Skip to content

Legislation is Driving 3rd-Party Service

Hold onto your hats, because 3rd-Party service may be coming, and in a big way. The US Fair Repair Act (HR 4006)[i] includes the text:

“[…] an original equipment manufacturer shall make available, […], to independent repair providers or owners of such digital electronic equipment […], in a timely manner and on fair and reasonable terms, documentation, parts, and tools, inclusive of any updates to information or embedded software.”


Manufacturers of all types of digital equipment are on notice. If this legislation becomes law, OEMs will have to, in a timely manner, provide the documentation, parts, tools and software by which 3rd party providers can diagnose, repair and maintain their products. There is no wiggle room.

The federal legislation makes no exceptions for digital equipment used in healthcare, where safety and efficacy are paramount. And that is seen further in a draft FDA Guidance on Remanufacturing of Medical Devices[ii], published in 2021:

“Consistent with promoting and protecting the public health, FDA encourages OEMs, as an industry best practice, to provide servicing instructions that facilitate routine maintenance and repair of their reusable devices.”

and in California’s Medical Device Right to Repair Act (SB 605)[iii]:

“It is the intent of the Legislature to promote choice and competition for repair of medical devices by requiring manufacturers of powered medical equipment […] to make available to a hospital and an independent repair provider […] the documentation, parts, and tools used to inspect, diagnose, maintain, and repair this equipment.”

In other words, should all this legislation and guidance be written into law, manufacturers will be forced to support 3rd-party service operations. One obvious concern for medical device manufacturers is how one can still ensure the safety and efficacy of their products while a 3rd-party is doing all the maintenance work?

As the old saying goes, “Trust but verify”.[iv] To comply with the proposed laws and rules, manufacturers will need to implement programs to support 3rd-party service providers. However, there is not reason that the manufacturers shouldn’t be able to at least have visibility into process. They should trust the 3rd-party service providers to do the job properly, but also be able to (for ensuring safety and efficacy) verify as much as possible that the work was done within specifications and tolerances. How?

By implementing Service Relationship Management (SRM) software, manufacturers can provide 3rd-party software providers with telemetry data (sent directly from machines in the field via SRM back to the factory) and remote access (via SRM tools provided by the manufacturer). The manufacturer can monitor the telemetry for outliers (one machine does not behave like the others) and understand, as an example, if certain software patches or releases have been applied that will allow the device to behave to specifications.

The situation is not ideal for manufacturers because they may have to reveal a lot of information about their machines that they might have preferred to keep as trade secrets. However, they can limit product liability by at least monitoring 3rd-party service actions to ensure their equipment is being properly maintained. SRM makes that possible.

2022-10-12 Legislation is Driving 3rd-Party Service Figure 2

No manufacturer will accept revealing everything to 3rd-parties. Instead, manufacturers will employ SRM systems that natively use role-based access control (RBAC) and multi-factor authentication (MFA). This is critical because, should a service engineer leave a 3rd-party provider’s employ, that service engineer must not be allowed further access to the manufacturers SRM system or the devices in the field. Also, the manufacturer can ring-fence the devices that are going to be maintained by a particular 3rd-party service provider so that their employees can only see data from and access devices within their service remit.


maiLink SRM software is a service relationship management platform that helps you build a rich database about your installed devices. It also seamlessly integrates telemetry from your products and has no per-user fee (so any employee you authorize can have access to the data). To learn more about maiLink SRM, visit and sign up for a free trial.






[iv] Ronald Reagan, then President of the United States, adopted a Russian proverb “Doveryai, no proveryai (Доверяй, но проверяй)” meaning “Trust, but verify”.