The U.S. Food and Drug Administration's new draft guidance encourages medical-device manufacturers to design products that can securely exchange data and other information.
“Increased use of interoperable medical devices has the potential to foster rapid innovation at lower cost,” the authors of the 19-page guidance said. “However, appropriate safety considerations . . . that are not taken into account in the device design can result in unforeseen safety and effectiveness issues for the device or for the system."
For example, the FDA notes that “errors stemming from inadequate interoperability can occur, such as the transmission of weight in kilograms when the receiving medical device assumes the measurement is in pounds, and that can lead to patient harm and even death.”
The guidance makes a nod to the numerous cybersecurity attacks on the healthcare industry in 2015 and predictions that 2016 could be even worse. In response, it calls for manufacturers to conduct a risk analysis and perform “appropriate testing that considers the risk associated with interoperability.”
That analysis should include “the risk of inappropriate access to the device,” they said. It also should contain recommendations on risk mitigation, including that which must be performed by third parties, such as systems integrators and technicians who set up and install the devices and interfaces.
Proper labeling of the functional and performance requirements of a device's interface is one way to mitigate risk, according to the report authors. The report suggested labels should disclose the purpose of the interface, whether it's meant to control the operation of another device, and a summary of the tests that have been performed on the interface.