por
Gus Iversen, Editor in Chief | November 21, 2023
Image Technology Consulting LLC, an independent MR and CT service company based in Lancaster, Texas, has been servicing Philips MR systems for more than 20 years, but the company alleges that a software update released in 2018 illegally blocked it from installing the machines.
Unable to satisfy existing service contracts or take on new clients, director of operations Marshall Shannon says he initially reached out to Philips, the FDA, local authorities in Texas, and the FTC for assistance resolving the issue. When that didn’t work, he says he attempted to circumvent the software “a few times” before ultimately giving up and turning away clients with scanners running the updated software.
The attempts at unauthorized access have become central to a lawsuit filed by Philips North America in January 2022, alleging proprietary materials were hacked, and seeking damages from Shannon and Image Technology Consulting under the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, the Defend Trade Secrets Act, the Texas Uniform Trade Secrets Act, and fraud.
Ad Statistics
Times Displayed: 75267
Times Visited: 5317 MIT labs, experts in Multi-Vendor component level repair of: MRI Coils, RF amplifiers, Gradient Amplifiers Contrast Media Injectors. System repairs, sub-assembly repairs, component level repairs, refurbish/calibrate. info@mitlabsusa.com/+1 (305) 470-8013
In a countersuit, filed in December of 2022, Image Technology Consulting contends that Philips broke federal law when it blocked access to software menus that are necessary for installing and servicing the machines, and that the litigation is less about trade secrets than about intimidation and a desire for market control. If access had not been unlawfully denied, Shannon argues, he would never have utilized a workaround.
Regardless of how the court rules, the case gets to the heart of right-to-repair, a topic where medical equipment independent service organizations (ISOs) and original equipment manufacturers (OEMs) have long struggled to see eye to eye. Where is the line between protected intellectual property and necessary instructions for service? Who decides when technology has reached end of life? What recourse do servicers have for dealing with uncooperative manufacturers? And how do patient safety and fair competition factor into all of this?
In the interest of full transparency, Image Technology Consulting is an advertiser with DOTmed.com, the publisher of HealthCare Business News. Philips, which has advertised with DOTmed.com in the past, declined to answer specific questions for this article, but a company spokesperson provided the following statement:
Philips' global headquarters in Amsterdam (via Philips)
Philips is a long-term, trusted partner of healthcare providers globally, committed to help our customers improve their performance, such as their clinical, operational, financial and patient/staff satisfaction performance. We have a comprehensive portfolio of services, including maintenance services that are dedicated to maximizing our customer’s technology uptime.
Philips has a history of supporting and building relationships with independent service providers (ISOs), based on mutually agreed policies and procedures.
Our top priority regarding services and solutions are patient safety and quality, in alignment with regulatory compliance requirements, as well as product cybersecurity best practices. We believe these are mutual goals, for the maximization of safety and effectiveness, and the minimization of potential risk.
Regarding your questions, customers have been made aware of ongoing updates related to this area, particularly regarding ensuring stronger product security. In relation to regulatory requirements, manufacturers maintain records of installations and provide them to original installers as needed.
CSIP and Service Pack 5
According to court records, Philips internally classifies equipment support and service information as Customer Service Intellectual Property (CSIP), where different CSIP Levels correspond to different degrees of access. Based on those designations, Image Technology Consulting was Level 0 and thus unauthorized to access the Philips MR service menus in question. As Level 1 CSIP, the menus were “available only to Philips' employees and customers with a valid contract and subject to nondisclosure agreements.”
That may explain why Philips had long been unresponsive when Shannon contacted the company seeking installation documents and service manuals, (by his own count, he sought them 14 times over 12 years for various scanner models). Historically, when those requests failed, he tracked the necessary information down independently and carried on with his business.
That all changed, Shannon says, with a software update released in late 2018 through InCenter, the Philips online document distribution platform, called Release 3.2.3 Service Pack 5 (or R3.2.3 SP5). A summary of the update from Philips was reviewed by HCB News and included the following passages:
A limited number of tasks have been identified as being rare or highly complex. Because of this, certain service functions that you may have previously been able to access on older software versions will no longer be available with your service login. […]
All users who need to access the service menus on the device will now need to have a Philips IST (Integrated Security Tool) Smartcard and a valid IST account with appropriate entitlements for the MR system.
In the summary, Philips framed the service menu update as “an additional security measure” but, intentionally or not, the update also advanced one of the company's market objectives. Around the same time Service Pack 5 was released, while touting the company’s sustainability efforts, then-CEO Frans van Houten expressed a desire to keep third parties away from Philips technology.
(21)
(1)
(12)
Steven Ford
Philips and Right to Repair
November 22, 2023 09:59
It's not just 'right to repair' in the sense of fixing something that's broken which is at stake. The restrictions that OEMS place on medical equipment software prevents the owner-operator of the equipment from confirming that their scanner is operating properly. In many cases, a clinic has no mechanism to ensure that the device is operating within specifications or operating safely. This is obviously not a good policy for anyone but the OEM.
Industry veterans know that this is not just a hypothetical risk, but many of us can cite repeated examples where OEMs have deceived the public and covered up failures of scanners under their exclusive service, because there's no possibility of 3rd party oversight nor even oversight by the equipment's owner. This is a health and safety hazard and should be changed.
to rate and post a comment