Cybersecurity: Make MDS2 part of the procurement process

Contracting executives can get need-to-know, security-related information about the networked devices and equipment for which they are contracting with the “Manufacturer Disclosure Statement for Medical Device Security (MDS2).”

 

Developed by the Healthcare Information and Management Systems Society (HIMSS) and standardized through a joint effort between HIMSS and the National Electrical Manufacturers Association (NEMA), the MDS2 form provides medical device manufacturers with a means of disclosing the security-related features of their medical devices. Providers can use it to assess the vulnerabilities and risks associated with protecting the health information transmitted or maintained by medical devices.

 

Key benefits of using a standardized form, according to HIMSS and NEMA, include:

  • Provides a comprehensive set of medical device security questions developed through broad stakeholder participation and medical device vendor buy-in.
  • Allows for easy comparison of security features across different devices and different manufacturers.
  • Facilitates the review of the large volume of security-related information supplied by manufacturers.

 

To learn more about the “Manufacturer Disclosure Statement for Medical Device Security,” and to download a copy, go to http://www.himss.org/resourcelibrary/MDS2?navItemNumber=21740.

Comments

  1. James N. Phillips Jr says:

    As a contracting professional in the Department of Veterans Affairs, this tool offers much needed support in better understanding the complexity of the ever expanding world of medical equipment diagnostics and treatment capability and functionality. Thanks goes to the Healthcare Information and Management Systems Society (HIMSS) and the National Electrical Manufacturers Association (NEMA) have created a great tool for the contracting community to consider.

  2. Edward Shultz, P.E., C.C.E., M.S.B.A. says:

    If these forms are submitted to the sales force when reviewing a perspective purchase, they often return incomplete or with inaccurate information.

    Do you have a recommendation for language requiring a corporate level at the OEM where these forms may be signed and attested to for accuracy?

Speak Your Mind

*