H.R. 3985 Calls For Public-Private Working Group to Study Medical Device Security

Kristi Wolff
Kelley Drye & Warren LLP
Contact
LinkedIn
Facebook
X
Send
Embed

The “Internet of Medical Things Resiliency Partnership Act of 2017” was introduced in the House of Representative earlier this month.  Co-sponsored by Rep. David Trott (R-MI) and Rep. Susan Brooks (R-IN), the bill would require establishment of “a working group of public and private entities to develop recommendations for voluntary frameworks and guidelines to increase the security and resilience of networked medical devices sold in the United States that store, receive, access, or transmit information to an external recipient or system for which unauthorized access, modification, misuse, or denial of use may result in patient harm.”

The bill specifies that the FDA Commissioner, or a designate thereof, will chair the working group, which will include representatives of the government, industry, and academia.  In addition to the FDA, agencies identified for participation include the following:

  • The Center for Devices and Radiological Health of the FDA
  • The Office of the National Coordinator for Health Information Technology of the Department of Health and Human Services
  • The Office of Technology Research and Investigation of the Federal Trade Commission
  • The Cybersecurity and Communications Reliability Division of the Federal Communications Commission
  • The National Institute of Standards and Technology of the Department of Commerce
  • The National Cyber Security Alliance

The chairperson would be tasked with appointing at least three qualified industry representatives from the medical device, health care, technology, and software development fields.

Within 18 months of being enacted, the Committee would be charged with reporting on the following:

  1. an identification of existing cybersecurity standards, guidelines, frameworks, and best practices that are applicable to mitigate vulnerabilities in the devices described above;
  2. an identification of existing and developing international and domestic cybersecurity standards, guidelines, frameworks, and best practices that mitigate vulnerabilities in such devices;
  3. a specification of high-priority gaps for which new or revised standards are needed; and
  4. potential action plans by which such gaps can be addressed.

As part of the agency’s digital health initiatives, FDA has taken several steps in recent months to raise awareness of threats to medical device security and to work with industry to address the challenges created by networked devices in particular.  Stay tuned and we will continue to report on these developments, including the progress of H.R. 3985, here at Food & Drug Law Access.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Kelley Drye & Warren LLP | Attorney Advertising

Written by:

Kelley Drye & Warren LLP
Kelley Drye & Warren LLP
Contact
more
less

Kelley Drye & Warren LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide