An increasing number of medical devices are designed to exchange information electronically with other equipment using information technology networks (IT-networks) that transfer data ranging from life-critical patient parameter requiring immediate delivery and response, to general administration data and even emails containing malicious contents such as viruses.
The use of these networked medical devices in a clinical context is (or will soon be) subject to national or regional regulations. Under these regulations, Medical devices may not be marketed without evidence of interoperability, that is, they must not compromise the organization’s delivery of health care.
To facilitate compliance with these requirements, a new standard is being launched under the auspices of the International Electrotechnical Commission (IEC) in collaboration with the International Standard Organization (ISO). The IEC 80001-1 “Application of risk management to information technology (IT) networks incorporating medical devices” provides a framework with defined roles and responsibilities for Hospitals (called: responsible organizations), Medical Device Manufacturers and IT Suppliers to ensure the safety, effectiveness of data and system security.
On July 31st 2009 the draft International Standard IEC 80001-1 “IT Networks incorporating Medical Devices” has been published for international vote.
The standard requires the following items be addressed:
- Risk management techniques should be used before installing or connecting a medical device into an IT-network the first time as well as during the entire life cycle where a medical device is used in this context. Aspects of removal, change or modification of equipment, items or components are addressed adequately in the same way.
- Proper design and evaluations should be conducted before the connection or removal of a medical device or other networkable components into an IT-network. In most cases, this is out of the control of one single medical device manufacturer, and therefore the responsibility of the hospital or healthcare provider.
- The manufacturer of a medical device intended to be incorporated into an IT-network is responsible for providing relevant information about that medical device to enable the responsible organizations to manage the risk according IEC 80001-1.
- A mutual responsibility agreement shall be executed establishing clear roles and responsibilities among the parties engaged. The responsible organization is required to appoint resources to specific roles defined in this standard. The most important of those roles is a new profession called MEDICAL IT-NETWORK RISK MANAGER. This role may be assigned to appropriate personnel within the responsible organization or to an external contractor. The medical IT-network risk manager is responsible for ensuring that risk management is applied to address the “key properties”:
- Safety & Effectiveness
- Data & System Security
The new Standard IEC 80001-1 will affect Hospitals as well as IT & Medical Device providers. If the Standard passes the international vote in 2010, it will be published before the end of that calendar year.
To increase awareness about the standard and its impact on stakeholders, Oracle & PROSYSTEM AG will be hosting the 2nd International Symposium on this topic on September 22-23, 2009 in San Jose, California. For additional information on the conference visit:
http://www.prosystem-usa.com/index.php?option=com_content&task=blogsection&id=4&Itemid=31
The views expressed in this article are those of the authors and do not necessarily represent those of Life-Science Panorama, its editor or Axendia, Inc.
Mr. Oliver P. Christ, Dipl.-Ing. is CEO Healthcare of PROSYSTEM AG an international consulting company for the Healthcare Industry providing multiple services concerning Risk-Management, Quality Assurance Software Validation and Usability Engineering. The company PROSYSTEM AG was founded by Mr. Oliver P. Christ together with his business partner Dr. Juergen Stettin in 1999 and is located in Hamburg, Germany having an US-based office in San Diego, California.Mr. Oliver P. Christ has been active in International Standardization for more than 19 years. In Germany he is Chairman of four National Committees two on “Human Factors / Usability for Medical Devices”, one on “Risk-Management for Medical Electrical Equipment” as well as for “Software for Medical Devices and Networked-Medical Systems”. He represents Germany within International Standard Committees on Programmable Electrical Medical Systems (since 1992), Human Factors (since 1996), Risk Management (since 1996) Software Life Cycle Processes (since 2002), and Risk-Management for IT-networks incorporating Medical Devices (2006).
He can be reached via email at: oliver.christ@prosystem-ag.com