A new work item on cybersecurity was proposed at the International Medical Device Regulators Forum (IMDRF) management committee hearing this week in Beijing, China by the Global Diagnostic Imaging, Healthcare IT & Radiation Therapy Trade Association (DITTA).
Pending the outcome meeting statement to be released by IMDRF chair China Food and Drug Administration, DITTA chair Patrick Hope told Focus
that the proposed new work item is centered on three areas of cybersecurity. These include shared responsibility between all stakeholders, sharing information on cyber vulnerabilities and harmonizing terminologies.
The move comes after DITTA suggested at the previous
IMDRF meeting in March that the area of cybersecurity would benefit from global harmonization and convergence of regulations. This was well received by the management committee, which agreed to explore a new work item.
DITTA requested the US Food and Drug Administration (US FDA) and Health Canada take the lead on the cybersecurity project. This is because these two regulatory agencies have achieved the most progress in “thinking through a lot of these questions in most jurisdictions so there’s a lot of activity going on in that space,” making them “natural leads to chair that effort,” Hope said.
Participants at the last IMDRF gathering—which took place from Tuesday through Thursday—discussed a variety of other projects already underway among the 10-member regulatory agencies. These include regulated product submissions (RPS), unique device identification and the Medical Device Single Audit Program (MDSAP), according to Hope.
Representing several industry associations such as the Medical Imaging Technology Alliance and the national association of Canada's medical technology companies, among others, DITTA stressed its concerns with the regulators’ efforts around RPS and MDSAP.
The association sent a letter
to US FDA, copying Health Canada, in July that offered potential solutions to the issues companies participating in MDSAP raised in answers to a DITTA survey.
“Of course we support the program,” Hope said. But there are some concerns about how auditing organizations seem to lack the capacity to conduct MDSAP audits, which in turn leads to a lot of timing delays
for participating companies, he added.
In terms of adopting the IMDRF Table of Contents (ToC) structure for RPS, DITTA has observed some inconsistencies among regulators that has resulted in skepticism among its member companies as to whether the current work in this area will achieve its intended benefits.
The association expected this working group to provide globally harmonized ToC content and such content continues to vary across different jurisdictions, Hope said.