Stay ahead of developments in federal and state health care law, regulation and transactions with timely, expert news and analysis.
Medical device makers should monitor, identify and address cybersecurity vulnerabilities as part of the postmarket strategy for their products, the FDA said Dec. 27.
The Food and Drug Administration’s recommendation applies to all devices already on the market, according to an agency guidance document, which is dated Dec. 28. The document also establishes a framework for assessing when changes to medical devices for cybersecurity vulnerabilities require reporting to the FDA and outlines circumstances in which the agency doesn’t intend to enforce reporting requirements.
Many in the device industry have urged the FDA to clarify when manufacturers need to notify the agency about software updates that seek to strengthen a product’s cybersecurity, which are constantly evolving based on new information and technology. Some changes made to bolster a device’s cybersecurity could require manufacturers to seek a new market clearance or approval from the FDA, which can be costly and time consuming.
The document should be good for industry, Theodore Sullivan, a Washington-based attorney at Quarles & Brady LLP, told Bloomberg BNA Dec. 27. “It is a pretty common-sense guidance that recognizes the value of permitting correction of most cybersecurity vulnerabilities without undue burdensome reporting requirements.”
A notice (Docket No. FDA-2015-D-5105) announcing the guidance’s availability is scheduled for publication in the Dec. 28 Federal Register. The FDA will accept comments on the document at any time.
Sullivan, who represents several software developers, said he liked the document for several reasons. For example, it’s helpful the FDA actually provided a great deal of actionable guidance in the document, which isn’t always the case, he said.
In addition, Sullivan said the document offers fairly clear information on when software updates to address cybersecurity vulnerabilities aren’t reportable, he told Bloomberg BNA. Further, the document outlines the FDA’s plans to use enforcement discretion for companies that update products for significant security concerns, if certain steps are followed, Sullivan said.
Overall, the guidance strikes a nice middle ground of addressing device cybersecurity issues without placing too much burden on software developers or the FDA, Sullivan said.
The new guidance document isn’t vastly different from the draft guidance document the FDA released in January 2016, according to Sullivan. The earlier draft’s release didn’t cause a great uproar among his software developer clients, he noted.
The FDA is planning a Jan. 12 webinar to answer questions on the guidance document, the agency said on its website. No registration is necessary to participate.
To contact the reporter on this story: Michael D. Williamson in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Brian Broderick at email@example.com
Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)