Diabetes Patients Flood FDA with Comments on Cybersecurity for Medical Devices

Diabetes Patients Flood FDA with Comments on Cybersecurity for Medical Devices


The Food and Drug Administration received more than a thousand comments, mostly from diabetes patients and their families, in response to the draft cybersecurity guidelines that staff must use when processing shipments. of medical device manufacturers requesting approval to market their products.

“Please do not allow medical device manufacturers to use cybersecurity as a claim to prevent me from accessing my OWN devices,” says an entry in a sample of the comments the FDA posted in the dossier on the guide. The emphasis is on the commentator.

With a 90-day public comment period ending Thursday, the FDA will now begin the process of finalizing cybersecurity guidelines for its pre-market submissions, according to a notice in the Federal Register.

The FDA is under pressure from Congress to improve the cybersecurity of medical devices through its pre-market approval process, with some scholars saying what the agency does below could serve as a model for a specific approach to sector to regulate and enforce reasonable measures to ensure. an increasingly connected world of malicious actors.

The vast majority of comments received by the FDA followed a template, with people tailoring their entries to reflect the personal circumstances surrounding their diabetes management in themselves or others, but all underscored their nature. potentially deadly and the need to have more control over their destinies.

“I live with diabetes that requires insulin, a chronic incurable disease that requires continuous monitoring of blood glucose levels and insulin administration,” says one comment using only normal language. “It is imperative that access to my own devices be possible. The ability to receive glucose values ​​from my continuous glucose monitor and the ability to order my insulin pump to administer insulin are already allowed and expected of me. In fact, if I don’t [this], I will die. So please don’t let medical device manufacturers use cybersecurity as a claim to prevent me from accessing my own devices. “

The management of type 1 diabetes, in particular, involves two devices: one to control glucose levels and another to deliver the insulin used to regulate it in the body. The process usually requires patients or their caregivers to carefully read the levels of the first device and then manually perform a series of complicated calculations, based on factors such as what they ate recently or whether they exercised that day, to determine the correct one. . amount of insulin they should indicate on the second device to pump into the bloodstream.

The process is exhausted and miscalculations can lead to deadly overdoses, Howard Look said Nextgov. In 2011, after her daughter was diagnosed with the disease and prescribed the two devices, Look, a computer engineer, devised a way to automate her treatment by connecting the two devices. It was awkward, involving a single-board computer called the Raspberry Pi, a battery, and a bunch of cables, but it made a big difference in its quality of life.

“I used to pack it every morning and put it in a small soccer-sized camera bag and put it in my daughter’s backpack and send it to school,” she said. “He said he could just follow his day, he could be a normal teenage boy and go to school and not have to worry about his glucose levels all day and not have to worry about him going down. while I was in. take a test or go high [at other times]and there was no need to worry about alarms continuing to sound at school. ”

Look founded Tidepool, a non-profit organization where he is now president and CEO. Along with others in the diabetes community, the organization offers software that allows patients to view their data and better manage the disease. And supporters are working to make Tidepool Loop the first FDA-approved app for more convenient automated insulin delivery.

The comments are a materialization of “the passion of the diabetes community,” Look said, noting that the opportunity for their voices to be heard on the subject first caught his attention through forums. of diabetes with tens of thousands of members.

It’s a “recognition that diabetes is a very difficult disease to manage, and that people feel very, very firmly that they should be able to make their own individual choice,” he said, adding, “The energy you’re seeing it is the fear that this right and this desire will be restricted in some way. ”

Tidepool’s own comments to the FDA express support for the agency’s cybersecurity efforts, but echo those concerns. They ask the FDA to clarify that the cybersecurity guide is intended to prevent unauthorized access and that patients attempting to access their data should not fall into this category.

“Following best practices for cybersecurity should not involve blocking patient users from accessing their own data or controlling their own devices,” the comments say. “Tidepool states that there is a risk that FDA guidelines may be misinterpreted or misinterpreted to suggest that the patient’s user restriction of access is appropriate or recommended. The FDA may mitigate this risk by clearly stating that the ‘access and use of your own device by a patient user may be considered authorized access and shall not be considered a threat to cybersecurity.’

When asked why he suspects device manufacturers might try to prevent patients from accessing their own devices, Look said it’s because “we’ve seen it in other industries.” He went on to describe the campaigns for the right to repair, an issue that has been gaining momentum with the recent enforcement actions of the Federal Trade Commission.

“The inkjet printers industry decided to use software encryption mechanisms to block people’s ability to use their own ink cartridges, the John Deere tractor blocked the software and persecuted people who tried modify the software of your own tractors or try to repair your own tractors, “he said.

Look said, “The cybersecurity guide rightly says,‘ Hey, device makers, you should use strong encryption and strong authentication to keep out the bad actors. ”What we’re saying is that this doesn’t stop a device manufacturer allows the individual to have secure access to their own device.What we don’t want to see is that device manufacturers block people from their own devices and say, “You can’t access your own data,” where you can’t you can control your own device the way you think your own individual therapy is better. “

There is a strong argument for device manufacturers to block patients, Look said, noting the potential for new applications to disrupt and compete with their business model.

“In the world of medical devices we haven’t seen this happen yet, at least I’m not aware of it, but you can imagine it happening,” he said.





Source link

Related post

AZ Big Media How to keep your web development projects on schedule

AZ Big Media How to keep your web development…

Do you have your best tip for keeping web development projects on time? To help you better manage your web development…
Interactive Whiteboard Global Market Report 2022

Interactive Whiteboard Global Market Report 2022

ReportLinker Key players in the interactive whiteboard market are Boxlight Corporation, Cisco System, Inc., Foxconn Technology Group, Google, Inc., Hitachi, Ltd.,…
Interactive Whiteboard Global Market Report 2022

Interactive Whiteboard Global Market Report 2022

ReportLinker Key players in the interactive whiteboard market are Boxlight Corporation, Cisco System, Inc., Foxconn Technology Group, Google, Inc., Hitachi, Ltd.,…

Leave a Reply

Your email address will not be published.