Cybersecurity practices; 510(k) path

Voluntary framework for cybersecurity practices

The Medical Device and Health IT Joint Security Plan (JSP) addresses challenges to securing and protecting against healthcare cybersecurity incidents. Developed by a task force of medical device manufacturers, trade associations, FDA representatives, and other health industry stakeholders, the JSP responds to the June 2017 Health Care Industry Cybersecurity (HCIC) Task Force Report, which identified a need to increase medical device and health information technology (IT) product security and resilience.

The JSP’s voluntary framework should be considered during the entire product life cycle, assisting medical device manufacturers and healthcare information technology vendors to incorporate cybersecurity into existing design control, quality systems, and product release processes.

FDA strengthens 510(k) path

The U.S. Food and Drug Administration (FDA) posted its final guidance establishing the framework for the Safety and Performance Based Pathway, focused on advancing new products with improved safety and performance. The 510(k) clearance option will modernize moderate-risk device approval by allowing manufacturers to use objective performance criteria established or recognized by the FDA to demonstrate substantial equivalence of new products to legally marketed ones.

The pathway will benchmark modern technology against modern standards while offering a potentially more efficient way to demonstrate a new device is substantially equivalent to devices already on the market.

The FDA is seeking comment on this proposed approach and other questions to help inform regulatory policy development, and has opened a docket to receive comment within 90 days.