Payers, Providers, and Patients – Oh My! Is Crowell & Moring’s biweekly health care podcast, discussing legal and regulatory issues that affect health care entities’ in-house counsel, executives, and investors. In this episode, hosts Payal Nanavati and Joe Records discuss recent FDA guidance related to digital health with Jodi Daniel and Shaina Vinayek. For

Yesterday, the FDA released draft guidance on the management of cybersecurity in medical devices submitted to the agency for premarket review. Noting that cybersecurity threats to the healthcare sector have increased in number and severity, the FDA offered new recommendations for device design, labeling, and documentation that medical device manufacturers will need to consider during premarket submission processes.

The guidance comes shortly after the FDA’s launch of its Medical Device Cybersecurity Playbook, which provides a framework for healthcare delivery organizations to use in preparing for and responding to cybersecurity threats against patient medical devices.

Given rapid changes in technology and increasing innovation in the digital health market, the guidance intends to decrease the risk of cyberattacks that could render medical devices inoperable and potentially harm patients. Comments on the draft guidance are due on March 18, 2019.
Continue Reading FDA Issues New Guidance for the Management of Cybersecurity in Medical Devices

The FDA is focusing on safety and effectiveness of interconnected medical devices with the issuance of final guidance on medical device interoperability, released last week. As the FDA notes, medical devices are becoming increasingly connected to one another and to other technologies, and it is critical to address their ability to exchange and use information safely and effectively.

For device manufacturers, this guidance provides clarity on how the FDA is thinking about interoperability and patient safety in the premarket submission process and provides considerations for manufacturers in the development and design of interoperability medical devices. It demonstrates the FDA’s focus on the safety and effectiveness of devices as implemented in an interconnected environment and the expectations of FDA on manufactures to anticipate and design for anticipated uses and reasonably foreseeable misuses. Manufactures should consider this guidance in the design, development, and on-going monitoring of connected medical devices.

This guidance may be helpful for other audiences as well:

  • Care providers that frequently interact with medical devices in the course of patient care
  • Hospital IT teams who make device purchasing decisions
  • Vendors of health technologies that frequently exchange data with medical devices


Continue Reading Interoperability by Design: FDA Issues New Final Guidance for Connected Medical Devices

In a final guidance document released July 29th, the U.S. Food and Drug Administration (“FDA”) officially confirmed that it does not intend to review or require regulatory compliance for fitness trackers and certain health apps, collectively termed “general wellness products.”  This guidance, which is largely unchanged from the draft guidance issued in January

Last week, the HHS Office of Civil Rights (OCR) announced a settlement that has far-reaching implications on the importance of complying with the HIPAA Security Rule where medical devices create and maintain electronic protected health information (ePHI).  See Data Law Insights for a post authored by Jodi Daniel, Elliot Golding, and Stephanie Willis for more

On October 2, 2014, the FDA released a set of comprehensive guidelines governing the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. The guidelines are intended to provide direction for manufacturers of medical devices on how to appropriately safeguard devices from a potential security breach; particularly in light of the sensitive