We have blogged several times about the somewhat esoteric issue of whether intangible items – chiefly computer software, website algorithms, and other electronic information – is treated as a “product” for purposes of imposing strict liability on their creators. It’s an interesting topic; Eric recently wrote a paper on it, and Bexis is putting together a “white paper” for the Product Liability Advisory Council on the same subject. From these exercises we concluded that a 50-state survey on intangibles as “products” for product liability purposes would be both doable and useful.Continue Reading How the Fifty States View Electronic Data as a “Product”
Technology
New Decision Directly Addresses the “Is Software a Product” Question
As regular readers know, we bloggers have been following the issue of whether software of various sorts – electronic bytes – is a “product” for product liability purposes. It’s a longstanding issue, since the current Restatements of Torts specifically defines a “product” as something “tangible,” which arrays of electrons are not. “A product is tangible…
Remote Depositions in MDLs
As a follow-on to our post last year about remote (Zoom) depositions), we received a suggestion that we examine MDL orders to see how they have been handling remote deposition procedure during the COVID-19 pandemic. That made sense to us because in MDLs every procedural jot and tittle is gone over with a fine-toothed comb. …
Unintended Consequences for Software Liability?
We have been following the issue of potential product liability for software, including in connection with medical devices, for a while. Much of our attention, predictably, has been on FDA regulation of device software, including issues related to resistance to hacking to obtain information or cause harm. Like here, here, here, and…
Dark Web Provider Escapes Wrongful Death Drug Case
Online Pharmaceuticals – Not Much Online Liability
We’ve seen stories lately that an increasing trend towards online sales of prescription drugs could become as much of a threat to retail drugstores as online shopping generally has become to department stores. For non-prescription drugs, that future is already here – just Google “OTC Drugs Online” and check out the results. Or…
Shameless Plug – Free CLE Webinar on 3D Printing and Product Liability
As our loyal readers know, the Reed Smith side of the blog has been very interested in 3D printing, and particularly in its product liability implications. We recently shared with you the most comprehensive law review article to date on this subject (here) – authored by Bexis and Reed Smith associate (and sometimes guest…
Not So Shameless Plug – New 3D Printing Materials
This post is from the Reed Smith side of the blog only.
For well over a year, now Reed Smith has been engaged in an “initiative” concerning the innovative technology, “3D printing,” also known as “additive manufacturing.” We’ve tried to stay on the forefront of the legal implications of 3D printing, particularly the product liability…
What You Need To Know About the FDA’s Guidance on Postmarket Cybersecurity
The FDA released its final Guidance on Postmarket Management of Cybersecurity in Medical Devices during the week between Christmas and New Year. You can link to a full copy here, and we gave you our detailed take on the draft Guidance here. You can also click here to see what our data privacy and security colleagues wrote about the final Guidance on Reed Smith’s Technology Law Dispatch, as they beat us to the presses.
The final Guidance resembles the draft, with a few refinements. We see two guiding principles in the final Guidance. First, the final Guidance continues to follow a risk-based approach. As we observed before, the FDA could not have taken a different tack. Medical devices always present both benefits and risks, and the goal of regulators when it comes to cybersecurity is to assess and mitigate risks without overly compromising a device’s benefits. Second, the FDA recognizes that managing medical device cybersecurity takes a village. Or, in the Agency’s words, “FDA recognizes that medical device cybersecurity is a shared responsibility among stakeholders including health care facilities, patients, providers, and manufacturers of medical devices.” Guidance, at 12.
The final Guidance therefore recommends the implementation of cybersecurity risk management programs. Such programs would include monitoring reported adverse events under current regulations. The FDA also recommends incorporating elements consistent with the National Institute for Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity. Guidance, at 14. We commented in our prior post that the FDA was combining familiar medical device elements with others borrowed from the cybersecurity world. The citation to NIST’s Framework is a perfect example of the wedding between those two worlds.
More specifically, a cybersecurity risk management program would include:
- Monitoring cybersecurity information sources for identification and detection of cybersecurity vulnerabilities and risk;
- Maintaining robust software lifecycle processes;
- Understanding, assessing and detecting presence and impact of a vulnerability;
- Establishing and communicating processes for vulnerability intake and handling;
- Using threat modeling to define clearly how to maintain safety and essential performance of a device by developing mitigations that protect, respond and recover from the cybersecurity risk;
- Adopting a coordinated vulnerability disclosure policy and practice; and
- Deploying mitigations that address cybersecurity risk early and prior to exploitation.
Continue Reading What You Need To Know About the FDA’s Guidance on Postmarket Cybersecurity
Another Modest Proposal (This Time, About Discovery)
Bexis recently attended the “Emerging Issues in Mass-Tort MDLs Conference” sponsored by Duke Law School (those of us from Philly remember Duke as part of “Black Saturday” back in 1979). Several panels discussed various issues relating to MDLs including using early, issue-specific fact sheets, which Bexis advocated be considered amended pleadings subject to Rule 8…