June 08, 2017
On April 1, 2017, the Chinese government published draft cyber security legislation on the sale of medical devices online in order to seek public opinion.
In its current wording, the bill states that all websites offering medical devices for sale must be declared to the local health authorities. Website owners who fail to declare such websites risk a fine even if they themselves are not selling the devices. The draft states that after reviewing the declaration, the health authority will decide whether or not to grant an authorisation to the website. Once authorisation has been given, all information related to the website operator will be published within seven days.
It would also be the website operator’s responsibility to ensure that qualified independent professionals control the quality of the medical devices sold on their websites and to log all information related to these goods. The information will be retained for the lifetime of the device or for up to two years following its expiry date.
The bill also states that companies selling said medical devices online who had not already obtained a manufacturing permit would also have to declare their website to the relevant Food and Drugs Administration within 30 days of the receipt the authorization.
The aim of the proposed legislation is to make the Chinese internet safer in terms of the online sale of medical devices. Cybersecurity breaches may lead to the malfunction of devices which could cause death or injury to patients as well as breaches to their data protection and privacy rights.