Internet of Medical Things Resilience Partnership Act of 2017
This bill requires the Food and Drug Administration to establish a working group in order to develop recommendations on improving the security and resilience of networked medical devices.
[Congressional Bills 115th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3985 Introduced in House (IH)]
<DOC>
115th CONGRESS
1st Session
H. R. 3985
To establish a working group of public and private entities led by the
Food and Drug Administration to recommend voluntary frameworks and
guidelines to increase the security and resilience of Internet of
Medical Things devices, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
October 5, 2017
Mr. Trott (for himself and Mrs. Brooks of Indiana) introduced the
following bill; which was referred to the Committee on Energy and
Commerce
_______________________________________________________________________
A BILL
To establish a working group of public and private entities led by the
Food and Drug Administration to recommend voluntary frameworks and
guidelines to increase the security and resilience of Internet of
Medical Things devices, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Internet of Medical Things
Resilience Partnership Act of 2017''.
SEC. 2. STUDY ON THE SECURITY AND RESILIENCE OF CERTAIN MEDICAL
DEVICES.
(a) Study.--Not later than 5 months after the date of enactment of
this Act, the Commissioner of the Food and Drug Administration, in
consultation with the National Institute of Standards and Technology,
shall establish a working group of public and private entities to
develop recommendations for voluntary frameworks and guidelines to
increase the security and resilience of networked medical devices sold
in the United States that store, receive, access, or transmit
information to an external recipient or system for which unauthorized
access, modification, misuse, or denial of use may result in patient
harm.
(b) Working Group.--
(1) In general.--In developing the recommendations under
subsection (a), the Commissioner shall seek input from a
working group representing the Federal Government, industry,
and academia.
(2) Chairperson.--The Commissioner of the Food and Drug
Administration, or a designee of the Commissioner, shall serve
as the chairperson of the working group established under
paragraph (1).
(3) Membership.--Membership of the working group shall
include a representative from each of the following:
(A) The Center for Devices and Radiological Health
of the Food and Drug Administration.
(B) The Office of the National Coordinator for
Health Information Technology of the Department of
Health and Human Services.
(C) The Office of Technology Research and
Investigation of the Federal Trade Commission.
(D) The Cybersecurity and Communications
Reliability Division of the Federal Communications
Commission.
(E) The National Institute of Standards and
Technology of the Department of Commerce.
(F) The National Cyber Security Alliance.
(4) Appointed members.--The chairperson shall appoint to
the working group a minimum of 3 qualified representatives from
each of the following private sector categories:
(A) Medical device manufacturers.
(B) Health care providers.
(C) Health insurance providers.
(D) Cloud computing.
(E) Wireless network providers.
(F) Enterprise security solutions systems.
(G) Health information technology.
(H) Web-based mobile application developers.
(I) Software developers.
(J) Hardware developers.
(c) Report.--Not later than 18 months after the date of enactment
of this Act, the Commissioner shall submit to Congress a report on the
recommendations developed under subsection (a), including--
(1) an identification of existing cybersecurity standards,
guidelines, frameworks, and best practices that are applicable
to mitigate vulnerabilities in the devices described in
subsection (a);
(2) an identification of existing and developing
international and domestic cybersecurity standards, guidelines,
frameworks, and best practices that mitigate vulnerabilities in
such devices;
(3) a specification of high-priority gaps for which new or
revised standards are needed; and
(4) potential action plans by which such gaps can be
addressed.
<all>
Introduced in House
Introduced in House
Referred to the House Committee on Energy and Commerce.
Referred to the Subcommittee on Health.
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line