Lawmakers look to clarify electronic medical device use in secure facilities 

Two Democratic lawmakers are looking to establish standardized policies and transparency requirements for the use of electronic medical devices in sensitive compartmented information facilities, or SCIFs.

The legislative proposal, from Sens. Peter Welch, D-Vt., and Bob Casey, D-Pa., would pave the way for employees who use certain healthcare instruments to work in the facilities that store highly classified information, while also still maintaining strict security standards.

The bill is primarily focused on outlining the types of devices allowed in SCIFs, while also requiring officials to pay more attention to the medical instruments that are allowed and not allowed in the various classified facilities. Agencies do not typically allow electronic devices, whether cell phones or other digital gadgets, into SCIFs to maintain the security of the sensitive data stored within them.

Recent federal oversight, however, has encouraged the intelligence community to better clarify its policies regarding the use of certain electronic medical devices.

A report released by the Government Accountability Office in January found that agencies’ SCIFs inconsistently applied the level of access offered to personnel with disabilities requiring the use of electronic medical devices. The review also said that the Office of the Director of National Intelligence failed to establish “minimum specifications for common accessibility concerns and addressing accessibility in inspections” of the classified settings. 

In response to the watchdog’s report, ODNI subsequently released a directive in April that said, in part, that the intelligence community “shall take a consistent approach to the management of [electronic medical devices] to promote workforce mobility and accessibility” and outlined a review and appeals process for those seeking to bring their healthcare instruments into SCIFs.

The lawmakers said in a press release that their bill would codify some of ODNI’s directive and also require the agency to submit information to Congress on how it approves and denies devices.

“People with disabilities should not be forced to forego career opportunities simply because of the medical technology they rely on,” Casey said in a statement. “This bill will help make it possible for people with disabilities to serve our country and pursue careers in national security while still having access to the devices and accommodations they need to thrive.”

Starting on the date of the bill’s enactment, the legislation would require the heads of covered intelligence community entities to develop and maintain “a ledger to track the approval and denial of requests for electronic medical device use” for each SCIF under their authority. 

These officials would also be required to maintain lists of the approved instruments, as well as devices “approved for limited use.”

Within 180 days, the heads of covered agencies would be directed to develop a policy for the use of electronic medical devices” within their respective SCIFs, including outlining “a list of the types of electronic medical devices that are approved for use.”

The legislation would also empower the “Electronic Medical Device Governance Board,” which was outlined in ODNI’s report, with reviewing “electronic medical device security and equity concerns for covered agencies” and establishing “a publicly accessible database of electronic medical devices that have been approved or denied.”

To address potential cyber threats resulting from the use of the devices within SCIFs, the board would also be tasked with determining the threat to national national security posed by the instruments and with evaluating the effectiveness of potential risk mitigation measures.