On November 2, 2015, the HHS Office of Inspector General (OIG) published its FY 2016 Work Plan, which summarizes new and ongoing activities that OIG plans to pursue with respect to HHS programs and operations during the fiscal year.

The FY 2016 Work Plan includes a new review initiative to examine “whether FDA’s oversight of hospitals’ networked medical devices is sufficient to effectively protect associated electronic protected health information (ePHI) and ensure beneficiary safety.”  The Work Plan notes that networked medical devices, such as radiology systems and medication dispensing systems that are integrated with electronic medical records and the larger health network, “pose a growing threat to the security and privacy of personal health information.”  OIG’s Work Plans for FY 2014 and FY 2015 both included a similar review focused on oversight by CMS of hospitals’ security controls over networked medical devices.  This review activity has been removed in the FY 2016 Work Plan.

As we have discussed here and on Covington’s InsideMedicalDevices blog, medical device cybersecurity is an area of increasing focus for FDA.  For example, last month FDA issued a final guidance on addressing cybersecurity issues for medical devices.  Also last month, FDA’s Center for Devices and Radiological Health released its NY 2016 Regulatory Science Priorities, which included researching ways to enhance performance of digital health and medical device cybersecurity.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Christina Kuhn Christina Kuhn

Christina Kuhn advises medical device, pharmaceutical, and biotech companies on a broad range of FDA regulatory strategy and compliance matters. She has experience with cutting-edge and complex medical technologies, including software and digital health products, oncology products, next-generation sequencing, diagnostics, and combination products.…

Christina Kuhn advises medical device, pharmaceutical, and biotech companies on a broad range of FDA regulatory strategy and compliance matters. She has experience with cutting-edge and complex medical technologies, including software and digital health products, oncology products, next-generation sequencing, diagnostics, and combination products.

Christina frequently helps multinational device manufacturers as well as start-up device companies navigate the premarket regulatory process, advising companies on regulatory classification, clinical development strategy, and agency interactions. She also has significant experience counseling medical device companies on postmarket compliance requirements, including those related to advertising and promotion, quality systems and manufacturing, medical device reporting, registration and listing, and recalls. She advises clients on responding to and resolving enforcement actions, such as FDA inspections and Warning Letters as well as Department of Justice investigations.

Christina advises clients on, and performs regulatory due diligence for, corporate transactions, including acquisitions, public offerings, co-development agreements, and clinical trial agreements.

Christina also regularly assists industry associations and medical device and pharmaceutical companies in commenting on FDA guidance documents and rulemaking as well as drafting and analyzing federal legislation.

Christina is a frequent contributor to Covington’s Digital Health and InsideMedicalDevices blogs.