Tuesday, March 28, 2023

OMB Approves Medical Device ‘Refusal’ Rule

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a notice from the Food and Drug Administration on “Cybersecurity in Medical Devices: Refuse to Accept Policy for Cyber Devices and Related Systems Under Section 524B of the FD&C Act”. This notice was not listed in the Fall 2022 Unified Agenda. It was submitted to OMB on March 22nd, 2023.

As I noted in that earlier post, it appears that this notice is related to a recent amendment of 21 USC 331(q) making it unlawful for medical device manufacturers to fail  to comply with any requirement under §524B(b)(2). That paragraph reads:

‘‘(2) design, develop, and maintain processes and procedures to provide a reasonable assurance that the device and related systems are cybersecure, and make available postmarket updates and patches to the device and related systems to address—

‘‘(A) on a reasonably justified regular cycle, known unacceptable vulnerabilities; and

‘‘(B) as soon as possible out of cycle, critical vulnerabilities that could cause uncontrolled risks;”

We will probably see this notice published in the Federal Register later this week.

No comments:

/* Use this with templates/template-twocol.html */