WPF’s comments to the FDA on cybersecurity, urges increased attention to privacy

The World Privacy Forum submitted comments to the Food and Drug Administration in response to its request for public input on its draft guidance on the cybersecurity of medical devices.

The privacy considerations for medical devices is significant. Because there are a large number of stakeholders in the life cycle of cyber medical devices, the stakeholders are subject to different statutes and rules for privacy. For example, some stakeholders are covered entities subject to HIPAA privacy and security rules. Some are not. What that means is that personally identifiable information produced by cyber medical devices will be regulated for privacy in the hands of some stakeholders and not regulated in other hands. In some cases, state privacy laws may apply to some stakeholders.

There is a very real threat with digital medical devices that the personally identifiable information transmitted will lose (or gain) both state and federal legal privacy protections. In our comments, the World Privacy Forum discussed these issues and urged the FDA to make specific changes that incorporated solutions to some of the problems.


Related documents: