Photo of Bexis

We have blogged several times about the somewhat esoteric issue of whether intangible items – chiefly computer software, website algorithms, and other electronic information – is treated as a “product” for purposes of imposing strict liability on their creators.  It’s an interesting topic; Eric recently wrote a paper on it, and Bexis is putting together a “white paper” for the Product Liability Advisory Council on the same subject.  From these exercises we concluded that a 50-state survey on intangibles as “products” for product liability purposes would be both doable and useful.Continue Reading How the Fifty States View Electronic Data as a “Product”

Photo of Bexis

As regular readers know, we bloggers have been following the issue of whether software of various sorts – electronic bytes – is a “product” for product liability purposes.  It’s a longstanding issue, since the current Restatements of Torts specifically defines a “product” as something “tangible,” which arrays of electrons are not.  “A product is tangible

Photo of Bexis

As a follow-on to our post last year about remote (Zoom) depositions), we received a suggestion that we examine MDL orders to see how they have been handling remote deposition procedure during the COVID-19 pandemic.  That made sense to us because in MDLs every procedural jot and tittle is gone over with a fine-toothed comb. 

Photo of Stephen McConnell

This last week of May has been a big one in the James Bond universe. It includes the birthdays of Ian Fleming, who wrote the books, of Richard Maibaum, who wrote many of the screenplays, and of Clifton James, who played the comically exasperated southern Sheriff in the Live and Let Die and The Man

Photo of Bexis

This post is from the Reed Smith side of the blog only.

For well over a year, now Reed Smith has been engaged in an “initiative” concerning the innovative technology, “3D printing,” also known as “additive manufacturing.”  We’ve tried to stay on the forefront of the legal implications of 3D printing, particularly the product liability

Photo of Steven Boranian

The FDA released its final Guidance on Postmarket Management of Cybersecurity in Medical Devices during the week between Christmas and New Year. You can link to a full copy here, and we gave you our detailed take on the draft Guidance here. You can also click here to see what our data privacy and security colleagues wrote about the final Guidance on Reed Smith’s Technology Law Dispatch, as they beat us to the presses.

The final Guidance resembles the draft, with a few refinements. We see two guiding principles in the final Guidance.  First, the final Guidance continues to follow a risk-based approach.  As we observed before, the FDA could not have taken a different tack.  Medical devices always present both benefits and risks, and the goal of regulators when it comes to cybersecurity is to assess and mitigate risks without overly compromising a device’s benefits.  Second, the FDA recognizes that managing medical device cybersecurity takes a village.  Or, in the Agency’s words, “FDA recognizes that medical device cybersecurity is a shared responsibility among stakeholders including health care facilities, patients, providers, and manufacturers of medical devices.”  Guidance, at 12.

The final Guidance therefore recommends the implementation of cybersecurity risk management programs.  Such  programs would include monitoring reported adverse events under current regulations.  The FDA also recommends incorporating elements consistent with the National Institute for Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity.  Guidance, at 14.  We commented in our prior post that the FDA was combining familiar medical device elements with others borrowed from the cybersecurity world.  The citation to NIST’s Framework is a perfect example of the wedding between those two worlds.

More specifically, a cybersecurity risk management program would include:

  • Monitoring cybersecurity information sources for identification and detection of cybersecurity vulnerabilities and risk;
  • Maintaining robust software lifecycle processes;
  • Understanding, assessing and detecting presence and impact of a vulnerability;
  • Establishing and communicating processes for vulnerability intake and handling;
  • Using threat modeling to define clearly how to maintain safety and essential performance of a device by developing mitigations that protect, respond and recover from the cybersecurity risk;
  • Adopting a coordinated vulnerability disclosure policy and practice; and
  • Deploying mitigations that address cybersecurity risk early and prior to exploitation.

Continue Reading What You Need To Know About the FDA’s Guidance on Postmarket Cybersecurity

Photo of Bexis

Bexis recently attended the “Emerging Issues in Mass-Tort MDLs Conference” sponsored by Duke Law School (those of us from Philly remember Duke as part of “Black Saturday” back in 1979).  Several panels discussed various issues relating to MDLs including using early, issue-specific fact sheets, which Bexis advocated be considered amended pleadings subject to Rule 8