Text: H.R.3985 — 115th Congress (2017-2018)All Information (Except Text)

There is one version of the bill.

Text available as:

Shown Here:
Introduced in House (10/05/2017)


115th CONGRESS
1st Session
H. R. 3985


To establish a working group of public and private entities led by the Food and Drug Administration to recommend voluntary frameworks and guidelines to increase the security and resilience of Internet of Medical Things devices, and for other purposes.


IN THE HOUSE OF REPRESENTATIVES

October 5, 2017

Mr. Trott (for himself and Mrs. Brooks of Indiana) introduced the following bill; which was referred to the Committee on Energy and Commerce


A BILL

To establish a working group of public and private entities led by the Food and Drug Administration to recommend voluntary frameworks and guidelines to increase the security and resilience of Internet of Medical Things devices, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Internet of Medical Things Resilience Partnership Act of 2017”.

SEC. 2. Study on the security and resilience of certain medical devices.

(a) Study.—Not later than 5 months after the date of enactment of this Act, the Commissioner of the Food and Drug Administration, in consultation with the National Institute of Standards and Technology, shall establish a working group of public and private entities to develop recommendations for voluntary frameworks and guidelines to increase the security and resilience of net­worked medical devices sold in the United States that store, receive, access, or transmit information to an external recipient or system for which unauthorized access, modification, misuse, or denial of use may result in patient harm.

(b) Working group.—

(1) IN GENERAL.—In developing the rec­om­men­da­tions under subsection (a), the Commissioner shall seek input from a working group representing the Federal Government, industry, and academia.

(2) CHAIRPERSON.—The Commissioner of the Food and Drug Administration, or a designee of the Commissioner, shall serve as the chairperson of the working group established under paragraph (1).

(3) MEMBERSHIP.—Membership of the working group shall include a representative from each of the following:

(A) The Center for Devices and Radiological Health of the Food and Drug Administration.

(B) The Office of the National Coordinator for Health Information Technology of the Department of Health and Human Services.

(C) The Office of Technology Research and Investigation of the Federal Trade Commission.

(D) The Cybersecurity and Communications Reliability Division of the Federal Communications Commission.

(E) The National Institute of Standards and Technology of the Department of Commerce.

(F) The National Cyber Security Alliance.

(4) APPOINTED MEMBERS.—The chairperson shall appoint to the working group a minimum of 3 qualified representatives from each of the following private sector categories:

(A) Medical device manufacturers.

(B) Health care providers.

(C) Health insurance providers.

(D) Cloud computing.

(E) Wireless network providers.

(F) Enterprise security solutions systems.

(G) Health information technology.

(H) Web-based mobile application developers.

(I) Software developers.

(J) Hardware developers.

(c) Report.—Not later than 18 months after the date of enactment of this Act, the Commissioner shall submit to Congress a report on the recommendations developed under subsection (a), including—

(1) an identification of existing cybersecurity standards, guidelines, frameworks, and best practices that are applicable to mitigate vulnerabilities in the devices described in subsection (a);

(2) an identification of existing and developing international and domestic cybersecurity standards, guidelines, frameworks, and best practices that mitigate vulnerabilities in such devices;

(3) a specification of high-priority gaps for which new or revised standards are needed; and

(4) potential action plans by which such gaps can be addressed.