The U.S. Senate has introduced a bipartisan measure that would help to ensure the security and integrity of medical devices by implementing mandatory premarket cybersecurity requirements.
Introduced in mid-March by Senators Bill Cassidy, M.D. (R-LA) and Tammy Baldwin (D-WI), the “Protecting and Transforming Cyber Health Care Act, otherwise known as the PATCH Act, would amend the Federal Food, Drug, and Cosmetic Act to “require…the inclusion in any premarket submission for a cyber device of information to demonstrate a reasonable assurance of safety and effectiveness throughout the lifecycle of the cyber device.”
Companion legislation was previously introduced in the U.S. House of Representatives by Michael Burgess (R-TX) and Angie Craig (D-MN).
If approved by both Houses of Congress and signed by President Biden, the PATCH Act would authorize the FDA to require device manufacturers to demonstrate compliance with many of the recommendations contained in the agency’s draft updated guidance on cybersecurity in medical devices. (See our news item “U.S. FDA Clarifies Cybersecurity Recommendations for Medical Devices.”)