By American College of Clinical Engineering
A recent trade publication op-ed by Tom Leary of HIMSS on 24×7 Magazine argues that extending right-to-repair principles to medical devices risks patient safety because healthcare technology is too complex, too interconnected, and too consequential to be serviced outside manufacturer-controlled channels. The concern is understandable. Medical equipment is not a phone screen or a household appliance. A miscalibrated imaging system, a failed software update, or an improperly installed component can affect diagnosis, treatment, cybersecurity, and patient outcomes.
But that framing misses the central issue. The right to repair is not a demand to let unqualified people perform unsafe work. It is a demand to give qualified professionals the information, parts, diagnostic tools, calibration procedures, and software access they need to perform safe work promptly and according to applicable performance standards.
In healthcare, repair access is not the enemy of patient safety. Repair access is often what patient safety requires.
Hospitals already bear the legal, operational, and ethical responsibility for maintaining medical equipment. They are accountable for preventive maintenance, repair documentation, device availability, incident response, and compliance with federal, state, and accrediting requirements. Their biomedical engineering and clinical technology teams are not peripheral actors in the healthcare system. They are embedded in it. They know the devices, the clinical workflows, the network environment, the urgency of downtime, and the consequences when equipment is unavailable.
The question is not whether medical device service requires expertise. Of course it does. The question is why highly qualified hospital-based and independent technicians should be denied the materials required to exercise that expertise.
The op-ed’s strongest claim is that “safe repair” requires oversight and precision. That is true. But it does not follow that safety requires manufacturer exclusivity. The US Food and Drug Administration reported to the congress that they have found objective evidence that both manufacturers and third-party entities can provide high-quality, safe, and effective servicing of medical devices. Those reports have reached the same practical conclusion: hospital biomedical technicians and independent service organizations can provide service quality comparable to manufacturer field service when they have the necessary tools and documentation.
The real danger is not independent repair. The real danger is repair delay caused by restricted access.
Modern medical devices are complex systems of hardware, embedded software, calibration data, configuration files, diagnostic functions, service manuals, replacement parts, and network integration. A problem in any one layer can make equipment unavailable for patient care. When a qualified technician cannot access diagnostic software or service documentation, the device does not become safer. It remains down. When a technician cannot obtain a necessary part, the device does not become more secure. It remains unavailable. When calibration or testing procedures are withheld, the hospital’s ability to return equipment to proper operation is impaired.
That is not a safety model. It is a bottleneck.
In medical imaging, downtime has real clinical consequences. If a CT scanner, X-ray system, nuclear medicine device, catheterization lab, or other critical system is unavailable, patients may wait longer for diagnosis or treatment. They may need to be transferred. They may have to travel to another facility. In rural or smaller hospitals with limited redundancy, one unavailable device can mean a service line is effectively unavailable.
In one survey, data from 222 medical repair professionals showed the scale of the problem that lack of right to repair causes. More than 30% reported having equipment in their facilities that could not be used because of restrictions on spare parts and service information. More than 91% reported being denied service information for critical equipment, including defibrillators, ventilators, anesthesia machines, and imaging equipment. Nearly 89% reported that manufacturers had refused to sell spare parts.
These are not abstract fears about hypothetical unsafe repairs. They are concrete reports of equipment being kept out of service because qualified repair pathways were blocked.
The op-ed warns that right-to-repair mandates would “open access” to unregulated third parties. But a serious right-to-repair policy need not lower qualification standards. It can require access on fair and reasonable terms for hospitals, qualified biomedical technicians, and independent service organizations operating under recognized quality systems. Many independent service providers already use quality management frameworks. Hospitals already maintain documentation and compliance obligations. The better policy question is how to ensure accountability across all service channels, not how to preserve a repair monopoly. A basic right- to-repair regulation has been in place in EU since 1993 (MDD) and reiterated in 2017 (MDR).
Indeed, restricting repair access may undermine the very accountability the op-ed claims to protect. Hospitals are the institutions responsible for patient care and equipment availability. They answer to regulators, accreditors, clinicians, and patients. Their incentives are aligned around uptime, safety, and operational reliability. A manufacturer’s service division, by contrast, also has a commercial interest in selling service contracts, replacement parts, upgrades, and new equipment. That does not make manufacturer service unsafe or illegitimate. It does mean policymakers should be cautious about allowing one market participant to control the inputs needed by its service competitors.
This is especially important because manufacturers often compete in the service market long after the original equipment sale. They sell service contracts. They sell parts. They service their own manufactured devices (the device they produced [legally, once sold, they don’t own them]) and, in some cases, other manufacturers’ devices. Indeed, some manufacturers also rely on third parties to service equipment they produced when they don’t have field service personnel where needed. If they can restrict access to manuals, diagnostic software, configuration tools, calibration procedures, or parts, they can shape the repair market in their own favor.
That is not competition based on better service. It is competition based on control.
Hospitals need options. Some repairs may be best handled by the manufacturer. Others may be best handled by an in-house biomedical team that can respond immediately. Still others may be best handled by an independent service organization with specialized expertise or scheduling flexibility. Right to repair does not force hospitals to choose any one service path. It preserves the ability to choose the appropriate path for the clinical situation.
In a healthcare system already under financial pressure, cost of service matters. Hospitals do not maintain medical equipment as a profit center. They maintain it to support care delivery. Excess service costs are ultimately absorbed by healthcare budgets and, over time, passed along to patients, payers, employers, taxpayers, and public programs.
Affordability is not separate from patient care. A hospital that spends unnecessarily on inflated service costs has fewer resources for staffing, replacement planning, cybersecurity, preventive maintenance, and clinical services. A repair policy that reduces competition can raise costs across the system.
The op-ed also argues that right-to-repair requirements could slow innovation by forcing device designs to be simplified so “anyone” can fix them. That argument misunderstands what repair advocates are asking for. The goal is not to make advanced medical technology simplistic. The goal is to ensure that advanced medical technology remains serviceable by qualified professionals after it is sold and deployed.
Innovation and repairability are not opposites. In many engineering disciplines, maintainability is a core design value. Aircraft, industrial systems, data centers, and hospital infrastructure are all complex, yet they are designed with service procedures, documentation, parts replacement, diagnostics, and maintenance workflows in mind. A device can be sophisticated and repairable. A secure system can provide controlled service access. A complex product can support authenticated diagnostics, audit logs, role-based permissions, and validated calibration workflows without locking out every non-manufacturer technician.
If anything, repair restrictions can discourage better design by allowing manufacturers to externalize the cost of poor maintainability onto hospitals and patients. A system that can only be serviced through one channel is fragile. A system that can be safely serviced by qualified professionals under clear procedures is more resilient.
Product longevity is another reason the right to repair matters. Medical equipment is expensive, resource-intensive, and often usable for many decades. Hospitals should not be pushed into premature replacement when safe repair is possible. Yet the report describes end-of-support and end-of-life practices that can make parts and service unavailable even when devices remain clinically useful. In some cases, equipment can remain down while a needed part is physically available but administratively blocked. In others, a device may be unsupported by the manufacturer while the documentation and tools needed by third parties remain restricted.
That kind of policy does not protect patients. It shortens useful product life, increases capital pressure, and contributes to unnecessary waste. If a device can meet performance standards after proper maintenance, hospitals should have a path to keep it in service.
The pandemic offered a hard lesson in repair resilience. When travel was restricted and outside access to facilities was limited, healthcare systems could not rely solely on manufacturer field personnel. Hospital biomedical teams and independent technicians became even more essential. The crisis showed that centralized repair control is a weakness. Distributed repair capacity is a strength. As a matter of fact, numerous manufacturers provided service manuals and parts during the pandemic despite their original stance against right to repair; if they are against it, why did they all of a sudden allow this?
A thoughtful right-to-repair framework for medical devices should be built around that reality. It should protect patient safety by requiring appropriate qualifications, documentation, traceability, cybersecurity safeguards, and adherence to performance standards. It should also require manufacturers to provide necessary service materials, parts, tools, diagnostics, and calibration information to qualified repair professionals on fair terms.
What it should not do is accept the premise that manufacturer control equals safety.
And lastly, the op-ed talks about cybersecurity issues. However, these concerns are largely misplaced. Cybersecurity risk is not inherently tied to who performs maintenance or repairs. Instead, it is more closely associated with the lifecycle and technological maturity of the devices themselves. If manufacturers could continue providing security patches for devices for the life of the device (and not an arbitrary age defined by the manufacturer), we all would be in a much better place.
Medical devices, particularly in hospital environments, are designed and expected to have long operational lifespans. Unlike consumer technology, they are not replaced frequently. As a result, many devices continue to operate on outdated software and legacy operating systems for years. Some estimates suggest that more than 90% of medical devices currently in use rely on outdated software, which introduces vulnerabilities regardless of who services them.
To manage these risks, healthcare organizations have developed robust cybersecurity strategies that operate independently of service providers or manufacturers. Hospitals routinely implement layered security measures to safeguard their devices and networks. These measures often include isolating medical devices on dedicated networks, applying micro-segmentation to limit lateral movement, deploying advanced monitoring and detection tools, and enforcing strict access controls.
In practice, cybersecurity in healthcare is a system-wide responsibility that extends beyond device servicing. Hospitals actively manage and mitigate risks through centralized governance and technical controls, ensuring that patient safety and data integrity remain protected— regardless of who maintains the equipment.
Safe repair depends on competence, standards, access, and accountability. Manufacturer service can meet that test. So can hospital biomedical teams and independent service organizations. The report’s evidence points to a practical conclusion: When qualified technicians are denied the tools and information they need, patients are not protected. They are exposed to longer downtime, higher costs, fewer service options, and premature equipment replacement.
The right to repair is not a one-size-fits-all mandate. It is a policy commitment to repair access under conditions appropriate to the product and the risk. Medical devices do require special care. That is precisely why hospitals and qualified technicians need full, timely access to the information and tools required to service them properly.
The healthcare system does not become safer when repair is artificially scarce. It becomes safer when capable people can restore essential equipment quickly, affordably, and in accordance with rigorous standards.
The American College of Clinical Engineering has a multi-decade strong relationship with HIMSS. We reached out to HIMSS to express our concern with the way the article was written, as it seems to favor OEMs over third parties or hospital-trained staff when considering equipment repairs. After a great meeting and multiple emails, HIMSS provided the following clarification on the article. We will continue working together to raise awareness on this important issue.
Op-ed author clarification: Repair standards for medical devices are a matter of public safety. In advocating for rigorous safeguards for precise and consistent repairs of health technologies, our goal is to ensure health systems can confidently rely on the tools they need to achieve the best possible patient outcomes. Whether repairs of medical equipment are conducted by a manufacturer or a third-party entity, federal, state, and accrediting oversight should enforce proper training, certification, reporting, and accountability.
As we talk with our members, partners, and collaborators about the tenets of the right-to-repair initiative, we have concerns that the marketplace is being too narrowly defined, particularly as it pertains to small, minority-owned businesses. Many have played by the rules and received certifications but are denied the opportunity to compete, especially in supporting smaller health systems and markets.
We eagerly look forward to continuing a collaborative discussion on this issue with an eye toward the equitable availability of certification and training that ensures repairs are made correctly and patient safety is assured.
