Medical devices and systems represent a growing risk with respect to the security of the medical data they contain. Hospitals and similar healthcare organizations typically have 300% to 400% more medical equipment than IT devices and two trends are contributing to the increasing significance of this security risk:

1. Medical devices and systems are being designed and operated as special purpose computers … more features are being automated, increasing amounts of medical data are being collected, analyzed and stored in these devices.
2. There has been a rapidly growing integration and interconnection of disparate medical (and information) technology devices and systems where medical data is being increasingly exchanged.

HIMSS Medical Device Security Workgroup was convened earlier this year to address the need for a coordinated effort on this issue. The charter of this Workgroup, under the guidance of the HIMSS Privacy & Security Steering Committee is to:

• Identify both the security issues associated with medical devices & systems and the best practices available to address those issues
• Evaluate the issues of security threats and vulnerabilities that affect medical devices, both the provider and the equipment manufacturer's responses and responsibilities, and the legal and regulatory framework in which these issues must be addressed
• Coordinate with similar groups and committees, in HIMSS and other organizations, to capitalize on existing efforts and realize the economies of collaboration
• Prepare and endorse white papers, guidance documents, comments and recommendations on medical device security issues and practices for addressing those issues
• Educate HIMSS membership and the industry on the implications of medical device security through the publications, tools, resources and educational programs found in this focus area of HIMSS Web site.
  

Latest News:

HIMSS Reports: HIMSS, ACCE & ECRI Offer Medical Device Security Guidelines
HIMSS has taken a leading role in industry efforts to address information security issues associated with maintaining and storing health information.

HIPAA Security Rule Countdown: 24 Days Remain to Comply – Who is Using the MDS²?
With less than a month left to comply with the final Health Insurance Portability and Accountability Act (HIPAA) Security Rule, more than 1,200 healthcare organizations have downloaded the Manufacturer Disclosure Statement for Medical Device Security (MDS2) from the HIMSS Web site to simplify compliance with HIPAA.

Related Resources: