How they hope to safeguard patient information on the Internet of Medical Things.
At least 2 elected officials are calling for a public-private panel to conjure up a set of standards to bolster “the security and resilience” of connected medical devices.
US Reps. Dave Trott, of Michigan, and Susan Brooks, of Indiana, released last week the Internet of Medical Things Act Resilience Partnership Act, a move made during National Cybersecurity Awareness Month and National Health IT Week. The two Republicans hope the bill, which would establish a working group led by the FDA, could fortify digital healthcare security in a period of sweeping innovation.
“In our nation’s hospitals, technology has helped provide better quality and more efficient healthcare,” Trott said in a statement, “but the perpetual evolution of technology—its greatest strength—is also its greatest vulnerability.”
More than 127 million Americans saw their healthcare data “compromised by cyber criminals” since 2009, the congressman added. He claimed that information remains a target under existing security infrastructure.
Upon the bill's introduction, the House referred it to the Committee on Energy and Commerce, according to a federal legislation tracker. Contrary to some media reports, the bill has yet to pass the chamber. A companion, which is vital to the act’s approval, hasn’t cropped up in the Senate.
Within 5 months of taking effect, HR 3985 would create a body of public and private entities to “recommend voluntary frameworks and guidelines” for the Internet of Medical Things, according to the document. The group would focus on networked medical devices that store, receive, access, or transmit information elsewhere and any other sort of system that could be attacked, resulting in “patient harm,” the bill reads.
Either the FDA commissioner—currently Scott Gottlieb, MD—or a designee would chair the panel. It would draw members from the FDA’s Center for Devices and Radiological Health, which has led the agency’s digital health efforts, various other federal bodies, and the healthcare and tech industries.
No more than 18 months after the adoption of the law, the FDA would present its recommendations to Congress. That report would include an overview of existing cybersecurity standards and best practices, on both the national and international levels. It would also outline “high-priority gaps” that demand updated standards and “potential action plans,” according to the bill.
Brooks, the co-sponsor, said this push is critical given the “millions” of medical devices out there, including some that people wear or embed in their bodies. Further, hackers want to steal sensitive information and also alter how these technologies function, she said.
“This can lead to life-threatening cyber-attacks on devices ranging from monitors and infusion pumps to ventilators and radiological technologies,” Brooks noted. “It is essential to provide a framework for companies and consumers to follow so we can ensure that the medical devices countless Americans rely on and systems that keep track of our health data are protected.”