Cybersecurity: Make MDS2 part of the procurement process

Contracting executives can get need-to-know, security-related information about the networked devices and equipment for which they are contracting with the “Manufacturer Disclosure Statement for Medical Device Security (MDS2).”

 

Developed by the Healthcare Information and Management Systems Society (HIMSS) and standardized through a joint effort between HIMSS and the National Electrical Manufacturers Association (NEMA), the MDS2 form provides medical device manufacturers with a means of disclosing the security-related features of their medical devices. Providers can use it to assess the vulnerabilities and risks associated with protecting the health information transmitted or maintained by medical devices.

 

Key benefits of using a standardized form, according to HIMSS and NEMA, include:

  • Provides a comprehensive set of medical device security questions developed through broad stakeholder participation and medical device vendor buy-in.
  • Allows for easy comparison of security features across different devices and different manufacturers.
  • Facilitates the review of the large volume of security-related information supplied by manufacturers.

 

To learn more about the “Manufacturer Disclosure Statement for Medical Device Security,” and to download a copy, go to http://www.himss.org/resourcelibrary/MDS2?navItemNumber=21740.

4 Comments on "Cybersecurity: Make MDS2 part of the procurement process"

  1. James N. Phillips Jr | January 12, 2014 at 4:11 pm | Reply

    As a contracting professional in the Department of Veterans Affairs, this tool offers much needed support in better understanding the complexity of the ever expanding world of medical equipment diagnostics and treatment capability and functionality. Thanks goes to the Healthcare Information and Management Systems Society (HIMSS) and the National Electrical Manufacturers Association (NEMA) have created a great tool for the contracting community to consider.

    • Dennis M. Seymour, CISSP, ITIL | December 11, 2019 at 8:59 am | Reply

      James, I am a former VA employee (retired in 2007), but I chaired the Task Force that created the first 3 versions of the MDS2 beginning in 2003.

  2. Edward Shultz, P.E., C.C.E., M.S.B.A. | March 28, 2016 at 9:57 am | Reply

    If these forms are submitted to the sales force when reviewing a perspective purchase, they often return incomplete or with inaccurate information.

    Do you have a recommendation for language requiring a corporate level at the OEM where these forms may be signed and attested to for accuracy?

  3. Dennis M. Seymour, CISSP, ITIL | December 11, 2019 at 8:58 am | Reply

    James N. Phillips, Jr., not sure you are aware but the initial version of the MDS2 form was developed with a VA employee as the Chairperson of the Medical Device Security Task Force for HIMSS, along with the second and third versions.(It was me). Edward Shultz, many vendors have 2 versions of many forms. One, with little or no proprietary information is shared for sales and marketing. The second version is usually obtained during purchasing process and obtained after signing an NDA. These forms will have far more information, mostly proprietary.

Leave a comment

Your email address will not be published.


*


safe online pharmacy for viagra cheap kamagra oral jelly online