Draft Medical Device Manufacturer Internet of Things (IoT) Code of Conduct


The Global Digital Health Partnership (GDHP) is a collaboration of governments and territories, government agencies and the World Health Organization, formed to support the effective implementation of digital health services. Established in 2018, the GDHP provides opportunities for engagement between members to learn what has worked globally on areas such as data sharing, electronic health records, e-Prescribing, and patient access. The GDHP comprises five work streams that regularly convene to plan, share best practices, and create deliverables: Cybersecurity, Interoperability, Evidence and Evaluation, Policy Environments and, Clinical and Consumer Engagements.

As a participant member of the Cybersecurity workstream, ONC assists in developing strategies that can strengthen the processes and practices designed to protect healthcare related devices, systems and networks, as well as the data within them, from security risks and cyber-attacks.


As a part of the overall Cybersecurity workstream goals, ONC collaborated with global participants to develop a draft Medical Device Manufacturer Internet of Things (IoT) Code of Conduct.

The purpose of this code of conduct is to establish a central guide and reference for device manufacturers that enumerates various cybersecurity best practices and recommendations that will provide a baseline for achieving the desired state of cybersecurity posture for medical devices.

ONC and GDHP are working to together to solicit feedback on this foundational draft to mature the Code of Conduct into adoptable guidelines for medical manufacturers. Public comments will be accepted until March 31, 2020.