FDA medical device plan zeros in on cybersecurity, public-private partnership

The agency released a five-point plan outlining regulatory changes to bolster medical device safety, including requiring manufacturers ensure devices can be updated and patched.
By Jessica Davis
04:23 PM
FDA medical device cybersecurity

The Food and Drug Administration released its plan to improve medical device safety, which includes a reorganization of its medical device center and a Congressional plan to launch a public-private partnership focused on cybersecurity.

The five-point plan released Tuesday outlines a plan to consolidate offices within its device center, which oversees pre- and post-market activities.

As part of the plan, the FDA will require manufacturers to ensure medical devices are capable of being updated and receiving security patches. FDA Commissioner Scott Gottlieb, MD, also said the agency is contemplating forcing manufacturers to publicly disclose known cybersecurity issues.

[Also: California medical device manufacturer reports breach of 30,000 consumers]

The FDA also is exploring regulatory options to expedite labeling changes and other features, including timely implementation of post-market changes. The current system on making those changes is voluntary, even when safety issues arise.

“Although medical devices provide great benefits to patients, they also present risks,” Gottlieb said in a statement. “And we are focusing equal attention on advancing new frameworks for identifying risks and protecting consumers.”

“Our aim is to ensure not only that devices meet the gold standard for getting to market, but also that they continue to meet this standard as we get more data about devices and learn more about their benefit-risk profile in real-world clinical settings,” he added.

The agency also is looking into a requirement of additional training or education of providers to ensure the safety and effectiveness of complex devices. Gottlieb said the FDA also is looking into ways to support developers pursuing safer devices, including a faster review of those devices with vastly improved safety features.

While the FDA has a breakthrough device program, those devices currently can be reviewed under that program.

Gottlieb also outlined plans for a public-private partnership, CyberMed Safety (expert) Analysis Board, which complements its existing device vulnerability coordination and response efforts.

The group, made up of a wide range of experts from clinicians to biomedical engineers, also will support device manufacturers and FDA on safety issues, such as high-risk vulnerabilities and adjudicating disputes.

Funding for CYMSAB will be included in the agency’s requested $70 million for Fiscal Year 2019 for its digital health technology advancements.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com