I have been involved in the original creation of the MDS2 (Manufacture Disclosure Statement for Medical Device Security). This was back in 2004, before I was blogging... The first revision was a major change to align with IEC 80001 - Risk Assessment to be used when putting a Medical Device onto a Network in 2010. The second revision to improve usability Major upgrade to MDS2 to align with IEC-80001 in 2013
It is being revised again, and there is a call for participation. Hurry, there is only a week to signup -- September 8th deadline.
This is intended to be a Security Disclosure statement from a Medical Device (any health software too) to someone purchasing. It is intended to explain the security capability, environmental expectations, and residual risk that would need to be managed by the purchasing organization. Security is a critical collaboration between the manufacture and the user of any system. This form is intended to enable this collaboration.
The Medical Imaging & Technology Alliance (MITA) is announcing an effort to revise the existing HIMSS/NEMA Standard HN1-2013 and develop it as an American National Standard. This standard consists of the Manufacturer Disclosure Statement for Medical Device Security (MDS2) form and related instructions how to complete the form. The intent of the MDS2 form is to supply healthcare providers with important information to assist them in assessing the vulnerability and risks associated with protecting private data transmitted or maintained by medical devices and systems.
If you are interested in participating in the development of this standard, please fill out the information requested below and return to Peter Weems (email@example.com) no later than
August 31, 2017September 8, 2017.
- Organization Represented
- Brief Description of Organization
- Email Address
- Telephone Number
- Interest Category
- Interest Category Descriptions
General Interest—Organization or individual that has an interest in the use of equipment included in the scope of this Standard, but neither produces nor uses it directly.
Government—Government agency or department that has an interest in the use of equipment included in the scope of this Standard. Please note that a government agency or department that uses this equipment should select the USER category.
Insurance--Insurance agency or department that has an interest in the use of equipment included in the scope of this Standard. Please note that an insurance agency or department that uses this equipment should select the USER category.
Producer—Manufacturer of equipment included in the scope of this Standard.
Testing Laboratory—Organization that tests equipment included in the scope of this Standard to established specifications.
Trade Association—Trade Association or society that represents the interests of manufacturers or users of equipment included in the scope of this Standard.
User—Organization (company, association, government agency, individual) that uses equipment included in the scope of this Standard.
User-consumer—Where the standards activity in question deals with a consumer product, such as lawn mowers or aerosol sprays, an appropriate consumer participant’s view is considered to be synonymous with that of the individual user – a person using goods and services rather than producing or selling them.
User-industrial—Where the standards activity in question deals with an industrial product, such as steel or insulation used in transformers, an appropriate user participant is the industrial user of the product.
User-government—Where the standards activity in question is likely to result in a standard that may become the basis for government agency procurement, an appropriate user participant is the representative of that government agency.
User-labor—Where the standards activity in question deals with subjects of special interest to the American worker, such as products used in the workplace, an appropriate user participant is a representative of labor.