September 27, 2017


From smartphones to medical devices, who has a 'right to repair' in Massachusetts?

Shira Schoenberg
Mass Live

(This story originally appeared in Mass Live on September 27, 2017)

If an endoscope or medical camera breaks, is it better for the patient to have the machine fixed by a hospital technician or sent back to the manufacturer to repair?

Cases like this are at the heart of a dispute over a so-called "right to repair" policy in Massachusetts. The debate revolves around whether companies should be required to disclose diagnostic or other technical information that would allow an independent business to fix their products.

Scot Mackeil, who repairs operating room medical equipment at a major Boston area hospital, said some manufacturers are transparent -- but others withhold critical information about equipment maintenance. Mackeil said if a manufacturer gives him information, he can generally repair equipment immediately or order a part overnight, so there is little disruption to the hospital. But if he has to ship equipment back to the manufacturer, it causes delays.

"That's never a good thing for our delivery of care when critical pieces of equipment are down," Mackeil said. 

When companies charge for repairs, that also raises the cost of health care.

"When medical equipment manufacturers have expensive closed service models, that cost is paid for by state and private payers, families that buy health insurance, and you and I," Mackeil said. "The more equipment that we can repair and maintain in-house within the hospital, the lower our operating costs are and the lower the cost of care can be."

But Jeff Lersch, vice president of sales for a company that manufactures and repairs endoscopy equipment, does not think the information should be shared.

"There's evidence that suggests that allowing medical devices to be repaired in an unregulated environment with no standards leads to problems," Lersch said.

Thomas Tremble, vice president of AdvaMed, the Advanced Medical Technology Association, said repair of medical devices should be regulated by the U.S. Food and Drug Administration to avoid a patchwork of state regulations.

Massachusetts had a major debate over right-to-repair related to auto dealers in 2012, when a question appeared on the state ballot to require car manufacturers to provide repair information to independent car repair shops. A compromise bill was signed into law before the election.

On Tuesday, the Joint Committee on Consumer Protection and Professional Licensure heard two bills (S.96/H.143) that would establish a "digital right to repair." The legislation, which does not apply to vehicles, would require manufacturers of digital electronics to give repair information to independent repair shops. This could apply to medical equipment, smartphones, computers or other devices.

A dozen states are considering similar legislation this year, although none have passed it.

Hacking concerns

The legislation raises significant questions about cyber-security.

Matt Mincieli, northeast region executive director of TechNet, which represents technology companies, said companies are worried about the privacy of their intellectual property, but also about the security of consumers' information.

"Once you open this up, you give basically the keys to the kingdom to the hackers and cybercriminals," Mincieli said.

Although the bill carves out an exception for trade secrets, Mincieli worried that it would still provide too much intellectual property and diagnostic information to the public.

Mincieli said the major tech companies are constantly innovating and changing their technology. "To say 'Hey, open it up to anyone who wants it,' that's a big security risk for our companies and the devices they operate and give to consumers," Mincieli said.

Passing such a law, Mincieli said, could stifle Massachusetts' large tech industry.

Similarly, CompTIA, the association representing information technology companies, said sharing source information with repair shops could potentially compromise the security of customers' devices -- which increasingly have sensitive information like banking information and medical data.

"The last thing a person wants is for a bad actor to get access to their personal information because a family, friend or co-worker compromised their devices by allowing an unauthorized repair shop to tinker with their device," said Liz Hyman, executive vice president of policy advocacy for CompTIA, in a statement.

But Rachel Kalmar, a data scientist and fellow at Harvard University, said right-to-repair will actually improve the security of devices. "By making things more open and more transparent, it has the net effect of improving security overall," Kalmar said. "Security through obscurity doesn't work."

Kalmar said in the long run, making software more transparent lets more people find and fix flaws, so the software becomes more secure. Additionally, if a company goes out of business or stops supporting a product, it improves security if an independent repair person can craft patches for that product.

Rohi Sukhia, president of Tradeloop Corporation in Somerville, runs a network of used computer wholesalers, who fix up old computers and sell them to computer shops.

"Their life is hard because of the manufacturers," Sukhia said.

Sukhia said manufacturers try to force equipment to be thrown out so people buy new equipment. Manufacturers try to prevent computer shops from reselling old computers -- and when computers are resold, manufacturers prevent users from obtaining patches to fix them.

"Say there's a data breach or a security flaw, if the guy bought it used, the manufacturer is going to say sorry buy a new one," Sukhia said.

Sukhia said right-to-repair would help small computer shops by making it easier for them to buy, fix and resell used computers.

805 15th Street,  NW Suite 708 Washington, DC 20005
(202) 650-5100
Privacy Policy