Risk management for ITnetworks incorporating medical devices
Risk management for IT-networks incorporating medical devices – new BS Standard
Recognising that medical devices are incorporated into IT-networks to achieve desirable benefits (for example, interoperability), a new Standard defines the roles, responsibilities, and activities necessary for risk management of IT-networks incorporating medical devices to address safety, effectiveness, and data and system security. BS EN 80001-1:2011 Application of risk management for IT-networks incorporating medical devices. Roles, responsibilities and activities applies after a medical device has been acquired by a responsible organisation and is a candidate for incorporation into an IT-network.
BS EN 80001-1 applies throughout the life cycle of IT-networks incorporating medical devices. The Standard applies where there is no single medical device manufacturer assuming responsibility for addressing the key properties of the IT-network incorporating a medical device. It applies to responsible organisations, medical device manufacturers, and providers of other information technology for the purpose of risk management of an IT-network incorporating medical devices as specified by the responsible organisation.
For many jurisdictions, design and production of medical devices is subject to regulation, and to Standards recognised by the regulators. Traditionally, regulators direct their attention to medical device manufacturers, by requiring design features and by requiring a documented process for design and manufacturing. Medical devices cannot be placed on the market in these jurisdictions without evidence that those requirements have been met.
The use of the medical devices by clinical staff is also subject to regulation. Members of clinical staff have to be appropriately trained and qualified, and are increasingly subject to defined processes designed to protect patients from unacceptable risk.
In contrast, the incorporation of medical devices into IT-networks in the clinical environment is a less regulated area. Until the publication of BS EN 80001-1, no Standard addressed how medical devices can be connected to IT-networks, including general purpose IT-networks, to achieve interoperability without compromising the organisation and delivery of health care in terms of safety, effectiveness, and data and system security.
Summarised from the BSI Healthcare and Medical Devices Newsletter June 2011.
Order BS EN 80001-1:2011 Application of risk management for IT-networks incorporating medical devices. Roles, responsibilities and activities.
You can read more Standards New Zealand media releases here.