FDA Digital Transformation

FDA’s Digital Transformation and the regulation of Medical Device Cybersecurity?

I read the recent FDA post that discussed the FDA’s Digital Transformation:

“Today, the U.S. Food and Drug Administration announced the reorganization of the agency’s information technology (IT), data management and cybersecurity functions into the new Office of Digital Transformation (ODT).”

Then I was reading an email from a news service that provides information and news targeting those that work in industries regulated by the US FDA.  The email stated, “The new office’s cybersecurity function will be especially relevant to devices, given increasing concerns about the vulnerability of some devices to online hacking.”

IMO this could be a bit confusing and misleading to imply that the FDA Digital Transformation Cybersecurity Function will be especially relevant to devices.

IMO from my first read of the original FDA Digital Transformation post I do not believe that the activity included in Digital Transformation has a focus on medical device cybersecurity or the regulation of medical device cybersecurity.

This entire Office of Digital Transformation is about computers networks and data resources owned and operated by the agency, aka FDA IT and has minimal connections with regulated products.

I did ask a colleague at the FDA about this and heard back the following:  “Digital Transformation is primarily Information Technology. It’s not related to medical device security regulation directly. Of course, DT helps with basic administrative operations indirectly.”

Medical Device Regulatory Information is available on the Digital Health Center of Excellence website. It is my understanding that the Digital Health Center of Excellence is part of CDRH while the Office of Digital Transformation is now part of the Office of Commissioner.

Medical Device Cybersecurity Guidance can be accessed on the FDA’s Digital Health Center of Excellence webpage https://www.fda.gov/medical-devices/digital-health-center-excellence/cybersecurity#guidance

See our recent post on cybersecurity:  Cybersecurity Perspective – Physical OTS Components in Medical Devices

About the author

John is a 25 year FDA veteran. John served as a regulatory and compliance expert for FDA regulated computers and software. Practice (focus) areas include FDA software related guidances, software device classification determination, pre-market software review, post market software inspectional 483’s, additional information software requests, Digital Health Pre-certification, AAMI Software related TIRs and related medical device software standards.

Cybersecurity Review

Our cybersecurity experts are NESSUS Pro Licensed and can quickly remediate cybersecurity deficiencies with your medical device or digital health software.  Planning, requirements, validation, and submissions – we can assist with all.

Interested in having a conversation?  Email us to arrange a Zoom meeting or call us at +1 781-721-2921.

office@softwarecpr.com

Corporate Office

15148 Springview St
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN), Canada, and Italy.