Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it's official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

CMS Oversight of Hospital Management of Networked Medical Device Security Through the Medicare Conditions of Participation

Networked medical devices are common and include infusion pumps, pacemakers, and diagnostic imaging equipment. These devices can be used to deliver care, transfer patient data, and/or remotely monitor patients. However, if hospitals do not have proper cybersecurity controls in place, the devices could be compromised, which could lead to adverse outcomes, such as loss of device functionality and patient harm. The Centers for Medicare & Medicaid Services' (CMS's) protocol for assessing hospitals' compliance with the Conditions of Participation (CoP) does not explicitly address cybersecurity practices for networked medical devices. It is unclear whether the survey protocols of accreditation organizations (AOs), which must meet or exceed those of CMS, evaluate cybersecurity when they review hospitals' compliance with the CoP. We will determine if any of the AOs address cybersecurity of networked medical devices when they assess compliance with accreditation requirements. For those that do, we will describe how they have done so and their experiences with hospitals. We will also identify any changes to their survey protocols that CMS or AOs are considering to address cybersecurity of networked medical devices.

Announced or Revised Agency Title Component Report Number(s) Expected Issue Date (FY)
May 2020 Centers for Medicare and Medicaid Services CMS Oversight of Hospital Management of Networked Medical Device Security Through the Medicare Conditions of Participation Office of Evaluation and Inspections OEI-01-20-00220 2021