations for what information on interoperability should be included in a manufacturer’s premarket submissions,” Patel notes, adding that FDA’s “first concern … is safety.”

Continue reading…