Thinking about regulation at the moment Key question for us is whether the coming medical devices regulation should consider

Thinking about regulation at the moment. Key question for us is whether the coming medical devices regulation should consider the use of data and how it will also consider device security.

Key issues include:

• how do we ensure devices remain secure after entering the market
• should we attempt to capture or collect information generated by devices so that they could be a part of a health record, or capture recall information (whose it is and who prescribed it)

We also need to map out whom is reasonably expected to be resposible for what: the patient; the device maufacturer; the device distributor; the health sector entity whom fields and maintains it; and even potentially the telecommunistions/MSP/CSP whom transceives the data associated with the given device.

Resources to consider:

• https://blogs.fda.gov/fdavoice/index.php/2017/10/fdas-role-in-medical-device-cybersecurity/ ;

• https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM482022.pdf

• https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4091615/
  opengraphobject:[351561242577563 : https://blogs.fda.gov/fdavoice/index.php/2017/10/fdas-role-in-medical-device-cybersecurity/ : title=“FDA’s Role in Medical Device Cybersecurity | FDA Voice” : description=“”], opengraphobject:[351561242577603 : https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM482022.pdf : title=“” : description=“”], opengraphobject:[351561242578004 : https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4091615/ : title=“Ensuring Medical Device Effectiveness and Safety: A Cross - National Comparison of Approaches to Regulation” : description=“”]

This is interesting in relation to Apple setting up their own health clinics - they have the devices and the software / platforms (plus a publicly accepted and controlled programme of lifecycle management) and a ‘captive’ set of people