Tech & Innovation in Healthcare

A bipartisan House of Representatives bill (H.R. 7667) introduced on May 6, 2022 aims to amend the Federal Food, Drug, and Cosmetic Act, as well as extend the user-fee programs for prescription drugs, medical devices, generic drugs, and biosimilar biological products.

In section 524C, “Ensuring Cybersecurity of Devices,” the bill states, “For purposes of ensuring cybersecurity throughout the lifecycle of a cyber device, any person who submits a premarket submission for the cyber device shall include such information as the Secretary may require to ensure that the cyber device meets such cybersecurity requirements as the Secretary determines to be appropriate to demonstrate a reasonable assurance of safety and effectiveness.”

According to the bill, medical device manufacturers would be required to “design, develop, and maintain processes and procedures to ensure the device and related systems are cybersecure, and shall make available updates and patches to the cyber device and related systems throughout the lifecycle of the cyber device.”

Essentially, medical device manufacturers would have additional responsibility to regularly assess vulnerabilities and provide a “software bill of materials, including commercial, open-source, and off-the-shelf software components.” However, if the Secretary of Health and Human Services determines the cybersecurity information supplied by the manufacturer during the premarket submission is inadequate, the Secretary may issue a nonsubstantial equivalence determination.