The Department of Health and Human Services’ watchdog agency released a 2015 work plan that calls for federal auditors to assess medical device cybersecurity amid intensifying scrutiny in the area, as well as areas that may be in need of some revamping by the FDA.
The work plan outlines a number of information security-related reviews for 2015, including examining whether the DHHS Centers for Medicare and Medicaid Services’ oversight of hospitals’ cybersecurity of networked medical devices is sufficient. The OIG wrote that computerized medical devices that are interconnected with electronic medical records and the broader health network “pose a growing threat to the security and privacy of personal health information.” The review of medical device cybersecurity comes amid increasing scrutiny in the area, with the FDA hosting a related workshop and issuing voluntary guidance for device makers to deal with cybersecurity risks in the design and development of products.
The OIG is also planning on honing in on FDA regulation areas. The agency will examine the FDA’s requirements for post-marketing studies and clinical trials, saying it is interested in studying how the regulator deals with firms that do not complete the studies. Many drugs are granted approval along with conditions, namely that the companies carry out trials to find potential issues with the drugs. However, the problem is that firms don’t always conclude the studies once the drugs hit the market, with some companies contending it’s challenging to recruit patients for the proposed studies because they are able to avoid the studies entirely and get ahold of the drugs from their physician. The OIG wants to look at the FDA’s level of monitoring and, in the event that a company fails to comply with requirements, how it’s disciplined.
The DHHS agency will also review the implementation of the drug identification system as it relates to drug supply chain “trading partners,” such as drug makers and wholesale distributors, with plans to talk to them about how they have effectively exchanged information. The national system to track pharmaceutical products to allow them to be traced throughout the supply chain, created under the Drug Supply Chain Security Act, is still in early stages, with the law’s transaction requirements coming into effect Jan. 1. The OIG is looking to hear about their “early experiences” with the requirements.
The OIG also intends to assess the extent to which clinical trials comply with the reporting requirements established by the Food and Drug Administration Amendments Act as well as the manner in which the FDA is making sure that these requirements are satisfied.