About

TechNation is the primary monthly magazine and ultimate resource guide for over 12,000 medical equipment service professionals. Its diverse editorial and information helps biomedical, HTM, imaging and I.T. professionals keep their finger on the pulse of the healthcare technology community, helping advance their careers and further their profession.

Roundtable on Employment/Recruiting | May 13
TechNation.TV | HTM Jobs | Right to Repair | Advertise
Subscribe

AAMI Update: AAMI Hosts HTM Week 2024

7 Mins Read
By AAMI

 

AAMI is pleased to announce that it will host its annual HTM Week from May 19 to 25, 2024. Planned and hosted by AAMI’s Technology Management Council (TMC), HTM Week promotes awareness and appreciation of the professionals who manage and maintain the vast assortment of health technology found in healthcare delivery organizations.

HTM professionals fundamentally support our health care system by servicing and maintaining healthcare technologies for hospitals and other health care facilities, manufacturers and third-party organizations.

Danielle McGeary, vice president of HTM at AAMI, believes that the trainings and programming planned for May are an ideal chance promote the field and recognize the profession as a whole. “AAMI’s strategic plan is dedicated to helping increase the HTM personnel pipeline of professionals entering the field and providing continuing education to the HTM field at large. This year’s HTM Week contests and events are focused on these initiatives.”

HTM Week 2024 will feature:

  1. Three free webinars taught by HTM subject matter experts
  2. The “Best HTM Sticky Notes” contest
  3. The BMET 101 high school giveaway contest

HTM Week Webinars
AAMI will host three webinars during HTM week. These sessions are free for both AAMI members and non-members and will address key topics that are vitally important to the HTM profession.

  • HTM Cybercraft: Navigating the Cyber-Physical Maturity Journey: Taught by Ty Greenhalgh, industry principal, Healthcare at Claroty, this webinar addresses the Cyber-Physical Security Maturity scale, and the key role of the HTM in risk management and ensuring patient safety. The webinar will be on May 21, 2024, from 2-3 p.m. ET.
  • Adding to the Toolbox – Tips to Grow into a Better Leader: Greg Czajka, support services operations director at Advocate Health, will present on what it takes to cultivate leadership skills, and what it takes to add new tactics to your professional development toolbox. The webinar will be on May 22, 2024, from 2-3 p.m. ET.
  • Next-Level HTM: Advancing Your Program through Data and Tech: Sponsored by PartsSource, this session will be taught by Dave Brennan of SVP Clinical Solutions, and will discuss how HTM leaders have evolved to become best-in-class using AAMI’s HTM Levels Guide. The webinar will be on May 23, 2024, from 2-3 p.m. ET.

Best HTM Sticky Notes Contest
HTM week also features the return of the HTM Sticky Notes contest. Have you seen or received a hilarious sticky note from a clinician on a broken medical device? We want to see it! Share it on social media using hashtags #BiomedNotes and #HTMWeek or email us a photo at htm@aami.org. The winner will get a pizza party for their department, and AAMI will keep all device manufacturers anonymous!

High School Giveaway Contest
To promote the HTM field to the next generation, high school students are invited to participate in a special HTM Week giveaway. Three winning students will be awarded access to AAMI’s new BMET 101 course, which will give them the opportunity to learn more about the different career paths within HTM. All high school students are eligible, and they can enter the contest here. Submissions are due by May 17, 2024.

In short, AAMI’s HTM Week 2024 has plenty of opportunities, whether you’re a seasoned veteran, new to the field, or simply looking to learn about whether the HTM profession is right for you. AAMI also has HTM Week posters and an HTM Week Proclamation on its HTM Week Webpage that can be used to enhance the celebration. Questions? Reach us at htm@aami.org.

FDA Explains Medical Device Cybersecurity Requirements
On the last day of AAMI/FDA neXus, Jessica Wilkerson, senior cyber policy advisor and Medical Device Cybersecurity Team Lead at FDA presented on regulatory requirements for medical device cybersecurity.

Wilkerson opened her talk with a simple “why.” “Cyber threats can, have, and very much do pose patient safety risks to the health care sector,” and FDA’s regulatory priorities are driven out of concern for patient safety.

The most relevant legislation to medical device cybersecurity is the Food and Drug Omnibus Reform Act (FDORA), which was passed into law as part of the Consolidated Appropriations Act of 2023 and signed into law on December 29, 2023. This incorporated Section 524B – Ensuring Cybersecurity of Medical Devices into the Federal Food, Drug, and Cosmetic Act (FD&C).

Section 3305 of the Omnibus, Ensuring Cybersecurity of Medical Devices, applies to prospective submissions for “cyber devices” under the 510(k), de Novo, PDP, and PMA pathways. It came into effect 90 days after signing, on March 29, 2023. Section 524b of the Act defines a “cyber device” as a device that has these three concurrent characteristics:

  • Includes software validated, installed, or authorized by the sponsor as a device or in the device.
  • Has the ability to connect to the Internet; and
  • Contains any such technological characteristics validated, installed or authorized by the sponsor that could be vulnerable to cybersecurity threats.

This definition can include devices that do not have Internet connectivity but do have something like a USB port. Wilkerson stated that the Act also includes notable requirements for device manufacturers. Section 524B(a) requires that a sponsor do the following:

  • Provide a plan to monitor, identify, and address, postmarket cybersecurity vulnerabilities and exploits, including coordinated vulnerability disclosure and related procedures.
  • Design, develop, and maintain processes and procedures to provide a reasonable assurance that the device and related systems are cybersecure, and ensure that a device has postmarket patching capability.
  • Provide a software bill of materials (SBOM) including commercial, open-source and off-the-shelf software components.
  • Comply with other regulations and demonstrate reasonable assurance of cybersecurity.

FDA’s final premarket guidance was published last year, on September 26, 2023, capping a nearly six-year development process. Wilkerson stated that guidance is “intended to help manufacturers comply with requirements under Section 524B of the FD&C Act.” Critically, the scope of the premarket guidance is much broader than the scope of 524b and will apply to more devices. Resources include a publicly available webinar hosted in 2022, and eSTAR’s incorporation of the guidance.

The guidance addresses how cybersecurity fits into Quality System Requirements and updated the 2022 draft by including CBER submission types, considerations for combination products, and elements associated with Section 524B requirements. Structural changes include subsections in Security Risk Management meant to clarify premarket submission documentation deliverables including Cybersecurity Risk Assessments and interoperability. Citing patient concerns, Wilkerson stated that cybersecurity should not stand in the way of interoperability. Last, the document address software bill of materials (SBOMs) and aligns with the 2021 National Telecommunications and Information Administration (NTIA) SBOM Framing Document. However, FDA still asks for supporting materials, which can be submitted separately from an SBOM.

Of course, the total product life cycle includes both the premarket and postmarket phases, and FDA’s findings in one will influence the other. “When we see an issue in the post market, we will go back to the premarket cybersecurity guidance … and we will update our review criteria,” Wilkerson said.

Regarding cybersecurity review, Wilkerson drew a key distinction, stating, “software engineering is about ensuring that certain things happen … security is about ensuring that they don’t.” The ideal question to ask is, “What can the device do?” Further, past performance does not equal future security. Cybersecurity threats evolve quickly, so past security is no guarantee of future safety. Wilkerson indicated that asking, “Who is ever going to do that?” in reference to a potential cyber threat, is neither relevant nor helpful. Cybersecurity concerns apply:

  • If the device is or contains software
  • If the device meets the definition of a Cyber Device.
  • Regardless of whether the software or software component was designed by a medical device manufacturer or a third-party.
  • Cybersecurity considerations apply to the entire system, not just the end device.

Wilkerson finally noted that your risks increase if the device has wired capabilities such as USB, ethernet, SD, CD, or RGA, as well as wireless capabilities such as Wi-Fi, Bluetooth, RF, inductive, or cloud connectivity. Cybersecurity considerations also apply to the entire system rather than just the end device, and will include software update infrastructure, cloud applications and commercial devices.

For more information, visit aami.org.

Share.

Related Posts

Add A Comment

Leave A Reply

X