The PATCH Act
A bill that aims to improve medical device and network security.
The PATCH Act is a bill that aims to improve device and network security.
A new Senate bill introduced this week (including legislation in the House) would require medical device developers to be more accountable for the cybersecurity of their products.
Sens. Tammy Baldwin, D-Wisconsin, and Dr. Bill Cassidy, R-Louisiana, have introduced the bipartisan Protecting and Transforming Cyber Health Care Act, which would establish a set of new criteria for device and network security.
It would establish cybersecurity requirements that:
- Established cybersecurity requirements for companies seeking premarket authorization from the Food and Drug Administration.
- Encourage developers and manufacturers to update devices and related systems across its purported lifecycle.
- Create a Software Bill of Materials for devices that will be distributed to customers.
- Require the creation of plans to monitor, identify, and remedy cybersecurity vulnerabilities once the product has been released.
- To show a device's safety and effectiveness, request a Coordinated Vulnerability Disclosure.
The current bill and the bill that it amends from 1990 are linked below.
Documents to download
- BILLS-117hr7084ih(.pdf, 231.66 KB)
More links
- S.3395 - Medical Device Integrity ActTo amend the Federal Food, Drug, and Cosmetic Act with respect to records and other information inspections.
- Summary: H.R.3095 — 101st Congress (1989-1990)Safe Medical Devices Act of 1990 - Amends the Federal Food, Drug, and Cosmetic Act (FDCA) to require medical device user facilities to report to the Secretary of Health and Human Services, the manufacturer, or both whenever they believe there is a probability that a medical device has caused or contributed to a death, illness, or injury. Defines a medical "device user facility" (DUF) to mean a hospital, ambulatory surgical facility, nursing home, or outpatient treatment facility which