FDA’s Cybersecurity Unit Would Set Up CyberMed Safety Board

By Fred Donovan, HealthIT Security | September 28, 2018

The FDA’s proposed cybersecurity unit would help establish the public-private CyberMed Safety Board mentioned in the FDA’s medical device safety action plan issued in April, FDA spokeswoman Stephanie Caccomo recently told HealthITSecurity.com.

The cybersecurity unit would be part of a Center of Excellence for Digital Health that the FDA is proposing to spur healthcare innovation.

“This Center of Excellence would help establish more efficient regulatory paradigms, consider building new capacity to evaluate and recognize third-party certifiers, and support a cybersecurity unit to complement the advances in software-based devices,” said FDA Commissioner Scott Gottlieb and Center for Devices and Radiological Health Director Jeff Shuren in a Sept. 12 statement.

In its fiscal year 2019 budget proposal, FDA asked Congress to appropriate $70 million to set up the center. One of the center’s responsibilities would be to create the cybersecurity unit, which would review security issues regarding new software-based devices, as well as more traditional medical devices.

“FDA’s forward-leaning stance in medical device cybersecurity also seeks to address an unmet gap in the healthcare and public health sector related to currently marketed medical devices,” the FDA explained.

“At present, a multi-disciplinary, device-focused team does not exist that brings together a broad range of requisite expertise (including hardware, software, networking, biomedical engineering, and clinical expertise) to fully assess and validate high-risk/high-impact vulnerabilities and incidents, including the potential patient safety implications of such vulnerabilities and incidents,” the agency added.

To address this gap, the FDA is proposing setting up the CyberMed Safety Board. As described in its medical device safety action plan, the board would include individuals with expertise in hardware, software, networking, biomedical engineering, and clinical environments.

The board’s mandate would be to assess vulnerabilities, evaluate patient safety risks, adjudicate disputes, assess proposed mitigations, serve as consultants to organizations navigating the coordinated disclosure process, and function as a “go-team” that could be deployed in the field to investigate a suspected or confirmed device compromise.

In its FY 2019 budget proposal, the FDA said it plans to implement modern IT systems with cloud-based data storage to support the work of the Center of Excellence.

“These systems will foster the review of breakthrough device innovations, prevent and address cybersecurity vulnerabilities and incidents, facilitate the use of advanced manufacturing processing, and leverage real-world evidence. As part of this transformation, FDA will establish a knowledge management platform with customer friendly interfaces with industry, patients, and providers that will foster greater and more transparent interactions between FDA and its customers, including providing industry with the ability to track their premarket submissions,” FDA noted.

The agency expects to achieve time and cost savings by integrating, redesigning, and streamlining at least 80 percent of its core business processes through these initiatives.

“Implementing these regulatory innovations and information technology improvements are essential for advancing software-based and other technologies to improve the health and quality of life of patients while assuring critical safeguards, as the current regulatory framework is not well-suited for driving the development of safer, more effective software-based devices, including the use of machine learning and artificial intelligence,” the FDA said.

The FDA also asked for $46 million to expand the Medical Device Data Enterprise, which consists of existing and emerging electronic health data sources, through development of data infrastructure and analytical tools to conduct near-real-time evidence evaluation down to the level of individual EHRs.

The agency said it will work with the public-private National Evaluation System for Health Technology (NEST) Coordinating Center to identify and address gaps in enterprise data infrastructure and analytic capabilities in  different healthcare settings.

“Filling these gaps will greatly enhance FDA’s and the public’s capacity to utilize real-world evidence to evaluate the pre- and postmarket safety and effectiveness of medical products, thereby reducing the time and cost of innovative device development and evaluation while providing greater patient safeguards at a lower cost,” the FDA concluded.

2018-09-30T08:07:52+00:00