Today the Food and Drug Administration published a meeting
notice in the Federal Register (82 FR
19059-19060) for a public workshop on “Cybersecurity of Medical Devices: A
Regulatory Science Gap Analysis”. The two-day workshop will be held on May 18th,
2017 in Silver Springs, MD. The objective of the workshop is to facilitate a
discussion on the current state of regulatory science in the field of cybersecurity
of medical devices, with a focus on patient safety.
Cybersecurity Regulatory Science
The FDA notes that their Center for Devices and Radiological
Health (CDRH) identified medical device cybersecurity as one of their top 10
regulatory science gaps. In the CDRH publication “Regulatory
Science Priorities (FY2016)” it was noted that (page 8):
“Digital Health and cybersecurity
are some of the fastest growing areas impacting medical devices. Devices are
being increasingly used in networked environments and are expected to
communicate with one another securely and accurately. To ensure these technologies
and technological environments achieve the desired public health impact,
research is needed to enhance performance and security of medical devices and interoperability,
and to understand the impact of software modifications on device performance.”
With that in mind the FDA, in conjunction with the National
Science Foundation and the DHS Science and Technology Directorate, is
attempting to establish a cybersecurity regulatory science research framework
to foster a collaborative research conducted between federal agencies such as
NSF, DHS S&T, academia, medical device industry, and third party experts
and other organizations with input from FDA.
Workshop Agenda
This scheduled workshop is designed to support that effort
by conducting a number of simultaneous working sessions discussing the
following topics:
• Relationship between medical
device cybersecurity and patient safety;
• Unique cybersecurity and
regulatory challenges for medical devices;
• Differences in cybersecurity
between home care, large health care providers, and acute care settings (e.g., ambulance,
emergency room);
• The roles and intersection of
information technology professionals and biomedical engineering staff;
• Potential metrics, evaluation
tools to test and quantify the cybersecurity of medical devices and systems;
• Automated and manual tools for
communicating cybersecurity information about medical device design and
function;
• Best practices for cybersecurity
of medical devices at deployment and how to apply updates throughout the
medical device lifecycle;
• Human factor issues in
cybersecurity of medical device development, deployment, and use of devices;
and
• Best practices in cybersecurity design, deployment,
and post-deployment activities and procedures.
Each of the sessions will attempt to add to address the:
• Immediate cybersecurity
challenges and potential solutions to facilitate entry of innovative medical devices
into the marketplace;
• Cybersecurity regulatory science
gaps to which solutions can be developed through additional scientific
research; and
• Long-term cybersecurity research
challenges which may need significant additional basic research.
Public Participation
Personnel wishing to participate in the workshop need to
register in advance via the FDA’s workshop
registration page. Unfortunately, as of 8:20 am EDT today that page does
not show this planned workshop even though the notice states that
early registration is recommended due to limited seating.
The FDA is also soliciting written comments on the above
topics. Written comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # FDA-2017-N-1572).
Those comments should be submitted by June 23rd, 2017.
Please note that the Federal Register notice specifically states
that the workshop is not designed to discuss FDA policy regarding cybersecurity
of medical devices.
Posts
No comments:
Post a Comment