SBS - The best value in QMS software

Medical device HIPAA compliance in encryption

#1
Hi,
I hope it's ok to ask here..
My company is making a diagnostic medical device that uses Wi-Fi, so it needs to be encrypted, there is no physical risk to the user if the device is hacked or stps working.

Does the encryption need to have a different key for each device or can we use a universal key for all the devices?
I couldn't find the answer in the HIPAA compliance or in the FDA's "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices "
 
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
UL 2900 (FDA recognized) says that "10.4 The product shall use a separate cryptographic key for each service, operation, or function (e.g. data at rest encryption, transport layer encryption, operator role authentication, remote software upgrade image integrity). The vendor shall clearly document the intended purpose of each key used by the product. Rationale shall be documented in accordance with Vendor Product Risk Management Process, Section 12." I don't see anything about a different key per device, though.

I would suggest that, whatever decision you make, support it with the risk analysis.

Note that standard has a list of acceptable security functions and one is:

k) NIST FIPS 140-2, Annex D: Approved Key Establishment Techniques, ref. [23].

That might be a source that gives more information (I don't have a copy).
 
Thread starter Similar threads Forum Replies Date
C How medical device manufacturers are implementing standards like GDPR and HIPAA Other ISO and International Standards and European Regulations 5
D HIPAA and GDPR applies? Medical therapy device ISO 13485:2016 - Medical Device Quality Management Systems 0
L Medical device registration in Iran Other Medical Device Regulations World-Wide 0
H EU CE marking for Medical Device Class I EU Medical Device Regulations 0
A Medical Device Contract Manufacturer - Does the CM need to register with FDA? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
JoCam Certified QMS for MDR - Class I medical device manufacturers EU Medical Device Regulations 4
R Compatibility studies - Medicinal Product and Medical Device Other ISO and International Standards and European Regulations 0
K CE Marking Class 1 (Non sterile) medical device CE Marking (Conformité Européene) / CB Scheme 3
J Medical Device Regulations in Lebanon? Other Medical Device Regulations World-Wide 2
J Calibration cycle for monitoring & measuring tools used in medical device manufacturing General Measurement Device and Calibration Topics 5
S Medical Device MRI Compatibility EU Medical Device Regulations 3
A ISO 13485 for Class 1 Medical Device ISO 13485:2016 - Medical Device Quality Management Systems 7
R Components to a finished medical device, MDR requirements Other US Medical Device Regulations 1
J Warnings/Cautions in Medical Device IFU Medical Device and FDA Regulations and Standards News 4
M V&V phase: Justification of acceptance criteria (statistical method ) - (Medical Device) Design and Development of Products and Processes 2
E Medical Device - CE marking - Local market notifications EU Medical Device Regulations 1
S Medical Device Registration in Qatar Other Medical Device Regulations World-Wide 1
M Medical device substance based-leachables Other Medical Device Related Standards 2
P Anyone have an Idea on UAE Medical device registeration- Class B with FDA only Other Medical Device Regulations World-Wide 0
F Mobile app regulations - Class II medical device 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
M What are the basics of Medical Device Single Audit Program (MDSAP)? ISO 13485:2016 - Medical Device Quality Management Systems 7
U Medical Device CE Marking - Using a disposable bearing CE Marking (Conformité Européene) / CB Scheme 3
L Medical Device Registration in Macau Other US Medical Device Regulations 1
A Medical Device Registration in the Dominican Republic Other Medical Device Regulations World-Wide 4
Aymaneh Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
T B2C Medical Device Shipping across the US Other Medical Device Related Standards 0
M Medical Device Registration In Malaysia Other Medical Device Regulations World-Wide 2
N Adding unclassified product to the medical device registration US Food and Drug Administration (FDA) 1
V Sister companies selling same medical device under different names ISO 13485:2016 - Medical Device Quality Management Systems 3
K CE Marking for Class I Medical Device? CE Marking (Conformité Européene) / CB Scheme 7
L Medical device storage conditions ISO 13485:2016 - Medical Device Quality Management Systems 1
F USB powered handheld medical device - Isolation requirements IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
L How to determine / validate Medical Device Storage Conditions ISO 13485:2016 - Medical Device Quality Management Systems 1
P Best european location to set up for a virtual medical device manufacturer? EU Medical Device Regulations 4
Y Possibility for Medical Device registration in Israel Regulation Other Medical Device Regulations World-Wide 4
M How does IEC-60601-1 apply to a non-medical device in the patient vicinity? IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
M Determining if an Insulin Pen Testing Machine is a Medical Device? EU Medical Device Regulations 4
M Indian Medical Device Rules - Manufacturing and Wholesale Lic. Required? Other Medical Device Regulations World-Wide 8
K Medical Device Repairs and ISO Scope ISO 13485:2016 - Medical Device Quality Management Systems 3
R Manufacturing plants relocation - Medical Device Medical Device and FDA Regulations and Standards News 7
R Medical Device - Change manufacturing plant Design and Development of Products and Processes 6
shimonv Classification of a cloud- base viewer for the output from a medical device US Food and Drug Administration (FDA) 7
A FDA guidance on non-sterile Medical Device Packaging Medical Device and FDA Regulations and Standards News 7
A Medical device Mode Of Action CE Marking (Conformité Européene) / CB Scheme 2
P Best Global Option to become an OBL/PLM/Virtual medical device brand in 2020 Other Medical Device Regulations World-Wide 2
rob73 UK Medical Device Regulations Forum - UK MDR Elsmar Cove Forum Suggestions, Complaints, Problems and Bug Reports 3
S Philippines CMDL (Certificate of Medical Device Listing) Elsmar Cove Forum ToS and Forum Policies 0
J 21 CFR 821 Medical Device Tracking Requirement 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
S Iraq Medical Device registration Other Medical Device Regulations World-Wide 0
R Medical Device Software Certification IEC 62304 - Medical Device Software Life Cycle Processes 1

Similar threads

Top Bottom