NEMA Earns Support for Updated Standard to Protect Medical Devices Against Cybersecurity Threats
The National Electrical Manufacturers Association (NEMA) has completed its Manufacturer Disclosure Statement for Medical Device Security (MDS2) – 2013 Standard, and the changes earned the support of not only its own Medical Imaging & Technology Alliance (MITA) division, but also the Healthcare Information and Management Systems Society (HIMSS). The standard was last updated in 2008, and medical device security has evolved a great deal in five years as health information technology has become much more sophisticated and integrated in care. According to the press release, the new standard was developed by MITA and members of the HIMSS Medical Device Security Task Force, in collaboration with multiple industry associations, government agencies and other stakeholders. It is designed to make keeping track of a great deal of security-related information much easier and creates a standard way for device manufacturers to communicate a model-specific description of each device’s ability to maintain/transmit electronic protected health information (ePHI) and the security features associated with the device. In addition, it may eliminate some confusion by making the manufacturer disclosure statement for medical device security in the United States more like the international IEC Standard 80001-1 supplement, IEC/TR 80001-2-2, “Guidance for the communication of medical device security needs, risks and controls.” “In this increasingly global and technological age, the MDS2 standard is and will continue to be an immensely valuable tool that enables a more comprehensive identification and analysis of specific aspects of critical security issues,” stated Gail Rodriguez, Executive Director of MITA on its website. “By offering healthcare providers important information to assist them in evaluating vulnerability and risks related to the protection of private data transmitted or maintained by medical devices and systems, widespread implementation of this standard will help safeguard patient care and protect against potential cybersecurity threats.”