Security News > 2022 > March > Model contract language for medical technology cybersecurity published
The genesis of this resource was the recognition that medical device cybersecurity responsibility and accountability between Medical Device Manufacturers and Health Delivery Organizations is complicated by many conflicting factors, including: uneven MDM capabilities and investment in cybersecurity controls built into device design and production; varying expectations for cybersecurity among HDOs; and high cybersecurity management costs in the HDO operational environment throughout the device lifecycle.
The purpose of this Model Contract Language is to offer a reference for shared cooperation and coordination between HDO's and MDM's regarding the security, compliance, management, operation, services, and security of MDM-managed medical devices, solutions, and connections.
This Model Contract Language is intended to minimize security risks and ensure the confidentiality, integrity, and availability of HDO healthcare technologies, infrastructures, and information.
This Model Contract Language articulates adequate security of HDO information being stored, transferred, or accessed and provides that all network access, medical devices, services, and solutions satisfy the mission, security, and compliance requirements of the HDO. Medical device manufacturers, health delivery organizations, and group purchasing organizations are encouraged to closely review this contract language and adopt as much as is appropriate for the organization.
This model contract is also the product of model collaboration between two subsector stakeholders whose expectations about responsibility and accountability for cybersecurity have not always been aligned.
The 2-year process of "Pre-negotiating" this model contract language - beginning in March 2020 - facilitated increased mutual understanding and trust between MDM's and HDO's that participated in the Medical Device Cybersecurity Model Contract Language Task Group.
News URL
https://www.helpnetsecurity.com/2022/03/14/medical-technology-cybersecurity/