HIPAA, HITECH and Interoperability compliance route


Hiii friends,

Am looking for the details on the HIPAA, HITECH and Interoperability compliance to medical devices.

1. Firstly, would like to seek some advice on whether HIPAA - privacy & security rules are applicable to a medical device manufacturer?
2. How is the interoperability rules set out in the FDA guidance be complied?
3. Also, how are these related to each other.
4. If it is applicable to a medical device manufacturer (of radiotherapy equipment's), how do we comply - self certification or 3rd party assessment required?

It seems so vague for me to start with the compliance. Please help me out!

Elsmar Forum Sponsor


Staff member
Super Moderator
I'll try to get the ball rolling but I need some clarification.

1. HIPAA, as you know, is intended to protect patient info. So if your device is collecting or handling protected information, you need to be sure the system adequately protects the information. If you, say, collect complaints that contains protected information, you'll need to properly protect it (and probably have procedures / training to ensure your staff understands the responsibilities).

2. Can you clarify which FDA guidance on interoperability you are trying to comply with? What specific issues with compliance are you having?

3. I suppose if your device is handling protected information and you're passing that data to another system, you'd likely need to protect it (e.g., send encrypted, ensure destination is authorized, etc.).

4. What "it" are you asking about? Many tests are best facilitated by 3rd-party labs who have proper equipment and expertise.

Similar threads

Top Bottom