Medical Device Security Privacy Checklist

Medical devices that collect and store data that falls under the HIPAA definition of protected health information (PHI) must ensure that the covered entities (CEs) using those devices can secure them effectively, and create logs and control sharing as required by the HIPAA Security Rule, Privacy Rule and HITECH Act. If medical device vendors and manufacturers have access to the devices, and associated data, that the CEs use, then they are business associates (BAs) under HIPAA and must follow all the HIPAA Security Rule and HITECH Act requirements, and all the applicable Privacy Rule requirements.

Rebecca created this “Medical Device Manufacturers and Engineers Security and Privacy Checklist” to help medical device engineers to build in the appropriate controls, and for vendors who are BAs to understand the controls necessary within such devices, and to help them address their legal obligations for security and privacy protections.

All medical device manufacturers and vendors can also use the SIMBUS Light and Standard services to ensure they have a HIPAA-client program within their own organizations.

TOP