NEMA - ANSI/NEMA HN 1
Manufacturer Disclosure Statement for Medical Device Security
|Publication Date:||1 January 2019|
Information provided on the MDS2 form is intended to assist professionals responsible for executing security risk assessments in their management of medical device security capabilities. The information on the MDS2 form may be inappropriate for other purposes.
The Role of Healthcare Delivery Organizations in the Security Management Process
The healthcare delivery organization has the ultimate responsibility for providing effective security management.
In order to effectively manage medical information security and comply with relevant regulations, healthcare delivery organizations must employ administrative, physical, and technical safeguards- many of which are extrinsic to the actual device.
For example, healthcare delivery organizations might include some of the following activities when developing their security management programs:
a. Determine the types of data stored/transmitted by the manufacturer's device.
b. Obtain a list of all security-related features incorporated on the manufacturer's device and document which features are desired and how they are to be configured.
c. Identify and document all devices and applications which will communicate with the manufacturer's device, including specific identification tags.
d. Document resilience and recovery plans that include the manufacturer's device.
The Role of Medical Device Manufacturers in the Security Management Process
The greatest impact manufacturers can have on medical device security is to incorporate technical safeguards (i.e., security features) in their devices to facilitate healthcare delivery organizations' efforts in maintaining effective security programs and meeting any relevant regulatory requirements and/or Standards. The medical device manufacturing industry is increasingly aware of the importance of having effective security functionality in their devices. Manufacturers are generally including such security-related requirements in the production of new devices based on healthcare delivery organization needs and requirements.
Device manufacturers can assist healthcare delivery organizations in their security management programs by offering information describing:
a. The type of data stored/transmitted by the manufacturer's device;
b. How data is stored/transmitted by the manufacturer's device;
c. Any security-related features incorporated in the manufacturer's device.
Use for which a product, process, or service is intended according to the specifications, instructions, and information provided by the manufacturer. (source: ISO 14971: 2007, Application of... View More
Use for which a product, process, or service is intended according to the specifications, instructions, and information provided by the manufacturer. (source: ISO 14971: 2007, Application of risk management to medical devices, definition 2.5)View Less