In the digital age of healthcare, consumers are taking health into their own hands. Mobile health apps such as Apple iHealth or Fitbit and prescribed medical devices are great empowerment tools for helping manage and monitor our health. The not-so-great thing about them: data security risk. How do the personal medical apps and devices fit into a potentially highly regulated framework? What data can be shared, and with whom?
The FDA’s draft guidance on data sharing is meant to help medical device manufacturers know just that. Understandably, with daily headlines of cyber attacks, data breaches, and medical device hacks, the industry has been leery of crossing any perceived line on data sharing. Why risk coming under fire from the regulatory agencies? But as consumers, we naturally expect to have our health data readily available to us. It’s likely one of the reasons we invested in the device in the first place.
While the FDA draft guidance reassures medical device manufacturers that yes, you should keep a tight focus on information security and HIPAA (where it applies), it also states sharing the patient’s health data directly with the patient doesn’t conflict with HIPAA. This draft guidance of active encouragement to share data together with the HIPAA reference is one more step in the FDA’s evolutionary role within the increasingly crowded regulatory space of cybersecurity and information sharing.
As the manufacturer, until recently your primary concern has been produced to quality standards and deadlines. Now you must also focus on tackling applicable compliance requirements (FDA, HIPAA) and further tightening cybersecurity standards. You’ll need to be able to demonstrate real-time compliance and a strong cybersecurity program to your customers, as well as to the regulatory agencies.
Once you develop your security and compliance program, the simplest method of ongoing management is to use a quality management system with active workflow tracking that helps you demonstrate compliance efforts, plus shows your risk management actions. You simplify and streamline multiple objectives with one system. Now your manufacturing workflow and the quickly evolving regulations surrounding both the product and its data can fit neatly within your ongoing cybersecurity and compliance management activities.
Medical Device Manufacturers use MyVCM to manage their QMS program and their cybersecurity and privacy. Please do not hesitate to contact us at 1 877 668 5658 to discuss how we can help you to meet the FDA's new cybersecurity and data sharing guidance or visit our website.