The FDA created a five-step plan that will help bring better and safer medical devices to patients.

As stated in the FDA’s “Medical Device Safety Action Plan,” he five-step plan is as follows:

  1. Establish a robust medical device patient safety net in the United States
  2. Explore regulatory options to streamline and modernize timely implementation of postmarket mitigations
  3. Spur innovation towards safer medical devices
  4. Advance medical device cybersecurity
  5. Integrate the Center for Devices and Radiological Health’s (CDRH’s) premarket and postmarket offices and activities to advance the use of a TPLC approach to device safety

In addition to creating this plan, the FDA made some enhancements to the oversight process for devices.

“New statutory authorities, new capabilities established through partnership with the public and private sectors, and new programs developed under existing FDA mandates, individually and in combination, amount to a tremendous leap forward in the Agency’s ability to assess the benefits and risks to patients of medical devices, both pre- and postmarket.”

One of these improvements is the unique device identification system.  This will help health care organizations track the use of devices, including medical record use.  It can also help organizations involved in recall efforts.

One of the more important steps for patient privacy and security is the FDA’s commitment to advancing medical device cybersecurity.  These devices are becoming part of the Internet of Things, meaning they can connect to networks more and more.  That doesn’t mean it will necessarily connect to a patient’s home network, but when it is being evaluated at the hospital or doctor’s office, it will likely be connected to their network.  This also means that that if there is a vulnerability on that device, it could be dangerous for the patient.

Now the FDA is requiring that manufacturers address the cybersecurity of their devices before submitting them for approval.  This includes the ability to search for vulnerabilities on the device and implement necessary patches, just like any other computer.

After a device has been approved and put on the market, the FDA is expecting manufacturers to use a risk-based approach to cybersecurity during the device’s life cycle.  Additionally, the FDA believes that aftermarket sharing of vulnerabilities is one of the best ways to protect patients. The FDA routinely collaborates with the Department of Homeland Security (DHS) on cybersecurity vulnerabilities and exploits that might impact medical devices. The FDA also continues to work with external partners by creating several cybersecurity initiatives, including supporting the establishment of additional medical device vulnerability Information Sharing Analysis Organizations (ISAOs).

To learn about other ways that you can protect your patients’ privacy and security, join HIPAAgps today.