Although vendors often tell customers they can’t remove hard coded passwords from their devices or take other steps to secure their systems because it would require them to take the systems back to the FDA for approval afterward, Erven points out that the FDA guidelines for medical equipment includes a cybersecurity clause that allows a post-market device to be patched without requiring recertification by the FDA.
These are the same people that have been complaining about how awful it is that the Affordable Care Act imposes a medical device tax. Maybe if they weren't so cavalier about deceiving their customers regulation and certification wouldn't cost as much as it does.
I think you have to always assume that people can't be trusted to do the right thing when it comes to lives of others. The FDA has to employ policies which gives us a reasonable confidence that a vendor's device/test/whatever is safe and effective.
Disclaimer: I have worked on FDA cleared medical devices my entire career.
I think most of the time you can trust people to do the right thing when it comes to the lives of others, when the right thing is sufficiently clear, when the fact that it involves the lives of others is sufficiently salient, and when there are not enormous incentives to do otherwise.
I'm not sure you took my meaning. Even if what you say is true, a regulating body must view everyone with skepticism. They have to walk into an audit/filing review with a "prove it to me" attitude else risk doing real harm to people.
These are the same people that have been complaining about how awful it is that the Affordable Care Act imposes a medical device tax. Maybe if they weren't so cavalier about deceiving their customers regulation and certification wouldn't cost as much as it does.