A former FDA official argues that medical device repair needs stricter oversight to protect patient safety amid growing right to repair efforts.
By Peter J. Pitts
[Editor’s Note: The following article is an opinion piece contributed by a guest author and does not necessarily reflect the views of 24×7 Magazine or its editorial team. As the conversation around right to repair continues, we are committed to presenting a range of perspectives on this complex and evolving issue.]
Most of us have (mostly fond) childhood memories of an adult trying to fix something. A rusty toolbox came out, and the tinkering began. A broken radio, a sputtering lawn mower, a kitchen appliance on its last leg. The ubiquitous home workbench wasn’t uncommon—because it was a necessity. Choices were limited, service centers were few and far between, and replacement parts weren’t a simple Google search away. We were a DIY nation.
The right to repair movement is rooted in that same do-it yourself spirit. But today the world is a different place. We live in an age of smart technology and the Internet of Things, where devices don’t just function; they communicate, adapt, and often play critical roles in systems larger than themselves and are beyond our abilities (if not our desires) to tinker. For example, breathing ventilators are connected to hospital digital monitoring systems, and blood glucose monitors can be synced with patient smartphones to provide real-time data and alerts. But while such 21st-century interconnectedness brings efficiency and opportunity, especially in the health care space, it also presents challenges.
There is no doubt right to repair has gained traction in recent years, championed by consumer advocates who believe product ownership should come with the freedom to fix, modify, or extend the life of their products. In fact, according to PIRG, all 50 US state legislatures now have considered some type of right to repair bill over the last eight years.
At its core, the argument is compelling. Right to repair can reduce waste, lower costs, and empower individuals. But as with many sweeping reforms, the danger is in the dosage. When right to repair policies are applied too broadly, particularly to complex, highly regulated medical technologies, the consequences aren’t just theoretical. They can be life-altering—and not in a good way.
The Hidden Risks of Expanding Repair Access
Whether we like it or not there are nuanced risks of extending right to repair policy to technologies that sit at the intersection of engineering, medical precision, and patient safety. While accessibility and autonomy matter, so does knowing where right to repair crosses into dangerous territory.
The US has long prided itself on setting a global standard in healthcare—world-class hospitals, cutting-edge devices, and highly trained professionals. According to the Food and Drug Administration (FDA), medical devices range from basic instruments like tongue depressors to intricate equipment like robotic surgical systems and MRI machines. That range of complexity matters.
Consider this: What if we couldn’t guarantee the safety and performance of the sophisticated tools that are so critical to our healthcare?
That’s the crux of the concern regarding right to repair and medical technologies. Servicing performed by original equipment manufacturers (OEMs) is governed by rigorous FDA oversight and upheld through strict quality system regulations. Every technician must follow protocols designed to ensure safety, reliability, and accountability. But independent service organizations (ISOs) and their employees aren’t held to these same standards. In fact, the FDA doesn’t even know who they are, how they are trained, or when their “fixing the problem cheaper” leads to more serious issues. ISOs have no required record-keeping requirements for life-altering mishaps caused by their device repair mistakes.
Granting unrestricted access to proprietary service manuals, tools, and software—without ensuring those who use them are properly trained or held accountable—poses significant risks to patients. Effective servicing involves far more than just swapping parts or accessing a manual. It requires advanced training, real-time data tracking, and comprehensive quality assurance skills. Even small deviations in repair protocols can lead to device malfunctions or inaccurate readings that compromise patient care and raise healthcare costs.
Real-World Consequences and Policy Gaps
The risks aren’t hypothetical. According to a 2018 FDA report, of 4,301 documented instances of medical devices serviced by third parties, there were 40 deaths, 294 serious injuries, and over 3,700 cases of device malfunction. While the report cautioned that “currently available objective information is not sufficient to conclude whether or not there is a widespread public health concern,” it also acknowledged that “poor quality servicing may lead to poor device performance, device malfunction, and adverse events.” The same report emphasized cybersecurity as a growing area of concern—particularly when unauthorized access to software could lead to vulnerabilities in hospital and medical practice systems that are increasingly networked and digitally integrated.
Some argue that the COVID-19 pandemic illustrated why right to repair legislation is necessary. But a public health emergency should not become the template for permanent policy. During crises, standards are sometimes relaxed to meet urgent needs—but that doesn’t mean those exceptions are safe or sustainable over the long term.
Nevertheless, right to repair legislation directly targeting medical devices is moving forward. Earlier this year, Vermont introduced a bill to establish the right to repair for medical devices, and North Carolina followed suit in March. These proposals allow unregulated entities to service complex equipment—without FDA oversight. What these pieces of legislation fail to address are concerns from physicians, biomedical engineers, and patients about the integrity of care when repairs are made without the same regulatory scrutiny applied to OEMs.
The right to repair movement isn’t just playing out in statehouses. The US Copyright Office, through Section 1201 of the Digital Millennium Copyright Act, has granted exemptions allowing circumvention of software protections for certain purposes, including medical device repair. While well-intended, such policies open the door to manuals and tools being copied, distributed online, and used by those with no regulatory standardized training or accountability.
Toward a Safer, Smarter Repair Framework
What’s the solution? If cost savings are the goal—and that’s a valid one—then there’s a responsible path forward. ISOs should be required to register with the FDA and implement robust quality management systems, participate in medical device reporting programs, and meet basic competency and safety standards. Transparency and accountability should be non-negotiable.
When medical devices fail, patient safety is at risk, and healthcare costs rise.
Patient safety matters most. No one wants to be treated with equipment that’s been serviced by someone unqualified and without regulatory oversight. The dusty toolbox may have worked days gone by—but in today’s interconnected, high-stakes healthcare environment, we need stronger safeguards.
Empowering consumers is important. Even more urgent is protecting lives. Right to repair doesn’t need to be dismantled or denied, but when it comes to medical devices, it absolutely requires guardrails.
About the author: Peter J. Pitts, a former FDA associate commissioner and member of the United States Senior Executive Service, is president of the Center for Medicine in the Public Interest, and a visiting professor at the University of Paris School of Medicine.
ID 259923000 © Skrypko Ievgen | Dreamstime.com
The solution isn’t for OEMs to provide adequate knowledge for the work to be done in a timely and safe manner? The proposed solution is to regulate everyone. The root of the problem is greed, being able to charge 6k for someone to show up because no parts are available regardless of skill, training, or knowledge. Everything biomeds do is patient safety driven, it would be safer if more knowledge was available.
When everyone is on the same regulatory playing field, the OEMs will suddenly start sharing knowledge and offering training? I find that extremely hard to believe. They have no financial incentive to charge less money.
Show me the path forward that doesn’t gouge the hospital financially and is patient safety driven. The author’s solution does nothing but cast blame on everyone but the OEMs. Write a story from our perspective of not being able to buy a screw because you didn’t attend training because turning a screw driver requires special training that expires.
While there is at least a grain of truth in Mr Pitts arguments, his dismissive description of our formerly “DIY nation” requires pushback, and not only from DIYer’s.
I wasn’t a DIY type but just liked math and science, so I obtained a BSEE. Circuitous circumstances subsequently landed me in clinical engineering, where my focus evolved over time into safety and systems engineering. Over the years I frequently wrote about my colleagues’ work on the operations side from my somewhat different perspective (24×7 published some of my musings on the topic). I also got involved with projects and standards committees involved in early medical device interoperability work. And that got me working with engineers leading similar efforts in the manufacturing side of the business.
One of the things that struck me and I wrote about was how as technology evolved away from discrete towards integrated electronic components, general purpose test equipment didn’t follow suit. Service professionals increasingly became dependent upon make and model specific test hardware and then over time software. For all practical purposes, there were no standards to support the service side of the business. While that may not have posed a problem for manufacturers (MDMs), it did for those on the hospital side of the business. My employer, a large teaching hospital. had literally thousands of different makes and models of equipment in its inventory. Ten or more new models of various device types arrived EVERY MONTH. How would the FDA suggest hospitals or third-party service providers deal with that from a training perspective, and of users as well as service providers?
In one of my heated conversations with a MDM marketing manager, I asked why there were so many varieties of user interfaces (UIs) for the same type of medical devices, particularly ones like infusion pumps where patient safety was a critical concern. The answer? Because often that is the only thing that differentiates our products from our competition. I’m not making that up. Think on that and the implications on hiring or contracting for experienced nurses.
If the FDA cared as much about safety as it likes to believe it does, it would be aware of these types of issues and do something about them. It’s not as if people like me haven’t been bringing them up for decades.
Now, and for the record, I agree that there also needs to be standards and regulations for training and certification of medical device maintenance professionals. A colleague of mine who was very active in the Right to Repair movement and I somewhat disagreed on this point. I support Right to Repair in general, but where enacted it needs constraints to avoid the kids of issues Mr Pitts raises.
On the other hand, if the FDA really cares about patient safety, it needs to simultaneously attend to its tone-deaf lack of patient-safety centered standards and regulations on medical device user interfaces, service training, and clinical user training.
I want to disagree with this article, but I can’t. after 22+ years in this industry I’ve watched doctors, ISO and in house biomed bosses cut corners, rig devices, etc. I’ve watched technicians come into this industry with no training, no background, not even a college education cut corners, misdiagnose devices, replace parts that have nothing to do with the error, and sometimes may not even belong to that device. slap stickers(replace pm stickers without testing a device), tech’s use the wrong test equipment to test a device(o2 analyzer for a neo-puff), managers decide what parts from an annual pm kit should be replaced annually, or until failure(flying in the face of preventative maintenance). The horrors i’ve seen on the biomed side and from doctors, nurses and staff in facilities as well, makes me never want to go to a hospital, asc, etc for anything. we need heavy regulation but not just on ISOs, all biomed’s.
There are many large mfr’s that refuse to sell parts, manuals, etc. even after they’ve chosen to move the device to EOL.
Peter J. Pitts’ recent article offers a passionate yet fundamentally flawed critique of expanding right-to-repair policies to medical technologies. While all share his concerns about patient safety and device complexity in the healthcare field, his argument overlooks critical facts about the profession of clinical engineering and healthcare technology management (HTM). It further misrepresents the existing safeguards and qualifications that hospital-based professionals bring to medical device servicing.
1. Clinical Engineering and HTM: A Proven Track Record of Safety and Competence
For over 50 years, hospitals have safely and effectively maintained, calibrated, and repaired their own medical equipment through highly trained biomedical equipment technicians (BMETs) and clinical engineers. These professionals are not hobbyists with “dusty toolboxes,” as the article implies, but rather degreed, certified, and credentialed experts, many with decades of experience working directly alongside clinicians to ensure that equipment performs safely and accurately at the point of care. Mr. Pitts’ ignorance of these professionals is unbecoming of a former FDA commissioner, and the implication that they are just some garage shop, DIY tinkerers is both deeply offensive and insulting, in the extreme.
Hospital-based HTM departments are guided by:
• Rigorous internal policies and procedures aligned with CMS Conditions of Participation and The Joint Commission standards,
• Preventive maintenance programs that often exceed manufacturer recommendations,
• Incident investigation and adverse event reporting systems, and
• Commitment to continuous professional education, including OEM training and third-party certifications.
In short, hospitals already have highly competent in-house and/or ISO teams capable of performing device maintenance at or above the level of many manufacturer service providers—and they’ve been doing so with documented success and safety for decades.
2. Manufacturers That Collaborate, Win
While some manufacturers restrict service manuals, tools, and parts under the guise of “patient safety,” others have chosen to partner constructively with clinical engineering teams. These forward-thinking companies:
• Provide device-specific training to hospital staff,
• Offer tiered and flexible service agreements,
• Support open communication and troubleshooting,
• Respect hospital autonomy while enhancing support efficiency.
These partnerships often yield faster response times, lower service costs, and better patient outcomes, particularly in remote or resource-constrained hospitals where waiting days for an OEM technician can put lives at risk. A “locked box” approach to service undermines rather than supports care delivery.
A subtle, yet profound, additional benefit to these manufacturers of having their equipment supported in-house is often the improved perception among their clinical users that this equipment ‘always just seems to work.’
3. Accountability Exists—and Can Be Strengthened for All
Mr. Pitts’ assertion that independent service organizations (ISOs) and hospital teams operate without oversight ignores both the current regulatory landscape and opportunities for collaborative improvement. Hospitals are already subject to detailed accreditation audits, and any adverse event linked to equipment failure must be investigated and reported, whether caused by an OEM or in-house repair.
If additional transparency is needed, the solution is not to prohibit access, but to require all servicers, including OEMs, to:
• Adhere to minimum quality management standards,
• Participate in adverse event reporting,
• Maintain documentation on service history and personnel competency.
This approach ensures uniform accountability rather than selectively applying it to non-OEM entities.
4. Cybersecurity and Software Concerns: Real, but Manageable
The article rightly raises concerns about cybersecurity in a digitally connected medical environment. However, denying hospitals access to diagnostic software or requiring internet-enabled “phone home” tools controlled only by OEMs is itself a security risk. Hospitals must be empowered to secure, audit, and manage their own systems without being forced to rely on remote OEM gateways or opaque firmware.
Collaborative cybersecurity frameworks—not exclusionary service restrictions—are the path forward.
5. The “Emergency Exception” Fallacy
Citing the COVID-19 pandemic as an aberration is misleading. What the pandemic exposed was not that temporary policy relaxations were reckless, but rather that overly rigid OEM control of repairs placed patient care at risk. Hospitals rose to the occasion, often repairing and repurposing ventilators, infusion pumps, and monitors with ingenuity, speed, and care. This was not unsafe improvisation—it was a reaffirmation of the value and reliability of in-house HTM professionals.
________________________________________
Conclusion: Support Hospitals, Not Monopolies
Hospitals should have the right to repair the equipment they depend upon daily. Doing so is not a step backward but a reaffirmation of trust in the skilled and deeply committed professionals who already maintain the integrity of our healthcare systems. It is with them and the tireless, often invisible work that they do that patient safety truly begins.