Manufacturer Disclosure Statement for Medical Device Security
In light of increased focus on medical device security, the HIMSS Medical Device Security Work Group created the Manufacturer Disclosure Statement for Medical Device Security (MDS2). Over the last four years, the MDS2 form has gained acceptance as a useful tool in the risk assessment process. Seeking to formalize the form and gain input from a borader stakeholder audience, HIMSS partnered with the National Electrical Manufacturers Association (NEMA) to develop the MDS2 standard.
The intent of the MDS2 is to supply healthcare providers with important information that can assist them in assessing the vulnerability and risks associated with electronic Protected Health Information (ePHI) transmitted or maintained by medical devices. Because security risk assessment is a broad, organization-wide effort, this document focuses on only those elements of the risk assessment process associated with medical devices and systems that maintain or transmit ePHI. A standardized form allows manufacturers to quickly respond to a potentially large volume of requests from providers for information regarding the security-related features of the medical devices they manufacture. The standardized form also facilitates the providers’ review of the large volume of security-related information supplied by the manufacturers.
