FDA Issues Final Guidance on Postmarket Management of Cybersecurity in Medical Devices

Members & Publications


December 27, 2016

The FDA has released the final guidance document "Postmarket Management of Cybersecurity in Medical Devices." This final guidance informs industry and the FDA staff of the Agency’s recommendations for managing postmarket cybersecurity vulnerabilities for marketed and distributed medical devices.

The final guidance also meets the following objectives:

  1. clarifies the FDA’s recommendations for managing postmarket cybersecurity vulnerabilities;
  2. emphasizes that manufacturers should monitor, identify, and address cybersecurity vulnerabilities and exploits as part of their postmarket management of medical devices;
  3. establishes a risk-based framework for assessing when changes to medical devices for cybersecurity vulnerabilities require reporting to the FDA; and
  4. outlines circumstances in which FDA does not intend to enforce reporting requirements under 21 CFR, part 806.

It is important to note that the recommendations in this final guidance apply to marketed and distributed medical devices that:

  • are already on the market or in use (also known as “legacy devices”),
  • are considered part of an interoperable system (allowing for multiple technology systems and software applications to communicate and exchange data),
  • contain software, programmable logic; or
  • contain software that is a medical device (including mobile medical applications).

WEBINAR: On Thursday, January 12, 2017, the FDA will host a webinar for industry to discuss and answer questions about this final guidance. 

To ensure you are connected, please dial-in 15 minutes prior to the start of the webinar. 

Following the webinar, a transcript, recording and slides will be available at: http://www.fda.gov/CDRHWebinar. The slide presentation will also be available at this site on the morning of the webinar.

If you have any questions regarding this guidance document, please contact CDRH’s Division of Industry and Consumer Education (DICE) at DICE@fda.hhs.gov, or via phone at 1-800-638-2041, or 301-796-7100.

Legislation Introduced to Alleviate Impact of Conversion Factor Cut for 2021

Nov 09, 2020

Last month, two bills were introduced in the House proposing solutions to the estimated 10.6% Physician Fee Schedule conversion factor cut expected to go into effect January 1, 2021.  The bills offer some relief to the cut, but do not reflect a comprehensive or long-term solution.  AAPM&R has therefore chosen to remain neutral regarding these bills. 

Your Academy continues to advocate for a permanent solution to the conversion factor cut while maintaining the important payment increases to office and outpatient evaluation and management services.