Inspector General: Networked Devices Pose Security Threat

The HHS Office of Inspector General plans to review whether the FDA’s oversight of hospitals’ networked medical devices is doing enough to safeguard electronic protected health information.

That strategy was unveiled earlier this month in the OIG’s Fiscal 2016 Work Plan. It is one of six FDA priorities the office aims to undertake in FY2016, only one of which is device-specific.

“Computerized medical devices, such as dialysis machines, radiology systems and medication dispensing systems that are integrated with electronic medical records and the larger health network, pose a growing threat to the security and privacy of personal health information,” the OIG’s Fiscal 2016 Work Plan says.

Devices are being increasingly used in networked environments and are expected to communicate with one another securely and accurately, the FDA says. Medical device cybersecurity was listed among the top 10 regulatory science priorities by CDRH last month in its Fiscal 2016 report.

Research is needed to enhance performance and security of medical devices and interoperability, and to understand the impact of software modifications on device performance, the CDRH report says (IDDM, Oct. 23).

The OIG also plans to review Medicare costs resulting from additional use of medical services associated with defective medical devices.

The fiscal 2015 version of the Work Plan included examining the sufficiency of Centers for Medicare & Medicaid Services’ oversight of security controls over networked devices at hospitals, but that specific item is not listed in the fiscal 2016 Work Plan.

Read the work plan here: www.fdanews.com/11-15-OIG-WorkPlan.pdf. — Jonathon Shacat