The Food and Drug Administration (FDA) has released final guidelines on the design, testing and use of radio-frequency (RF) wireless medical devices. Although it doesn't promulgate legally enforceable responsibilities, the document is intended to guide both device manufacturers and healthcare providers toward the safe and secure use of wireless medical devices. Covered are devices "that are implanted, worn on the body or other external wireless medical devices intended for use in hospitals, homes, clinics, clinical laboratories, and blood establishments."
The FDA document has no relation to the impending guidance from the agency about how it will regulate apps that turn smartphones and tablets into medical devices. In fact, the draft guidance on RF wireless devices was issued in 2007, before smartphones and tablets became a factor in the industry. The FDA is focusing on the safety aspects of medical devices in hospitals, homes and other fixed-care settings.
For example, the guidance states, "Because there are risks associated with RF wireless systems, we recommend that you carefully consider which device functions should be made wireless and which device functions should employ wired connectivity." Among the issues that could compromise transmissions from wireless devices and potentially endanger patient safety, the FDA guidance says, are:
-- Poorly used wireless networks.
-- Lost, corrupted, or time-delayed transmissions.
-- Degradations in wireless transmissions that might be caused by competing wireless signals or electromagnetic interference.
-- Lack or compromise of wireless security.
-- Potential misuse of wireless devices because of lack of or inadequate instructions for use.
The document cautions that although a cellular phone network might be adequate for voice communication, "it might not be sufficient for certain medical functions. Connections lost without warning, failure to establish connections, or degradation of service can have serious consequences, especially when the medical device relies heavily on the wireless connection. Such situations can compromise the wireless transmission of high-priority medical device alarms, time-sensitive continuous physiological waveform data, and real-time control of therapeutic medical devices (such as wireless footswitches)."
The FDA document also addresses the security of wireless signals and data from medical devices. Wireless transmissions should be encrypted to safeguard not only the data but also hospital information systems, it says. Among the areas of vulnerability, it warns, are Bluetooth communications between devices and wireless networks.
The guidelines don't discuss the issue of hackers trying to take control of implanted devices such as pacemakers and defibrillators. Fears of that kind of cybercrime --which, so far, have proved baseless -- were sparked by a letter that the Information Security and Privacy Advisory Board, which advises the National Institute of Standards and Technology (NIST), sent to government agencies last year. The board suggested that FDA take this kind of threat into account in its regulation of monitoring devices.
The FDA statement also makes several "recommendations for premarket submissions for devices that incorporate RF wireless technology." The agency suggests how manufacturers should describe wireless devices in submissions to the FDA and directs them to provide information about any "risks and potential performance issues" associated with a device's wireless functions. In addition, the FDA wants device makers to describe the testing of their products for the range of risks described in the guidance.
The FDA notes that the Federal Communications Commission (FCC) also regulates wireless technology, so jumping through the FDA's hoops might not be sufficient to obtain approval for wireless medical devices.
Last September, for example, the FCC released its final rule for medical body-area networks (MBANs), which include wearable monitors that send data to wireless hubs in hospitals. The FCC allocated certain portions of the radio frequency band to MBANs, one for indoor and another for outdoor use.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.