During August 2012, the United States Government Accountability Office (GAO) published a report recommending that the US Food & Drug Administration (FDA) develop and implement a plan expanding its focus on information security risks. For example, medical devices increasingly have wireless communications built into them.
In comments on a draft of the report, the US Department of Health & Human Services concurred with GAO’s recommendation and described relevant efforts FDA has initiated.
Virtual PV notes that Apps for use on smart phones and tablets have the potential to be classed as medical devices, depending upon their exact application. Even where not so classed, proper consideration of information security requirements is vital when specifying and designing software for use in GxP environments (and, indeed, more generally).
The full report from the US GAO may be found here: http://www.gao.gov/products/GAO-12-816.