By Stewart Eisenhart, Emergo Group
The US Government Accountability Office (GAO) has issued recommendations that the Food and Drug Administration develop a comprehensive plan to improve the agency’s ability to review and monitor active implantable medical devices that rely on wireless and other advanced technologies.
As some medical devices incorporate more complex technologies and wireless components, the GAO warns that these devices are more vulnerable to information security risks; issues such as untested software components, limited battery life and other shortcomings that could threaten device safety and effectiveness must also be addressed, according to the agency.
The GAO report recommends four steps the FDA should take to address such threats:
- Focus more on manufacturers’ identification of potential and unintentional threats and vulnerabilities of their devices during Premarket Approval (PMA) application reviews
- Make use of other federal agencies and other external resources as needed to better assess devices’ information security risks
- Leverage post-market processes to improve identification and investigation of information security issues
- Set up specific milestones for review and implementation of new processes for relevant devices
So far, the FDA has reported no major public safety issues stemming from information security vulnerabilities of a medical device. But it’s only a matter of time before a technology-related incident—intentional or accidental—highlights the need for regulatory process and policies in place to deal with new threats.
Stewart Eisenhart covers medical device regulatory affairs for Emergo Group.