In March 2019, the EU Trade Association, COCIR, outlined its position in relation to the different requirements in various EU legislative frameworks aimed at addressing increasing cybersecurity risks associated with the growing number of connected digital health technologies, spanning devices, systems and infrastructure. The report focuses on both specific aspects for the healthcare sector and the industry horizontally. 

The report covers policy measures spanning the Medical Device Regulation (MDR); the Directive on the Security of Networks and Information Systems; the General Data Protection Regulation; the Cybersecurity Act and international standards, as well as considerations about security by design, weaving into each the viewpoints of COCIR members. These viewpoints are of interest to PANACEA as part of its human-centric approach to improving cybersecurity in healthcare through people, processes and technology.

The report underscores the need to broaden the discussions on the regulatory aspects to ensure better harmonisation and alignment to EU and national laws that set security requirements for products and services. The main recommendations for European, reginal and national regulators are: 

  • Setting up a broad European discussion to establish good secuity practices in all regulatory frameworks aimed at reducing market access limitations, conflicting requirements and unnecessary administrative burden.
  • Promoting regulatory convergence between EU Member States and industry sectors.
  • Developing European guidance that clarifies the concept of shared responsibility, including criteria for determining the device’s intended environment.
  • Adopting the new MDS2 form1 (Manufacturer Disclosure Statement for Medical Device Security (MDS2), expected to be adopted in Summer 2019) as a means of documenting and communicating medical device security and privacy features in Europe.
  • Coordinating a European approach to security-related incident reporting, in order to avoid duplication and confusion.
  • Safeguarding a level playing field by ensuring that consistent and effective market surveillance measures are in place to warrant compliance with the existing regulatory framework.
  • Avoiding multiple certification schemes for the same technologies and processes.

COCIR is the European Trade Association representing the medical imaging, radiotherapy, health ICT and electromedical industries. 

Lookout Watch entry date: 07/08/2019

Watch category:

Watch Type: