The Association of Electrical Equipment and Medical Imaging Manufacturers
 Limit to NEMA Publications
 Search entire IHS Markit database
Store Home  |   My Account  |   Help & Support  |   About IHS Markit  |   Contact Us  |   Sign In  |  
Look Inside


2013 Edition, 2013

Complete Document

Manufacturer Disclosure Statement for Medical Device Security

Detail Summary

Active, Most Current

Additional Comments:
Price (USD)
Secure PDF
Single User
Add to Cart

Product Details:

Description / Abstract:

Information provided on the MDS2 form is intended to assist professionals responsible for security risk assessment processes in their management of medical device security issues. The information on the MDS2 form is not intended, and may be inappropriate, for other purposes.

The Role of Healthcare Providers in the Security Management Process

The provider organization has the ultimate responsibility for providing effective security management. Device manufacturers can assist providers in their security management programs by offering information describing:
  • the type of data maintained/transmitted by the manufacturer's device;
  • how data is maintained/transmitted by the manufacturer's device;
  • any security-related features incorporated in the manufacturer's device.

In order to effectively manage medical information security and comply with relevant regulations, healthcare providers must employ administrative, physical, and technical safeguards—most of which are extrinsic to the actual device.

The Role of Medical Device Manufacturers in the Security Management Process

The greatest impact manufacturers can have on medical device security is to incorporate technical safeguards (i.e., security features) in their devices to facilitate healthcare providers' efforts in maintaining effective security programs and meeting any relevant regulatory requirements and/or standards. The medical device manufacturing industry is increasingly aware of the importance of having effective security functionality in their devices. Manufacturers are generally including such security-related requirements in the production of new devices based on provider needs and requirements.
ANSI/NEMA MW 1000, 2014