Last week, Sen Cassidy (R,LA) introduced S 3983, the PATCH Act. The bill would amend the Federal Food, Drug, and Cosmetic Act by adding a new section dealing with the cybersecurity requirements (including software bill of material requirements) for medical devices. No new funding is authorized by this bill. This bill is almost exactly the same as HR 7084 that was introduced last month in the House.
There are two inconsequential differences. First in §1 the Senate bill only provides the ‘PATCH Act’ as the cite by title instead of the “Protecting and Transforming Cyber Health Care Act of 2022” or the “PATCH Act of 2022” found in the House bill. The second difference is in §2(c). In the Senate bill that subsection reads: “…is amended by adding at the end…”, where the House bill reads “…is amended by inserting after paragraph (j)…”.
Moving Forward
Both Cassidy and his sole cosponsor {Sen Baldwin (D,WI)} are
members of the Senate Health, Education, Labor, and Pensions Committee to which
this bill was referred for consideration. This means that there should be
enough influence to see the bill considered in Committee. I suspect that there
will be some opposition from medical device manufacturers to the regulatory
aspects of this bill, even though most are already working hard at improving
their cybersecurity support capabilities. It is too soon to tell if this opposition
will be serious enough to cause legislative opposition to the bill.
Posts
