Purchasing biomedical devices is a complex process. Clinical Engineering is the approving body for biomedical device purchases, no matter the budget or department procuring the device. Most biomedical devices do have a computer on board and the vast majority have electronic patient information on that computer – that automatically makes that device applicable to the HIPAA regulations.
Recommended step for HIPAA/IT review of biomedical devices:
If the vendor will be supplying maintenance to the biomedical device, and if the device will contain any kind of patient information, a Business Associate Agreement will be required as well.
- A Manufacturer Disclosure Statement for Medical Device Security form (MDS2) is be sent to a biomedical device manufacturer, received and answers approved (by Clinical Engineering) before the item is purchased by VUMC. There are 19 questions that should be asked and scrutinized, such as any other RFI/RFP question, and those answers need to be included in the cost/benefit analysis of these devices. Over 1200 hospital providers now have these forms and are starting to become infiltrated throughout the healthcare manufacturer environment.