- With more attention being placed on mHealth and medical device security, the Food and Drug Administration (FDA) chose a good time to provide medical device and cybersecurity workshops.
The FDA will hold its “Collaborative Approaches for Medical Device and Healthcare Cybersecurity” workshop October 21 and 22, 2014, from 9 a.m. to 5 p.m. From the perspective of healthcare organizations, these sessions will be critical to filling FDA guidance gaps in areas such as data collection among vendors or technical safeguard standards.
It’s not as though the FDA has been silent on the issue of mHealth. In fact, it released Mobile Medical Application Guidance on September 25, 2013, but organizations have to look back to 2005 for advice on security, such as Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software. To say that mHealth security is an area of both interest and concern among healthcare providers would be an understatement, so any feedback from a regulatory body such as the FDA is welcomed.
And, as Pepper Hamilton attorney Sharon Klein explained to HealthITSecurity.com, the FDA does have expansive authority on mHealth regulations.
The FDA definitely has very broad powers and is flexing its muscles now because legislation has stalled and therefore the regulators are filling the gaps and doing their jobs in terms of ensuring, in the FDA’s case, public safety and the intersection between mobile apps and their connection to patient care. The FDA’s announcements were in three “buckets” – Here’s what they are going to regulate right now, here are the items that they have discretion over but they’ve chosen not to exercise it right now and then there’s the things that they really don’t care about.
With the FDA’s mHealth power established, quite a few stakeholders in both the healthcare and political realms, such as U.S. Sen. Chuck Schumer, have sought stronger privacy enforcement on fitness trackers and bracelets. “Personal fitness bracelets and the data they collect on your health, sleep and location should be just that — personal,” Schumer said in a statement. And back in 2013, other politicians introduced a host of mobile privacy bills as well.
Now, devices such as the Apple Watch are on privacy watchdogs’ radars because of concerns about how Apple is aggregating personal data. While the FDA won’t be able to answer every question organizations may have regarding mHealth regulation and device management, sitting in on these sessions can only help clear up any lingering concerns.