Archives: Medical Information Technology

Subscribe to Medical Information Technology RSS Feed

Health Care Task Force Pre-Releases Report on Cybersecurity Days Before Ransomware Attack

Last week, the Health Care Industry Cybersecurity (HCIC) Task Force (the “Task Force”) published a pre-release copy of its report on improving cybersecurity in the health care industry.  The Task Force was established by Congress under the Cybersecurity Act of 2015.  The Task Force is charged with addressing challenges in the health care industry “when … Continue Reading

CFDA Releases Draft Classification Catalogue of Medical Devices

The China Food and Drug Administration (CFDA) has recently released a long-anticipated draft Classification Catalogue of Medical Devices (Draft Catalogue). The Draft Catalogue updates a 2002 Classification Catalogue (Current Catalogue) and is one of the final pieces in the reform of China’s medical device system that has taken place since the 2014 revision of the … Continue Reading

eHealth and mHealth Software Classification Changes in Forthcoming EU Medical Device Regulation

The new EU Medical Devices Regulation (MDR), a draft of which was tentatively agreed by the EU’s legislators on June 15, 2016, was revised at the last minute to include a new classification rule for software. Software’s classification under the MDR will determine its regulatory treatment (including what requirements it has to meet, and what … Continue Reading

HHS Issues Guidance on HIPAA and Cloud Providers

The Department of Health and Human Services (HHS) recently published guidance on HIPAA requirements governing the use of cloud computing entities, specifically cloud services providers (CSPs). In this guidance, HHS explains that CSPs that create, receive, maintain, or transmit protected health information (PHI) on behalf of a covered entity or business associate are considered business … Continue Reading

FDA Releases Draft Guidance on the Use of EHRs in Clinical Investigations

On May 17, 2016, FDA issued draft guidance encouraging clinical investigators to make their electronic data capture (“EDC”) systems interoperable with health care organizations’ electronic health records (“EHRs”).  Although EHRs are generally under the control of health care organizations and institutions (not FDA-regulated entities such as sponsors), when records are used in clinical investigations, FDA … Continue Reading

Obama Administration Releases Final Data Security Policy Principles and Framework for Its Precision Medicine Initiative

As the White House continues to build out the details for the Precision Medicine Initiative (“PMI”), on May 25, 2016 it released a final set of principles on data security.  In a document that “provides a broad framework for protecting participants’ data and resources in an appropriate and ethical manner,” eight overarching data security policy … Continue Reading

Upcoming Webinar: Regulation of eHealth Products and Mobile Apps (February 25, 2015)

As part of Covington’s ongoing Life Sciences Essentials webinar series, we will be presenting a program on Regulation of eHealth Products and Mobile Apps on February 25, 2015 (12:30-2:00 p.m. EST). Our panelists, including two alumni of the FDA Office of Chief Counsel, will address: What factors determine whether an eHealth product is considered a medical device … Continue Reading

21st Century Cures Discussion Draft Act Proposes Changes to Medical Device Regulation

A discussion draft of the highly anticipated legislation, the 21st Century Cures Act, was released on January 27, 2015 (Draft Act). The Draft Act includes proposals that stem from the 21st Century Cures Initiative that was launched in April 2014 by House Energy and Commerce (E&C) Committee. The Draft Act contains five titles that are … Continue Reading

Summary Report of European Commission’s mHealth Consultation Published

The European Commission has finally published its summary of 211 responses to its mobile health (“mHealth”) consultation.  The summary and original responses to the consultation have been made available on the Commission’s website at https://ec.europa.eu/digital-agenda/en/news/summary-report-public-consultation-green-paper-mobile-health The consultation covered a broad range of important issues for mHealth, including legal frameworks, privacy and data protection, patient safety, … Continue Reading

UK Data Protection Regulator Surveys Use of Smart Medical Devices

The UK Information Commissioner’s Office (ICO) has launched an informal survey of current practices relating to the use of data-enabled medical devices and apps. The short and anonymous survey explores whether organisations have put in place specific policies and procedures, asset registers, IT security requirements for medical device procurement policies, information governance and incident response … Continue Reading

Steps toward More Harmonized Regulation of Software as a Medical Device: New IMDRF Policy Position

On September 18, 2014, the International Medical Device Regulators Forum (IMDRF) approved a potentially significant policy position regarding Software as a Medical Device (SaMD), entitled Software as a Medical Device:  Possible Framework for Risk Categorization and Corresponding Considerations (IMDRF/SaMD WG/N12FINAL:2014).  The policy was put together by the IMDRF’s SaMD working group, led by an FDA … Continue Reading

FDA Finalizes Guidance for Management of Cybersecurity in Medical Devices

The U.S. Food and Drug Administration (“FDA”) has increasingly focused on promoting cybersecurity because compromised medical devices can pose a risk to patient health as well as the confidentiality of personal medical information.  On October 2, 2014, FDA issued final guidance on the content of premarket submissions for the management of cybersecurity in medical devices.  … Continue Reading

FDA Relaxes Regulation of Certain Software Devices

On June 20, 2014, FDA issued a draft guidance entitled “Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices,” informing manufacturers and others “that the Agency does not intend to enforce compliance with the regulatory controls” that apply to these three types of devices. Medical device data systems (MDDS), medical image … Continue Reading

Conflict Minerals in Medical Devices: SEC Reporting Update

Conflict Minerals Update for Device Manufacturers Under the SEC’s conflict minerals rules, public companies must disclose in an annual Form SD and associated Conflict Minerals Report (a “CMR”) certain information regarding any tin, tantalum, tungsten, and gold (collectively “3TG”) that is “necessary to the functionality or production” of any products that they manufacture or have … Continue Reading

FCC Holds mHealth Expo to Connect Innovators and Regulators

On December 6, 2013, the FCC held an mHealth Innovation Expo to showcase the innovative use of mobile communications devices to improve health care.  Innovators at the expo had the opportunity to showcase mobile health products and solutions and provide resources for mobile health pioneers and entrepreneurs.  The FCC and other federal agencies, including the … Continue Reading

Key Open Questions for FDA’s Upcoming Report on Regulation of Health IT

We’ve previously blogged about the “FDASIA Workgroup” and section 618 of the Food and Drug Administration Safety and Innovation Act (FDASIA), which directed FDA to issue a report to Congress by January of 2014 on the regulation of health technology.  This post covers some of the differing views on Health IT regulatory issues and open … Continue Reading

House to Consider Bill Excluding Clinical and Health Software from Regulation as Medical Devices

On October 22, Rep. Marsha Blackburn (R-TN) introduced a bill serving to “provide for regulating medical software, and for other purposes” in the House of Representatives.  The bill, entitled the Sensible Oversight for Technology which Advances Regulatory Efficiency (“SOFTWARE”) Act (“the bill”), was co-sponsored by a bi-partisan group of lawmakers.… Continue Reading

NIST Releases Discussion Draft of Preliminary Cybersecurity Framework

As we’ve previously noted, federal agencies have prioritized cybersecurity as a key issue, as reflected in FDA’s recent draft guidance on cybersecurity in medical devices.  As part of a broader Executive Branch-wide effort, last week the National Institute of Standards and Technology (“NIST”) issued a “Discussion Draft of a Preliminary Cybersecurity Framework” pursuant to the … Continue Reading

FDASIA Workgroup Releases Draft Recommendations for Regulation of Health IT

FDA’s regulation of Health IT under its medical device authorities can be seen as proceeding on two separate tracks during the last year. Track one is FDA’s ongoing policymaking.  In 2011, FDA issued a draft guidance document on mobile medical applications and a final rule on medical device data systems, setting forth an approach for … Continue Reading

US Information Security and Privacy Board Expresses Concerns about Management of Cybersecurity in Wireless Medical Devices

The US Information Security and Privacy Board (ISPAB) voiced concerns over potential harms resulting from a lack of controlled management of cybersecurity in wireless medical devices in response to FDA’s previously reported draft guidance, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.”  ISPAB operates under the National Institute of Standards and Technology … Continue Reading

Coalition Seeks to Delay Mobile Medical Apps Guidance

This July will mark the two-year anniversary of FDA releasing its draft guidance document, Draft Guidance for Industry and Food and Drug Administration Staff – Mobile Medical Applications.  Finalizing the guidance document is listed as an “A list” item on the Center for Devices and Radiological Health’s proposed guidance development for Fiscal Year 2013, and … Continue Reading

DoD to Consider Purchase of a New Health Information Technology System

On May 21, 2013, Defense Secretary Chuck Hagel stated that the Department of Defense (“DoD”) will carry out a full and open competition to acquire a new health IT system to achieve electronic health record (“EHR”) modernization and integration with the electronic health records managed by the Department of Veterans Affairs.  Based on Mr. Hagel’s … Continue Reading
LexBlog