Australia’s Therapeutic Goods Administration (TGA) wants to work with the medical device industry to update its position on software and cybersecurity.
TGA has commissioned research reports on the two topics to inform how it should regulate the emerging technological opportunities and threats.
The agency shared the update on its activities in the wake of criticism of its regulation of some mobile health apps.
Cybersecurity and products that straddle the line between software programs and medical devices are two of the big emerging medtech challenges for regulatory agencies. In both cases, regulators want to protect patients from devices that are harmful, either due to a poor design or a deliberate hack, without throttling the emergence of innovative, beneficial technologies.
TGA has grappled with these issues in recent years, both internally and through its work with groups such as the International Medical Device Regulators Forum (IMDRF). The agency held a consultation on an IMDRF document about Software as a Medical Device (SaMD) in 2015, and shared pointers on medtech cybersecurity vulnerabilities the following year.
However, the pace of change in the sector and criticism of the TGA’s approach, most recently in The Medical Journal of Australia, means further action may be needed to balance the risks and opportunities posed by software.
TGA has enlisted Australia’s Commonwealth Scientific and Industrial Research Organisation (CSIRO) to help with this effort. CSIRO, an independent Australian government scientific agency, is working on two reports.
One report will look at SaMDs, such as apps and clinical decision support tools. TGA has tasked CSIRO with understanding the needs of companies in the field, with a view to designing regulatory support programs that help unlock global markets. CSIRO wants companies interested in sharing their views to contact it by August 20.
The second report will address Cyber Security for Medical Devices (CSfMD). In that case, CSIRO’s work is expected to lead to cybersecurity best practices companies can implement to protect their devices. CSIRO is holding a workshop and webinar on the topic next month, after which it will release a paper for consultation.