GAO: FDA Must Strengthen Review of Some Medical Devices
The U.S. Government Accountability Office has issued a report, urging the FDA to expand its consideration of information security for certain types of medical devices.
During a 2001 and 2006 premarket review of two medical devices (an implantable cardioverter defibrillator and an insulin pump) that have known vulnerabilities, the FDA considered information security risks from unintentional threats in four areas: software testing, verification and validation; risk assessments; access control; and contingency planning.
However, GAO found the FDA did not consider information security risks from intentional threats for these areas, nor did the FDA review risks of either unintentional or intentional threats for the remaining four information security control areas: risk management, patch and vulnerability management, technical audit and accountability and security-incident-response activities.
GAO has recommended the FDA implement a plan that includes at least four actions:
1. Increase its focus on manufacturers' identification of potential unintentional and intentional threats, vulnerabilities, the resulting information security risks and strategies to mitigate these risks during its postmarket review process.
2. Utilize available resources, including those from other entities.
3. Leverage postmarket efforts to identify and investigate information security problems.
4. Establish specific milestones for completing this review and implementing these changes.
More Articles on Patient Safety:
© Copyright ASC COMMUNICATIONS 2012. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.
- Study: Romney's Healthcare Reform Law Did Not Increase Hospital Use, Costs
- Value-Based Physician Compensation: How 2 Organizations Are Navigating It
- 100 Leaders of Great Hospitals in America
- 12 Statistics on ASC Administrator Salaries
- UnityPoint Health — Trinity Bettendorf to Open Pain Management Center