According to a press release from Draeger®, the Veteran’s Administration® is deploying Draeger’s Infinity M300 patient monitors on its Wi-Fi® networks, even though the monitors are not validated for FIPS 140-2.  To get around the FIPS 140-2 requirement, the VA issued a waiver for the monitors.

“This decision by the VA to allow use of its wireless network for patient telemetry represents the first such use within the VA hospital environment,” says Rick Sullivan, VP of Government Affairs at Draeger.

Why did VA issue the waiver?  Is it because Draeger “is committed to obtaining FIPS 140-2, Level 1 certification for a future” patient monitor?  A lot of medical device vendors have a similar commitment but, as we discuss in our white paper on FIPS 140-2, obtaining a FIPS 140-2 validation for a Wi-Fi client device can be very challenging.  That’s why no patient monitors are validated!

Perhaps the Draeger monitors do not transmit sensitive information, such as patient identification, across the network.  We cannot review the waiver because it is posted only on the VA intranet and not on an external Web site.

View a previous post on FIPS 140-2 security in VA hospitals here.

Tagged with:

2 Responses to VA Waives FIPS 140-2 Requirement for Wi-Fi® Patient Monitor

  1. […] federal government standard for encryption and decryption. Our previous blog posts on FIPS 140-2 (here and here) noted how few medical devices are validated for FIPS […]

  2. […] VA Waives FIPS 140-2 Requirement for Wi-Fi Patient Monitor: The Veteran’s Administration® has chosen to deploy a Draeger  patient monitor on its Wi-Fi® networks, even though the monitors are not validated for FIPS 140-2. […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Real Time Analytics