Q&A: The facts about the PATCH Act
This article originally appeared in Medical Design and Outsourcing News on September 4, 2024.
As the October 1st deadline for the new US Protecting and Transforming Cyber Health Care Act of 2022 (PATCH Act) comes into force, the medical device industry is gearing up to meet all the requirements before premarket submissions to the US Food and Drug Administration (FDA).
With the FDA potentially refusing to accept submissions that fail to meet the requirements, sponsors, and developers of cyber devices must be diligent about how to comply with the act.
The PATCH Act, which has been in development for several years, defines a framework for minimal cybersecurity focus within medical devices. On December 29th, 2022, the Act was signed into US law and from March 29, 2023, a premarket application or submission of cyber devices had to contain all information required by the FDA. In this period, the FDA holds back from issuing refuse to accept (RTA) for premarket submissions of cyber devices submitted before October 1st, 2023.
In an exclusive interview with Medical Device Network, former FDA software system safety expert Paul Jones, and Ketryx founder Erez Kaminski, discuss all the concerns surrounding the enforcement of the PATCH Act.