ARTICLE
8 December 2014

Medical Devices And Data Protection

CR
Charles Russell Speechlys LLP

Contributor

Charles Russell Speechlys LLP logo

We are an international law firm with a focus on private capital, at the intersection of personal, family and business. We have a broad range of skills and collective legal expertise and experience with an international outlook across the full spectrum of business and personal needs. Our firm is headquartered in London with offices across the UK, Europe, Asia and the Middle East. Whether your business operates in a single country or across borders, we’ll put together your perfect team – pulling from our sector and geographical expertise and our partnerships with the best law firms across the world covering 200 legal jurisdictions.

Explore Firm Details
On the 1st October 2014 the US Food and Drug Administration announced that it had finalised recommendations to manufacturers for managing cyber security risks in order to better protect patient health data and information.
Worldwide Privacy
Robert Bond

During October 2014, a number of press announcements indicated a growing interest by Regulators in the impact that medical devices have upon personal data, and shows an increasing shift in attention on companies in the medical device and medical technology sector.

On the 1st October 2014 the US Food and Drug Administration (FDA) announced that it had finalised recommendations to manufacturers for managing cyber security risks in order to better protect patient health data and information.

In its recent survey about the use of medical devices, the UK Information Commissioner's Office (ICO) has indicated an increase in its attention on similar issues by gathering views on the types of medical devices being used in the UK and how they impact upon the collection and processing of personal data including the need for increased information security.

Conventional medical devices such as pacemakers, and other implanted devices, have for a number of years contained technology that is intended to manage the performance of these devices for the benefit of both the manufacturer and the patient but which raise concerns over the management of patient's personal data. For example, pacemakers may contain RFID chips to enable remote monitoring of the device and the patient but which without suitable controls may lead to infringements of the rights of individuals in respect of their personal data as well as the risk of data security incidents.

Apart from traditional implanted devices there are many m-health applications which are targeted at the management of health information for manufacturers, the medical profession and their patients and such applications are themselves now falling within the definition of medical devices as well as increasing the compliance requirements on manufacturers and providers of those m-health apps.

Reforms in the EU to the Regulations on medical devices have been broadly backed within the last year by the European Parliament and there are detailed drafts of the Regulations for both medical devices as well as in-vitro diagnostic medical devices.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Robert Bond
Robert Bond
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More