Privacy, Security and Medical Devices NEMACOCIRJIRA Security

1
Privacy, Security and Medical DevicesNEMA/COCIR/
JIRA Security Privacy Committee (Active
participants AGFA, GE, Kodak, Merge eFilm,
Philips, Siemens, Toshiba)

• James Keese Kodak Health Imaging
• Chief Privacy/Security Officer

2
What are we doing.

• Challenge
• Optimize the transition from legacy systems to
  medical devices that provide patient privacy and
  data/system security
• How
• Industry working among NEMA, COCIR, JIRA, HIMSS,
  AdvaMed, etc.
• Medical device manufacturers are implementing
  best practices for privacy and security
• Focus on compliance while carefully managing
  healthcare costs
• Scope
• All systems, components, and accessories used in
  IT based medical devices.

3
Industry Activity Progress (1)

• SPC
• Development and approval of multiple white papers
• All papers available at http//www.nema.org/medica
  l
• Provide security architectures/recommendations
  for patching, remote access, digital
  certificates, etc.
• VA/NEMA Risk Management Team
• Identification of leading edge medical device
  security requirements
• Developing best practices for risk management
• Collaborating on actions to assure uninterrupted
  patient care

4
Industry Activity Progress (2)

• HIMSS-Medical Device Security Workgroup
• Focus team of healthcare providers and
  manufacturers working toward practical and
  sustainable practices
• Deliverables white papers, guidance documents,
  provider tools
• AdvaMed
• Forum where manufacturer and regulatory come
  together to discuss security

5
In Conclusion

• Highly active groups in providing resources for
  the industry and government
• Consistent representation across all forums
• Overlapping members to provide clear
  communication across all groups
• How we assist HHS NVCHS going forward?

6
For More Information or to Participate

• NEMA, Contact the Secretariat
• Mr. Stephen Vastagh
• National Electrical Manufacturers Association
• Suite 1847
• 1300 N. 17th Street
• Arlington, VA 22209, USA
• E-mail ste_vastagh_at_nema.org
• Telephone 1-703-841-3281

• HIMSS, Medical Device Security
• Joyce Sensmeier MS, RN, BC, CPHIMS
• Dir of Prof Services, HIMSS
• 230 East Ohio, Suite 500
• Chicago, IL 60611
• Phone 312-915-9281
• E-mail jsensmeier_at_himss.org
• AdvaMed
• Bernie Liebler
• Phone 202.434.7230
• Fax 202.783.8750
• E-mail BLiebler_at_AdvaMed.org

7
Privacy and Security in Healthcare Informatics
Backup Slides
8
SPC White Papers Correspondence

• Security Privacy An Introduction to HIPAA
             
• Security Privacy Auditing In Health Care
  Information Technology
• Security Privacy Requirements for Remote
  Servicing                 
• Remote Service Interface Solution (A) IPSec
  Over The Internet Using Digital Certificates
• Identification Allocation of Basic Security
  Rules in Healthcare Imaging Systems
• Patching of Off-the-Shelf Software used in
  Medical Information Systems
• Defending Medical Information Systems Against
  Malicious Software
• Ltr-JMurray-FDA-2004-09-24.doc (see attached
  letter)

9
HIMSS Device Security Aligned with SPC

• Healthcare Information and Management Systems
  Society
• Healthcare providers and manufacturers with
  strong HCIT representation
• Development of security policies - desktop vs
  medical device
• Medical Device Security Workgroup
• Forum focused team of healthcare providers and
  manufacturers working toward practical,
  sustainable solutions
• Charter coordinate efforts to manage risk
  associated with interconnected and pervasive
  medical devices
• Objective to provide immediate impact that
  improves security while maintaining continuity of
  care
• Deliverables white papers, guidance documents,
  recommendations and educational tools
• http//www.himss.org/asp/medicalDeviceSecurity.asp

10
HIMSS recent deliverable MDS2
11
NEMA Letter To FDA (1 of 3)
12
NEMA Letter To FDA (2 of 3)
13
NEMA Letter To FDA (3 of 3)