While FDA is still dithering about issuing draft guidance on mHealth, it looks like medical device manufacturers can break out the champs, because FDA has now recognized 25 standards on medical device interoperability and cybersecurity. According to Bakul Patel of the Center for Devices and Radiological Health at FDA, “Making sure devices are interoperable requires the creation, validation, and recognition of standards that help manufacturers develop products that are harmonious and can “plug and play.” It’s an alphabet soup of industry standard abbreviations–IEEE, ANSI, AAMI, ISO, IEC and ASTM–and it’s purely voluntary, but various groups such as Continua and AAMI (Association for the Advancement of Medical Instrumentation) have praised this ‘first step’, and being published, it is now open for comment.
According to the Continua LinkedIn group announcement from Executive Director Chuck Parker, the 25 standards can be grouped into three categories:
- Risk management standards for a connected and networked environment
- Interoperability standards that establish nomenclature, frameworks and medical device specific communications and including system and software lifecycle processes
- Cyber security standards from the industrial control area most relevant to medical devices.
As the FierceHealthIT article cited, interoperability failure is a top 10 health technology hazard according to the ECRI Institute. One can hope the new standards can be applied retroactively to current devices which are not being patched and updated because manufacturers fear running afoul of FDA clearance regulations and counter that ‘discouragement’. [TTA 8 Aug] AAMI News, Federal Register 6 August, FDA Voice (blog article by Bakul Patel)
In this context, it’s sad to read of Barnaby Jack’s death, just announced – he was one of the principal people pointing out how easy it is to hack medical devices are, and so urging for better security, as per the third category of these standards. See http://www.mhealthnews.com/blog/mhealth-murder-mystery