We would like to place strictly necessary cookies and performance cookies on your computer to improve our website service.
To find out more about how we use cookies and how you can change your cookies settings, please read our  cookies statement.                
Otherwise, we'll assume you are OK to continue.   Please close this message

Medical devices and data protection

18 November 2014

During October 2014, a number of press announcements indicated a growing interest by Regulators in the impact that medical devices have upon personal data, and shows an increasing shift in attention on companies in the medical device and medical technology sector.

On the 1st October 2014 the US Food and Drug Administration (FDA) announced that it had finalised recommendations to manufacturers for managing cyber security risks in order to better protect patient health data and information.

In its recent survey about the use of medical devices, the UK Information Commissioner’s Office (ICO) has indicated an increase in its attention on similar issues by gathering views on the types of medical devices being used in the UK and how they impact upon the collection and processing of personal data including the need for increased information security.

Conventional medical devices such as pacemakers, and other implanted devices, have for a number of years contained technology that is intended to manage the performance of these devices for the benefit of both the manufacturer and the patient but which raise concerns over the management of patient’s personal data.

For example, pacemakers may contain RFID chips to enable remote monitoring of the device and the patient but which without suitable controls may lead to infringements of the rights of individuals in respect of their personal data as well as the risk of data security incidents.

Apart from traditional implanted devices there are many m-health applications which are targeted at the management of health information for manufacturers, the medical profession and their patients and such applications are themselves now falling within the definition of medical devices as well as increasing the compliance requirements on manufacturers and providers of those m-health apps.

Reforms in the EU to the Regulations on medical devices have been broadly backed within the last year by the European Parliament and there are detailed drafts of the Regulations for both medical devices as well as in-vitro diagnostic medical devices.

This article was written by Robert Bond.

For more information contact Robert on +44 (0)20 7427 6660 or robert.bond@crsblaw.com