Today the Food and Drug Administration (FDA) published a
request for information (RFI) notice in the Federal Register (81
FR 11477-11479) to receive information and comments on the medical device
industry and healthcare community that refurbish, recondition, rebuild,
remarket, remanufacture, service, and repair medical devices.
The RFI
The FDA’s notice explains
that:
“Stakeholders have expressed
concerns that some third-party entities who refurbish, recondition, rebuild,
remarket, remanufacture, service, and repair medical devices may use
unqualified personnel to perform service, maintenance, refurbishment, and
device alterations on their equipment and that the work performed may not be
adequately documented. Possible public health issues arising from these
activities include ineffective recalls, disabled device safety features, and
improper or unexpected device operation. OEMs have also requested clarification
of their responsibilities when their devices have been altered by a third-party
entity. Federal Agencies other than FDA address service and maintenance
activities as well.”
The notice provides descriptive definitions of the
activities of interest in this RFI. Those activities are:
• Servicing;
• Repairing;
• Refurbishing;
• Remanufacturing;
and
The FDA is soliciting comments on concerning the service,
maintenance, refurbishment, and alteration of medical devices, including
endoscopes (Ref. 3), by third-party entities. They are specifically looking for
responses to the following questions:
• Who are the different stakeholders
involved with the medical device activities listed previously?
• What evidence exists regarding actual problems
with the safety and/or performance of devices that result from these activities?
• What are the potential risks
(patients/users) and failure modes (devices) introduced as a result of
performing the previously defined activities on medical devices?
• Are the risks different
depending on who performs the previously mentioned activities?
• Which of these activities are more difficult or
riskier to perform on certain devices versus others?
• What information do
third-party entities need in order to perform these activities in a way that
results in safe and effective operation of the medical device?
• What additional challenges
do stakeholders encounter with devices that result from these activities?
The FDA is soliciting public feedback on these questions.
Responses can be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # FDA-2016-N-0436).
Comments should be submitted by May 3rd, 2016.
Commentary
As more and more of these devices contain electronic control
systems and data storage systems the issue of cybersecurity must be included in
any discussion of refurbishment of medical devices. Some of the types of
cybersecurity issues that will need to be looked at will include:
• Verification that there has not
been has not been tampering with any firmware/software loaded on the device;
• Verification that any
manufacturer updates to firmware/software have successfully been applied;
• Verification that any additional
communications protocols associated with the device are up to date; and
• Where the device must be hooked to a personal
computer (PC) similar questions about the software on the PC must be addressed;
Additionally, before the device is sent to a third party, or
even the original vendor, for refurbishment, specific procedures are going to
have to be established to ensure that all patient information is permanently
removed from the device.
Since the FDA is planning on holding meetings on the medical
device refurbishment issue, perhaps is should consider holding a meeting to
specifically look at the related cybersecurity issues.
A copy of this post was submitted to the FDA Docket on March 6th, 2015.
A copy of this post was submitted to the FDA Docket on March 6th, 2015.
Posts
No comments:
Post a Comment