3 things a medical device vendor must do for security incident response
You are VP R&D or CEO or regulatory and compliance officer at a medical device company. Your medical devices measure something (blood sugar, urine analysis, facial anomalies, you name it…). The medical device interfaces to a mobile app that provides a User Interface and transfers patient data to a cloud application using RESTful services over HTTPS. Sound familiar? […]
Refreshing your HIPAA Security Rule compliance
Clients frequently ask us questions like this. Danny, I have a quick question about our HIPAA compliance that we achieved back in early 2013. Since then we have released a couple of new software versions and we are wondering to what extent we need to perform another security and compliance assessment. Please let us know what sort of information you might […]
Privacy, Security, HIPAA and you.
Medical devices, mobile apps, Web applications – storing data in the cloud, sharing with hospitals and doctors. How do I comply with HIPAA? What applies to me – the Security Rule, the Privacy Rule or both? Consider a common use case these days – you’re a medical device vendor and your device stores health information in the cloud. […]
10 ways to detect employees who are a threat to PHI
Software Associates specializes in software security and privacy compliance for medical device vendors in Israel. One of the great things about working with Israeli medical device vendors is the level of innovation, drive and abundance of smart people. It’s why I get up in the morning. Most people who don’t work in security, assume […]
The top 5 things a medical device vendor should do for HIPAA compliance
We specialize in software security assessments, FDA cyber-security and HIPAA compliance for medical device vendors in Israel. The first question that every medical device vendor CEO asks us is “What is the fastest and cheapest way for us to be HIPAA-compliant”? So here are the top 5 things a medical device vendor should do in order to […]
The death of the anti-virus
Does anti-virus really protect your data? Additional security controls do not necessarily reduce risk. Installing more security products is never a free lunch and tends to increase the total system risk and cost of ownership, as a result of the interaction between the elements. We use the quantitative threat analysis tool – PTA that enables […]
Why Google is a bad idea for security and compliance
Dear consultant, I worry because so many of the best practices documents I read say that we need to store data in the cloud in Canada if we do business in Canada. See page 19 here – Health privacy in Canada Sincerely – consumer healthcare product manager Dear consumer healthcare product manager – First of all. […]
Kick start your European privacy compliance
The CNIL’s Sanctions Committee issues a 150 000 € monetary penalty to GOOGLE Inc. On 3 January 2014, the CNIL’s Sanctions Committee issued a 150 000 € monetary penalty to GOOGLE Inc. upon considering that the privacy policy implemented since 1 March 2012 does not comply with the French Data Protection Act. It ordered the company […]
What is your take on anti-virus in medical devices?
A check-box IT requirement for medical devices on the hospital network is installation of anti-virus software even though most devices don’t have network connectivity and as a result are running outdated AV engine and signatures. What is your take? Should device vendors continue to install anti-virus even though it’s not effective? Would you considering using […]
Software in Medical Devices – Update
We have previously written about various aspects of the software development process, especially, the verification and validation activities in implanted and invasive medical devices. Here is an update on what is happening in the regulatory arena and how the regulatory groups are checking up on what we are doing. Software Recalls 2012 The estimate for software recalls […]
