Impact Navigators has joined forces with the Utah Cyber Security Alliance (UCSA) to help our clients in the Medical Device Industry address the threats, opportunities and compliance requirements that are present today and just beyond the horizon.
Much of the focus to date has been on the HIPAA Privacy Rule, which is enforced by The Office for Civil Rights and is intended to protect the privacy of individually identifiable health information. The HIPAA Security Rule sets national standards for the security of electronic protected health information and addresses issues including breech notification. Most businesses, professionals, compliance officers and consultant are well aware of HIPAA requirements and impact on the medical device industry.
Now, with the advances in technology and our dependence on information exchange and management, Cyber Security is emerging as a new threat to public and patient safety and the FDA is entering the arena with (currently) recommendations on “Management of Cybersecurity in Medical Devices”. While the scope of the guidance provides “recommendations to consider” it also outlines information to include in FDA medical device premarket submissions. The guidance is applicable to premarket submissions for devices that contain software (including firmware) or programmable logic as well as software that is a medical device, specifically:
- Premarket Notification (510(k)) including Traditional, Special, and Abbreviated
- De novo submissions
- Premarket Approval Applications (PMA)
- Product Development Protocols (PDP)
- Humanitarian Device Exemption (HDE) submissions
There is a full expectation that these “recommendations” will in full or in part become a part of the FDA compliance requirements and will also be applicable in expected ISO regulations.
Impact Navigators is working with the UCSA, our Medical Device clients, Subject Matter Experts and regulatory representatives to fully understand the requirements, inclusion in Design Controls as well as other key regulatory systems components of emerging cyber security requirements and expectations. Enhancements of processes, procedures and protocols are the areas of immediate attention in addition to those under formal Design Control Procedures.
If you are in the Medical Device industry you need to be prepared for the inclusion of cyber security in your business and we would enjoy applying our knowledge and expertise to help. For more information please contact us at Medical Devices@ImpactNavigators.com