Week Three
Hello! Welcome to this week's Ryan Report. Today, I will review the key points of the just-released OIG report on FDA's approach to medical device premarket cybersecurity evaluations.
FDA is the US federal agency tasked with regulating medical devices. As part of the clearance or approval process for a device, FDA may consider the cybersecurity risks and controls in its assessment of a device's safety and effectiveness. In 2014, FDA released its premarket submissions guide for management of cybersecurity in medical devices. This guide is intended for medical device manufacturers (MDM), and describes the information MDMs should provide to FDA during the premarket submission process.
To evaluate the effectiveness of the process four years after it's creation, the OIG interviewed FDA reviewers, reviewed FDA policy, procedures, and guidelines, and examined a sample of submissions and FDA reviewed notes.
The OIG concluded that FDA could further integrate cybersecurity into its overall review process, and that they should include cybersecurity documentation in required checklists and templates.
The premarket submission process is a key gate to the clearance/approval of medical devices. Cybersecurity best practice states that security should be built into the development process rather than bolted-on after the fact. The OIG report will hopefully strengthen the FDA's processes to ensure the cybersecurity of medical devices before they are approved and made available to clinicians and patients.
FDA is the US federal agency tasked with regulating medical devices. As part of the clearance or approval process for a device, FDA may consider the cybersecurity risks and controls in its assessment of a device's safety and effectiveness. In 2014, FDA released its premarket submissions guide for management of cybersecurity in medical devices. This guide is intended for medical device manufacturers (MDM), and describes the information MDMs should provide to FDA during the premarket submission process.
To evaluate the effectiveness of the process four years after it's creation, the OIG interviewed FDA reviewers, reviewed FDA policy, procedures, and guidelines, and examined a sample of submissions and FDA reviewed notes.
The OIG concluded that FDA could further integrate cybersecurity into its overall review process, and that they should include cybersecurity documentation in required checklists and templates.
The premarket submission process is a key gate to the clearance/approval of medical devices. Cybersecurity best practice states that security should be built into the development process rather than bolted-on after the fact. The OIG report will hopefully strengthen the FDA's processes to ensure the cybersecurity of medical devices before they are approved and made available to clinicians and patients.
Comments
Post a Comment