Medical Device Legal News with Sam Bernstein: Episode 11
On April 14 2025, the European Data Protection Board (EDPB) announced the outcomes of its plenary session that took place on April 8 2025, during which the EDPB adopted draft Guidelines on processing of personal data through...more
Over the last few years, the Federal Risk and Authorization Management Program (“FedRAMP”) Program Management Office (“PMO”) has released two draft guidance documents related to defining the applicable boundary for security...more
In its most recent effort to keep pace with advancing technology, the US Food and Drug Administration (FDA) recently issued two draft guidances on the use of artificial intelligence (AI) in the context of drugs, biologics,...more
The US Food and Drug Administration (FDA) recently issued its draft guidance, Artificial Intelligence-Enabled Device Software Functions: Lifecycle Management and Marketing Submission Recommendations on January 7, 2025....more
On January 7, 2025, FDA published “Artificial Intelligence-Enabled Device Software Functions: Lifecycle Management and Marketing Submission Recommendations; Draft Guidance for Industry and Food and Drug Administration Staff”...more
While the definition of sensitive personal information in China has always been different to other jurisdictions, with a focus on risk of harm at its heart, new draft guidance should make it easier for organisations to map...more
On July 16, 2024, the California Privacy Protection Agency (the “CPPA”) board declined to advance to formal rulemaking California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments,...more
Welcome to Vital Signs, a curated compilation of the latest legal and regulatory developments in digital health. Our lead article reports on HHS' recent final rule on the confidentiality of substance use disorder patient...more
Regulators and plaintiffs’ attorneys are increasingly focused on privacy harms related to the collection and use of personal data. Could privacy enhancing technology (PETs) be a solution to these concerns?...more
A few days ago, the French Data Protection Authority (CNIL) published its first draft guidelines for the use of AI systems in the form of "AI How-To Sheets" with the aim to “help professionals reconcile innovation with...more
The Israeli Privacy Protection Authority recently published a draft directive regarding boards of directors’ role in fulfilling obligations pursuant to the Privacy Protection (Data Security) Regulations. The directive states...more
The California Privacy Protection Agency (CPPA) recently published two new sets of draft regulations addressing a range of cutting-edge data protection issues. Although the CPPA has not officially started the formal...more
The California Privacy Protection Agency (CPPA) recently published two new sets of draft regulations addressing a range of cutting-edge data protection issues. Although the Agency has not officially started the formal...more
Following the introduction of the Age-Appropriate Design Code (the Code) on 2 September 2021, companies have questioned whether the Code applies to their online service. A recent consultation by the ICO seeks to clarify when...more
On March 15, the U.S. Food and Drug Administration (FDA) issued revised draft guidance summarizing how it intends regulate the use of electronic systems, records, and signatures in clinical investigations to account for...more
As part of its project to update the Employment Practices Data Protection Code, the UK ICO has published its second topic-specific draft guidance for consultation. The guidance covers processing information about workers’...more
MHRA LAUNCHES UK CLINICAL TRIAL REGULATION CONSULTATION - The UK Government, through the Medicines and Healthcare Products Regulatory Agency (MHRA) (the medicines and medical device regulator in the United Kingdom),...more
The U.S. Food and Drug Administration (FDA) issued updated draft guidance, “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions,” which aims to help industry take a more...more
In this month's edition, we examine the European Commission's Digital Services Act and its potential regulatory impact, the National Institute of Standards and Technology's draft guidance on internet-of-things devices'...more
NIST recently released the final public draft of SP 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171 (formerly Draft NIST SP...more
On January 7, 2019, the federal Office of Management and Budget (OMB) released a draft of a memorandum setting forth guidance to assist federal agencies in developing regulatory and non-regulatory approaches regarding...more
Bloomberg Law reported this week that California Attorney General Xavier Becerra expects to issue draft regulations for the California Consumer Privacy Act (CCPA) in October....more
The Food & Drug Administration has recently released for comment a draft expansion of guidance regarding Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. Although the FDA issued existing...more
The U.S. Food and Drug Administration (FDA) is moving aggressively in the month of October to continue to raise concerns about cybersecurity risks to medical devices, with three recent updates. The FDA just released new draft...more
In March 1997, the Food and Drug Administration ("FDA") published a final rule, codified in 21 CFR Part 11 ("Part 11"), establishing the privacy, security, and reliability criteria for electronic records and electronic...more