The U.S. Food and Drug Administration (FDA) has released a proposal to strengthen cybersecurity protection for medical devices, replacing guidance first issued in 2014.
The draft guidance is designed to update recommendations for device design, labeling, and documentation to ensure better protection of medical devices against cybersecurity threats that could interrupt clinical operations and delay patient care. Another goal is to enhance the premarket review process so that medical devices on the market are protected against cybersecurity vulnerabilities.
This draft guidance includes premarket submissions for devices that contain software (including firmware) or programmable logic, along with software regulated under the FDA's rules for medical devices. The proposal covers the following:
- Premarket notifications (510(k))
- De novo requests
- Premarket approval applications (PMAs)
- Product development protocols (PDPs)
- Humanitarian device exemption (HDE) applications
The final document will replace the "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices" final guidance issued in October 2014.
The FDA will take comments on the draft guidance document beginning October 18. The agency also plans to hold a public workshop on January 29 and 30, 2019, to provide information about its guidelines and take additional feedback on the proposed recommendations.