SlideShare a Scribd company logo

ISO/IEC80001 - Do we need another standard?

Robert Ginsberg
Robert Ginsberg

Highlights from the new standard IEC/ISO 80001 for Risk management of Medical IT Networks.

BusinessTechnology
1 of 65
Introduction to ISO/IEC 80001-1 --- Application of Risk management for IT-networks incorporating Medical devices Why do we need another standard?
Introduction of Speakers Robert.Ginsberg@QAdvis.com  26 years in software development  18 years in Medical Device software  Participated in > 20 audits, FDA, MDD etc.  Co-author of IEC/ISO 62304 (80001-1 and 80002-X)  Working member of Cenelek TK-62 and JWG3
The bar is raised over time Accident People get hurt or die Public reaction New laws and regulations
Media report the mishaps, and we as the society don’t accept as we mature
What is the problem we are facing with MedTech and IT? Heterogeneous networks  Multi-vendor / Multi-modality  Mix of Medical devices – IT   Unanticipated emergent behaviors
Integration of Medical devices is becoming a challenge Manufacturers Devices Involuntary Integrators
The complexity of the Information Technology is growing fast
Who needs to address the problem? Manufacturers Responsible organizations New roles Regulators
What properties need to be ensured? Safety Effecti-veness Security
IEC/ISO 80001 is made to resolve this problem IEC - ISO • Key stakeholder • Medical Device Manufacturers • Hospitals • FDA Published in 2010
Risk management is the key activity in 80001 Responsible organization • Accountable for the use and maintenance of an ME Equipment or an ME System Hazards of Medical Devices in networks • ISO 14971 Residual risk • Approval by appropriate person
There are three standards that are tightly interrelated IEC 80001-1 IEC 60101-1 ISO 14971
ISO 14971 is the established standard for Risk Management • Identification of Intended use • Identification of Hazards, FTA and FMECA • Estimation of Risk(s) Risk analysis Risk evaluation • Option analysis • Implementation of risk control measures • Risk/benefit analysis • Risks from risk control measures • Completeness of risk control Risk control Residual risk Risk management report (Post-) Production
IEC 60601-series assure Basic Safety and Essential performance INTERNATIONAL IEC STANDARD 60601-1 Medical electrical equipment Part 1 General requirements INTERNATIONAL IEC STANDARD 60601-2-1 Medical electrical equipment Part 2 Particular requirements for medical accelerators INTERNATIONAL IEC STANDARD 60601-1-2 Medical electrical equipment Part 1 General requirements for EMC INTERNATIONAL IEC STANDARD 60601-1-3 Medical electrical equipment Part 1 General requirements for radiation protection INTERNATIONAL IEC STANDARD 60601-1-6 Medical electrical equipment Part 1 General requirements for usability Collateral (Common) Particular (Specialized)
New Hazards are arising from networks • IEC 60601-1 3rd edition tries to address this o EU – 2012 -06-01 o USA – 2013-06-30 • Targets the manufacturers
IEC 60601-1 3rd ed. Section 14.13 ... the technical description shall instruct the RESPONSIBLE ORGANIZATION that: - connection of the PEMS to a NETWORK/DATA COUPLING that includes other equipment could result in previously unidentified RISKS - the RESPONSIBLE ORGANIZATION should identify, analyze, evaluate and control these RISKS
IEC 60601-1 3rd ed. Section 14.13 ... the technical description shall instruct the RESPONSIBLE ORGANIZATION that: - changes to the NETWORK/DATA COUPLING could introduce new RISKS and require additional analysis - …
The obvious solution is to extend the Instructions for use IEC60601-1 Section 14.13 Instructions for use
ISO/IEC 80001 enables an interface between manufacturers and caregivers Manufacturer 60601-1 Caregiver 14971 80001
The same interface will be valid for stand-alone software Manufacturer Caregiver 14971 82304 80001
Example of problems we need to address
The update problem from the responsible organizations point of view If a medical device is connected to a network that has internet access, it may be vulnerable to viruses. What should the responsible organization do when Microsoft announces an urgent update that applies to a medical device?
The update problem from the manufacturers point of view If a medical device is connected to a network that has internet access, it may be vulnerable to viruses. What should the manufacturer do when Microsoft announces an urgent update that applies to a medical device?
Proper Risk Management is part of the solution Draft Part 2-x: Step by Step Risk Management of Medical IT-Networks; Practical Applications and Examples: • Risk management of the Update • Actions based on the outcome • Change permit • Cooperation • Validation by manufacturer
Who needs to do what? Manufacturers Responsible organizations Regulators New Roles
Who needs to do What? Manufacturers Responsible organizations Regulators New Roles
What manufacturers must do Design for networking State what the network connection is for Narrow the scope Inform about risks
Who needs to do What? Manufacturers Responsible organizations Regulators New Roles
A new role has to be shaped out Medical IT-Network Risk Manager IT Dept Biomed Dept
Who needs to do What? Manufacturers Responsible organizations Regulators New Roles
What the Regulator must do IEC 80001-1 is not, and will probably not be, harmonized with the MDD. There is no correspondance to CE-marking for care-givers. So regulators (of healthcare organizations) have to find a way of introducing it.
Socialstyrelsen har lagt en bra grund för IEC/ISO 80001 SOCFS Innehåll Aspekt 2005:12, 7§ Ledningssystemet skall säkerställa ... Säker användning och hantering av produkter, försörjningssystem och informationssystem Effectiveness Safety 2008:14, 3§ Vårdgivaren ska utse ... personer ... riskanalyser som har utförts avseende informationssäkerheten Data and system security 2008:1, 4§ Vårdgivaren ... egentillverkade medicintekniska produkternas säkerhet ... CE-märkta produkter Safety
Handbok för patientsäkerhetsarbete beskriver grunder för riskanalyser Mallar Definitioner Arbetsbeskrivningar
Who needs to do What? Manufacturers Responsible organizations Regulators New Roles
A new role for the responsible organization is needed Standard IEC 80001-1 defines: Medical IT-Network Risk Manager
A New Role with lots of responsibilities Management of RM process Reporting to Top Mgmt Communicating Collecting information Planning changes Authorizing changes Informing on risks Monitoring all IT projects
The role is to be a spider in the web Top Management Risk IT department Policies RM MGR Risk Management File Clinical department Bioengineering dept Manufacturer Manufacturer Subcontractor
The content of the standard 80001-1 1 Scope 2 Terms and Definitions 3 Roles and Responsibilites 4 Life Cycle RM in medical IT-networks 5 Document control
Higlights in Scope section 1 Scope 2 Terms and Definitions 3 Roles and responsibilites 4 Life Cycle RM in medical IT-networks 5 Document control
The responsible organization is the primary target of the standard • This standard applies after a MEDICAL DEVICE has been acquired by a RESPONSIBLE ORGANIZATION and is a candidate for incorporation into an IT-NETWORK. • To address – Safety – Effectiveness – Data and system security
80001 extends the definition of harm Key properties SAFETY EFFECTIVENESS DATA AND SYSTEM SECURITY
Higlights in Terms Section 1 Scope 2 Terms and Definitions 3 Roles and responsibilites 4 Life Cycle RM in medical IT-networks 5 Document control
2 Terms and definitions IT-NETWORK - IT-NÄTVERK • A system or systems composed of communicating nodes and transmission links to provide physically linked or wireless transmission between two or more specified communication nodes KEY PROPERTIES - NYCKELEGENSKAPER • Three risk managed characteristics (SAFETY, EFFECTIVENESS, and DATA AND SYSTEMS SECURITY) of MEDICAL IT-NETWORKS
2 Terms and definitions RESPONSIBLE ORGANIZATION - VÅRDGIVAREHFP • Entity accountable for the use and maintenance of a MEDICAL IT-NETWORK TOP MANAGEMENT - HÖGSTA LEDNINGEN • Person or group of people who direct(s) and control(s) the RESPONSIBLE ORGANIZATION accountable for a MEDICAL IT-NETWORK at the highest level
2 Terms and definitions HARM – SKADA [VårdskadaHFP] • Physical injury or damage to the health of people, or damage to property or the environment, or reduction in EFFECTIVENESS, or breach of DATA AND SYSTEM SECURITY RISK - RISKHFP • Combination of the probability of occurrence of HARM and the severity of that HARM RISK MANAGEMENT - RISKHANTERINGHFP • Systematic application of management policies, procedures and practices to the tasks of analyzing, evaluating, controlling, and monitoring RISK RISK MANAGEMENT FILE – RISKHANTERINGSDOKU-MENTATION • Set of records and other documents that are produced by RISK MANAGEMENT
2 Terms and definitions CHANGE PERMIT - Ändringsmedgivande • An outcome of the RISK MANAGEMENT PROCESS consisting of a document that allows a specified change or type of change without further RISK MANAGEMENT Activities subject to specified constraints EVENT MANAGEMENT – Händelshantering • A PROCESS that ensures that all events that can or might negatively impact the operation of the IT-NETWORK are captured, assessed, and managed in a controlled manner
IEC/ISO 80001-1 is a process standard New or Change of Medical IT-network Change Permit? Change Control Life environment ”Project” Risk management Go live! Monitoring Event management Yes No Unacceptable risk
A CHANGE PERMIT can help you to make Risk Management efficient CHANGE PERMIT: an outcome of the RISK MANAGEMENT PROCESS consisting of a document that allows a specified change or type of change without further RISK MANAGEMENT Activities subject to specified constraints
A Change Permit is a way of reusing Risk Management work Patient monitors type XXX may be added to or removed from the High-dependency ward’s shielded wireless network subject to the following conditions: • No more than 15 patient monitors may be connected to the network at any one time. • An up-to-date record of the wireless devices in use in the ward is to be kept available for inspection at the nursing station. If these conditions are not met, this permit is void and the full Risk Management process must be used.
Higlights in Roles and responsibilities section 1 Scope 2 Terms and Definitions 3 Roles and responsibilites 4 Life Cycle RM in medical IT-networks 5 Document control
There are several ways of implementing the Risk Manager role Respon-sible organiza -tion Medical IT-network Risk Manager Top mana-gement Medical Device Manufac -turer IT Tech provi-ders
Higlights in section on Lifecycle 1 Scope 2 Terms and Definitions 3 Roles and responsibilites 4 Life Cycle RM in medical IT-networks 5 Document control
80001 is based on 14971, which is “the” standard for Risk Management • Identification of Intended use • Identification of Hazards, FTA and FMECA • Estimation of Risk(s) Risk analysis Risk evaluation • Option analysis • Implementation of risk control measures • Risk/benefit analysis • Risks from risk control measures • Completeness of risk control Risk control Residual risk Risk Management File (Post-) Go-Live
55 Example: hazard, harm, risk….
Safe design is the most desired Risk Control Option Safe design Protective measures in device Protective measures in process Information
Example of a Fault Tree Analysis for: Image System Down Top Level Event Faults /Low Level Event Causes Root Cause Mitigator
62A_719_NP has hands-on examples on how to do RM Sample Summary RISK ASSESSMENT Register
Effektiv upplägg har optimal balans Centralt - lokalt Centralt Fara (Hazard) Farofylld situation (Hazardous situation) Oönskad konsekvens (Unintended Consequence) Allvarlighets-grad (Severity) Lokalt Sannolikhet (Probability) Orsak (Cause) Åtgärd (Risk Control Measure)
Higlights in Document Control section 1 Scope 2 Terms and Definitions 3 Roles and responsibilites 4 Life Cycle RM in medical IT-networks 5 Document control
The Medical IT-Network Risk Management File is the key document Trace each identified Hazard to: • Risk Analysis • Risk Evaluation • Implementation and Verification of the Risk Control Measures • The assessment of the acceptability of any Residual Risk(s) with approval
There are three new work items on their way to clarify 80001 Step by Step Risk Management of Medical IT-Networks; Practical Applications and Examples • Risk management hands-on Guidance for the communication of medical device security needs, risks and controls • IT Technology for security Guidance for wireless network • Hands-on networking
Summary Care givers are facing a challenge This will propagate to manufacturers Manufacturers of stand-alone SW might have a large hurdle to pass
Building a solid Risk Mana-gement process can enable productivity Synergus can contribute with Auditing and reviews Mentoring and training Risk manager role Risk management workshops Process development and documentation Risk management documentation
Q&A

Recommended

Massmedic mar2004g
Massmedic mar2004gMassmedic mar2004g
Massmedic mar2004gmitmohan
 
QAdvis - software risk management based on IEC/ISO 62304
QAdvis - software risk management based on IEC/ISO 62304QAdvis - software risk management based on IEC/ISO 62304
QAdvis - software risk management based on IEC/ISO 62304Robert Ginsberg
 
Medical Device Software
Medical Device SoftwareMedical Device Software
Medical Device Softwareheilbrigdisidnadurinn
 
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...Intland Software GmbH
 
Applying IEC 62304 Risk Management in Aligned Elements - the medical device ALM
Applying IEC 62304 Risk Management in Aligned Elements - the medical device ALMApplying IEC 62304 Risk Management in Aligned Elements - the medical device ALM
Applying IEC 62304 Risk Management in Aligned Elements - the medical device ALMAligned AG
 
60601 1, 3rd Edition Linked In
60601 1, 3rd Edition Linked In60601 1, 3rd Edition Linked In
60601 1, 3rd Edition Linked InRussellJohnson
 
Understanding IEC 62304
Understanding IEC 62304Understanding IEC 62304
Understanding IEC 62304MethodSense, Inc.
 
IEC 62304: SDLC Conformance and Management
IEC 62304: SDLC Conformance and Management IEC 62304: SDLC Conformance and Management
IEC 62304: SDLC Conformance and Management MethodSense, Inc.
 

Recommended

Massmedic mar2004g
Massmedic mar2004gMassmedic mar2004g
Massmedic mar2004gmitmohan
 
QAdvis - software risk management based on IEC/ISO 62304
QAdvis - software risk management based on IEC/ISO 62304QAdvis - software risk management based on IEC/ISO 62304
QAdvis - software risk management based on IEC/ISO 62304Robert Ginsberg
 
Medical Device Software
Medical Device SoftwareMedical Device Software
Medical Device Softwareheilbrigdisidnadurinn
 
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...Intland Software GmbH
 
Applying IEC 62304 Risk Management in Aligned Elements - the medical device ALM
Applying IEC 62304 Risk Management in Aligned Elements - the medical device ALMApplying IEC 62304 Risk Management in Aligned Elements - the medical device ALM
Applying IEC 62304 Risk Management in Aligned Elements - the medical device ALMAligned AG
 
60601 1, 3rd Edition Linked In
60601 1, 3rd Edition Linked In60601 1, 3rd Edition Linked In
60601 1, 3rd Edition Linked InRussellJohnson
 
Understanding IEC 62304
Understanding IEC 62304Understanding IEC 62304
Understanding IEC 62304MethodSense, Inc.
 
IEC 62304: SDLC Conformance and Management
IEC 62304: SDLC Conformance and Management IEC 62304: SDLC Conformance and Management
IEC 62304: SDLC Conformance and Management MethodSense, Inc.
 
Critical Steps in Software Development: Enhance Your Chances for a Successful...
Critical Steps in Software Development: Enhance Your Chances for a Successful...Critical Steps in Software Development: Enhance Your Chances for a Successful...
Critical Steps in Software Development: Enhance Your Chances for a Successful...Sterling Medical Devices
 
IEC 62304 Action List
IEC 62304 Action List IEC 62304 Action List
IEC 62304 Action List MethodSense, Inc.
 
Risk management in-60601-1
Risk management in-60601-1Risk management in-60601-1
Risk management in-60601-1Stella Tsank
 
FDA Regulations and Medical Device Pathways to Market
FDA Regulations and Medical Device Pathways to MarketFDA Regulations and Medical Device Pathways to Market
FDA Regulations and Medical Device Pathways to MarketMethodSense, Inc.
 
Management of e-SOP in GxP environment .
Management of e-SOP in GxP environment .Management of e-SOP in GxP environment .
Management of e-SOP in GxP environment .Anand Pandya
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...3GDR
 
Human factors and ergonomics society 20120311
Human factors and ergonomics society 20120311Human factors and ergonomics society 20120311
Human factors and ergonomics society 20120311Jones Wu
 
Agile Development And Medtech
Agile Development And MedtechAgile Development And Medtech
Agile Development And MedtechRobert Ginsberg
 
Abbott overview medical device human factors standards
Abbott overview medical device human factors standardsAbbott overview medical device human factors standards
Abbott overview medical device human factors standardsJones Wu
 
Process and Regulated Processes Software Validation Elements
Process and Regulated Processes Software Validation ElementsProcess and Regulated Processes Software Validation Elements
Process and Regulated Processes Software Validation ElementsArta Doci
 
Medical device reliability program
Medical device reliability program Medical device reliability program
Medical device reliability program ASQ Reliability Division
 
Computerized System Validation : Understanding basics
Computerized System Validation : Understanding basics Computerized System Validation : Understanding basics
Computerized System Validation : Understanding basics Anand Pandya
 
Overview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSVOverview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSVAnil Sharma
 
CSV - Computer System Validation
CSV - Computer System Validation CSV - Computer System Validation
CSV - Computer System Validation JayaKrishna161
 
Computer System Validation
Computer System ValidationComputer System Validation
Computer System ValidationEric Silva
 
Software design for_medical_devices_europe_conferent_19012011[1]
Software design for_medical_devices_europe_conferent_19012011[1]Software design for_medical_devices_europe_conferent_19012011[1]
Software design for_medical_devices_europe_conferent_19012011[1]Erik Vollebregt
 
Computer systems compliance
Computer systems complianceComputer systems compliance
Computer systems complianceMuhammad Luqman Ikram
 
Computer System Validation is not mere testing
Computer System Validation is not mere testingComputer System Validation is not mere testing
Computer System Validation is not mere testingAnand Rao. C
 
Computerized system validation_final
Computerized system validation_finalComputerized system validation_final
Computerized system validation_finalDuy Tan Geek
 
Csv concepts
Csv conceptsCsv concepts
Csv conceptsAlok Khuntia
 
Philips Implementing Wireless in the Hospital Enterprise: Medical Device Cons...
Philips Implementing Wireless in the Hospital Enterprise: Medical Device Cons...Philips Implementing Wireless in the Hospital Enterprise: Medical Device Cons...
Philips Implementing Wireless in the Hospital Enterprise: Medical Device Cons...Intermountain Clinical Instrumentation Society
 
eRX Webinar - State Health Information Exchange Leadership Forum
eRX Webinar - State Health Information Exchange Leadership ForumeRX Webinar - State Health Information Exchange Leadership Forum
eRX Webinar - State Health Information Exchange Leadership ForumBrian Ahier
 

More Related Content

What's hot

Critical Steps in Software Development: Enhance Your Chances for a Successful...
Critical Steps in Software Development: Enhance Your Chances for a Successful...Critical Steps in Software Development: Enhance Your Chances for a Successful...
Critical Steps in Software Development: Enhance Your Chances for a Successful...Sterling Medical Devices
 
Risk management in-60601-1
Risk management in-60601-1Risk management in-60601-1
Risk management in-60601-1Stella Tsank
 
FDA Regulations and Medical Device Pathways to Market
FDA Regulations and Medical Device Pathways to MarketFDA Regulations and Medical Device Pathways to Market
FDA Regulations and Medical Device Pathways to MarketMethodSense, Inc.
 
Management of e-SOP in GxP environment .
Management of e-SOP in GxP environment .Management of e-SOP in GxP environment .
Management of e-SOP in GxP environment .Anand Pandya
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...3GDR
 
Human factors and ergonomics society 20120311
Human factors and ergonomics society 20120311Human factors and ergonomics society 20120311
Human factors and ergonomics society 20120311Jones Wu
 
Agile Development And Medtech
Agile Development And MedtechAgile Development And Medtech
Agile Development And MedtechRobert Ginsberg
 
Abbott overview medical device human factors standards
Abbott overview medical device human factors standardsAbbott overview medical device human factors standards
Abbott overview medical device human factors standardsJones Wu
 
Process and Regulated Processes Software Validation Elements
Process and Regulated Processes Software Validation ElementsProcess and Regulated Processes Software Validation Elements
Process and Regulated Processes Software Validation ElementsArta Doci
 
Computerized System Validation : Understanding basics
Computerized System Validation : Understanding basics Computerized System Validation : Understanding basics
Computerized System Validation : Understanding basics Anand Pandya
 
Overview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSVOverview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSVAnil Sharma
 
CSV - Computer System Validation
CSV - Computer System Validation CSV - Computer System Validation
CSV - Computer System Validation JayaKrishna161
 
Computer System Validation
Computer System ValidationComputer System Validation
Computer System ValidationEric Silva
 
Software design for_medical_devices_europe_conferent_19012011[1]
Software design for_medical_devices_europe_conferent_19012011[1]Software design for_medical_devices_europe_conferent_19012011[1]
Software design for_medical_devices_europe_conferent_19012011[1]Erik Vollebregt
 
Computer System Validation is not mere testing
Computer System Validation is not mere testingComputer System Validation is not mere testing
Computer System Validation is not mere testingAnand Rao. C
 
Computerized system validation_final
Computerized system validation_finalComputerized system validation_final
Computerized system validation_finalDuy Tan Geek
 

What's hot (20)

Critical Steps in Software Development: Enhance Your Chances for a Successful...
Critical Steps in Software Development: Enhance Your Chances for a Successful...Critical Steps in Software Development: Enhance Your Chances for a Successful...
Critical Steps in Software Development: Enhance Your Chances for a Successful...
 
IEC 62304 Action List
IEC 62304 Action List IEC 62304 Action List
IEC 62304 Action List
 
Risk management in-60601-1
Risk management in-60601-1Risk management in-60601-1
Risk management in-60601-1
 
FDA Regulations and Medical Device Pathways to Market
FDA Regulations and Medical Device Pathways to MarketFDA Regulations and Medical Device Pathways to Market
FDA Regulations and Medical Device Pathways to Market
 
Management of e-SOP in GxP environment .
Management of e-SOP in GxP environment .Management of e-SOP in GxP environment .
Management of e-SOP in GxP environment .
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...
 
Human factors and ergonomics society 20120311
Human factors and ergonomics society 20120311Human factors and ergonomics society 20120311
Human factors and ergonomics society 20120311
 
Agile Development And Medtech
Agile Development And MedtechAgile Development And Medtech
Agile Development And Medtech
 
Abbott overview medical device human factors standards
Abbott overview medical device human factors standardsAbbott overview medical device human factors standards
Abbott overview medical device human factors standards
 
Process and Regulated Processes Software Validation Elements
Process and Regulated Processes Software Validation ElementsProcess and Regulated Processes Software Validation Elements
Process and Regulated Processes Software Validation Elements
 
Medical device reliability program
Medical device reliability program Medical device reliability program
Medical device reliability program
 
Computerized System Validation : Understanding basics
Computerized System Validation : Understanding basics Computerized System Validation : Understanding basics
Computerized System Validation : Understanding basics
 
Overview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSVOverview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSV
 
CSV - Computer System Validation
CSV - Computer System Validation CSV - Computer System Validation
CSV - Computer System Validation
 
Computer System Validation
Computer System ValidationComputer System Validation
Computer System Validation
 
Software design for_medical_devices_europe_conferent_19012011[1]
Software design for_medical_devices_europe_conferent_19012011[1]Software design for_medical_devices_europe_conferent_19012011[1]
Software design for_medical_devices_europe_conferent_19012011[1]
 
Computer systems compliance
Computer systems complianceComputer systems compliance
Computer systems compliance
 
Computer System Validation is not mere testing
Computer System Validation is not mere testingComputer System Validation is not mere testing
Computer System Validation is not mere testing
 
Computerized system validation_final
Computerized system validation_finalComputerized system validation_final
Computerized system validation_final
 
Csv concepts
Csv conceptsCsv concepts
Csv concepts
 

Viewers also liked

eRX Webinar - State Health Information Exchange Leadership Forum
eRX Webinar - State Health Information Exchange Leadership ForumeRX Webinar - State Health Information Exchange Leadership Forum
eRX Webinar - State Health Information Exchange Leadership ForumBrian Ahier
 
Tech Natives Event #3: "Mobile, wearable, smart tech" - MICHAEL RUSSOLD
Tech Natives Event #3: "Mobile, wearable, smart tech" - MICHAEL RUSSOLDTech Natives Event #3: "Mobile, wearable, smart tech" - MICHAEL RUSSOLD
Tech Natives Event #3: "Mobile, wearable, smart tech" - MICHAEL RUSSOLDTech_Natives
 
Risk Management of Medical Devices Connected To IT Networks
Risk Management of Medical Devices Connected To IT NetworksRisk Management of Medical Devices Connected To IT Networks
Risk Management of Medical Devices Connected To IT NetworksValdez Ladd MBA, CISSP, CISA,
 
Regelgeving medische alarmering (Martijn van der Meulen, Zetacom) - Zetacom Z...
Regelgeving medische alarmering (Martijn van der Meulen, Zetacom) - Zetacom Z...Regelgeving medische alarmering (Martijn van der Meulen, Zetacom) - Zetacom Z...
Regelgeving medische alarmering (Martijn van der Meulen, Zetacom) - Zetacom Z...Zetacom
 

Viewers also liked (6)

Philips Implementing Wireless in the Hospital Enterprise: Medical Device Cons...
Philips Implementing Wireless in the Hospital Enterprise: Medical Device Cons...Philips Implementing Wireless in the Hospital Enterprise: Medical Device Cons...
Philips Implementing Wireless in the Hospital Enterprise: Medical Device Cons...
 
eRX Webinar - State Health Information Exchange Leadership Forum
eRX Webinar - State Health Information Exchange Leadership ForumeRX Webinar - State Health Information Exchange Leadership Forum
eRX Webinar - State Health Information Exchange Leadership Forum
 
Tech Natives Event #3: "Mobile, wearable, smart tech" - MICHAEL RUSSOLD
Tech Natives Event #3: "Mobile, wearable, smart tech" - MICHAEL RUSSOLDTech Natives Event #3: "Mobile, wearable, smart tech" - MICHAEL RUSSOLD
Tech Natives Event #3: "Mobile, wearable, smart tech" - MICHAEL RUSSOLD
 
Healthcare Reform and What It Will Mean for Clinical Engineering
Healthcare Reform and What It Will Mean for Clinical EngineeringHealthcare Reform and What It Will Mean for Clinical Engineering
Healthcare Reform and What It Will Mean for Clinical Engineering
 
Risk Management of Medical Devices Connected To IT Networks
Risk Management of Medical Devices Connected To IT NetworksRisk Management of Medical Devices Connected To IT Networks
Risk Management of Medical Devices Connected To IT Networks
 
Regelgeving medische alarmering (Martijn van der Meulen, Zetacom) - Zetacom Z...
Regelgeving medische alarmering (Martijn van der Meulen, Zetacom) - Zetacom Z...Regelgeving medische alarmering (Martijn van der Meulen, Zetacom) - Zetacom Z...
Regelgeving medische alarmering (Martijn van der Meulen, Zetacom) - Zetacom Z...
 

Similar to ISO/IEC80001 - Do we need another standard?

Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...3GDR
 
Testing in the healthcare domain
Testing in the healthcare domainTesting in the healthcare domain
Testing in the healthcare domainQAI Global
 
Presentation: Proposed Reforms to the Regulation of Software, Including Softw...
Presentation: Proposed Reforms to the Regulation of Software, Including Softw...Presentation: Proposed Reforms to the Regulation of Software, Including Softw...
Presentation: Proposed Reforms to the Regulation of Software, Including Softw...TGA Australia
 
Understanding Risk Management & Cyber security Principles in Medical Devices
Understanding Risk Management & Cyber security Principles in Medical DevicesUnderstanding Risk Management & Cyber security Principles in Medical Devices
Understanding Risk Management & Cyber security Principles in Medical DevicesKeerthi Gunasekaran
 
Presentation: Cybersecurity considerations for medical devices - From the TGA...
Presentation: Cybersecurity considerations for medical devices - From the TGA...Presentation: Cybersecurity considerations for medical devices - From the TGA...
Presentation: Cybersecurity considerations for medical devices - From the TGA...TGA Australia
 
IOT BASED HEALTH MONITORING SYSTEM FOR COVID 19 PATIENT
IOT BASED HEALTH MONITORING SYSTEM FOR COVID 19 PATIENTIOT BASED HEALTH MONITORING SYSTEM FOR COVID 19 PATIENT
IOT BASED HEALTH MONITORING SYSTEM FOR COVID 19 PATIENTIRJET Journal
 
The regulation of software: Medicines, biologicals, blood, tissues and devices
The regulation of software: Medicines, biologicals, blood, tissues and devicesThe regulation of software: Medicines, biologicals, blood, tissues and devices
The regulation of software: Medicines, biologicals, blood, tissues and devicesTGA Australia
 
Dynamic Medical Machine
Dynamic Medical MachineDynamic Medical Machine
Dynamic Medical MachineIRJET Journal
 
Patient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverPatient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverThe Security of Things Forum
 
[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device security[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device securityOWASP
 
Medical devices introduction
Medical devices introductionMedical devices introduction
Medical devices introductionSigma
 
Network Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudyNetwork Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudySophiaPalmira
 
ealth Monitoring System in Emergency Using IoT: A Review
ealth Monitoring System in Emergency Using IoT: A Reviewealth Monitoring System in Emergency Using IoT: A Review
ealth Monitoring System in Emergency Using IoT: A ReviewIRJET Journal
 
IRJET - Medical Analysis using Virtual Reality
IRJET - Medical Analysis using Virtual RealityIRJET - Medical Analysis using Virtual Reality
IRJET - Medical Analysis using Virtual RealityIRJET Journal
 
15 Steps to get Approval to IEC 60601-1
15 Steps to get Approval to IEC 60601-115 Steps to get Approval to IEC 60601-1
15 Steps to get Approval to IEC 60601-1Greenlight Guru
 
EU MDR Annex I Simplified
EU MDR Annex I SimplifiedEU MDR Annex I Simplified
EU MDR Annex I SimplifiedEMMAIntl
 
Medical Product Development cycle
Medical Product Development cycleMedical Product Development cycle
Medical Product Development cyclemax hanafi
 
Presentation: Conformity Assessment Evidence
Presentation: Conformity Assessment EvidencePresentation: Conformity Assessment Evidence
Presentation: Conformity Assessment EvidenceTGA Australia
 

Similar to ISO/IEC80001 - Do we need another standard? (20)

Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...
 
Testing in the healthcare domain
Testing in the healthcare domainTesting in the healthcare domain
Testing in the healthcare domain
 
Presentation: Proposed Reforms to the Regulation of Software, Including Softw...
Presentation: Proposed Reforms to the Regulation of Software, Including Softw...Presentation: Proposed Reforms to the Regulation of Software, Including Softw...
Presentation: Proposed Reforms to the Regulation of Software, Including Softw...
 
Understanding Risk Management & Cyber security Principles in Medical Devices
Understanding Risk Management & Cyber security Principles in Medical DevicesUnderstanding Risk Management & Cyber security Principles in Medical Devices
Understanding Risk Management & Cyber security Principles in Medical Devices
 
Presentation: Cybersecurity considerations for medical devices - From the TGA...
Presentation: Cybersecurity considerations for medical devices - From the TGA...Presentation: Cybersecurity considerations for medical devices - From the TGA...
Presentation: Cybersecurity considerations for medical devices - From the TGA...
 
IOT BASED HEALTH MONITORING SYSTEM FOR COVID 19 PATIENT
IOT BASED HEALTH MONITORING SYSTEM FOR COVID 19 PATIENTIOT BASED HEALTH MONITORING SYSTEM FOR COVID 19 PATIENT
IOT BASED HEALTH MONITORING SYSTEM FOR COVID 19 PATIENT
 
ISO 27017_2015 Cloud Security.pdf
ISO 27017_2015 Cloud Security.pdfISO 27017_2015 Cloud Security.pdf
ISO 27017_2015 Cloud Security.pdf
 
The regulation of software: Medicines, biologicals, blood, tissues and devices
The regulation of software: Medicines, biologicals, blood, tissues and devicesThe regulation of software: Medicines, biologicals, blood, tissues and devices
The regulation of software: Medicines, biologicals, blood, tissues and devices
 
Dynamic Medical Machine
Dynamic Medical MachineDynamic Medical Machine
Dynamic Medical Machine
 
Patient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverPatient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and Evolver
 
[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device security[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device security
 
Medical devices introduction
Medical devices introductionMedical devices introduction
Medical devices introduction
 
Network Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudyNetwork Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case Study
 
ealth Monitoring System in Emergency Using IoT: A Review
ealth Monitoring System in Emergency Using IoT: A Reviewealth Monitoring System in Emergency Using IoT: A Review
ealth Monitoring System in Emergency Using IoT: A Review
 
IRJET - Medical Analysis using Virtual Reality
IRJET - Medical Analysis using Virtual RealityIRJET - Medical Analysis using Virtual Reality
IRJET - Medical Analysis using Virtual Reality
 
15 Steps to get Approval to IEC 60601-1
15 Steps to get Approval to IEC 60601-115 Steps to get Approval to IEC 60601-1
15 Steps to get Approval to IEC 60601-1
 
EU MDR Annex I Simplified
EU MDR Annex I SimplifiedEU MDR Annex I Simplified
EU MDR Annex I Simplified
 
Cybersecurity in Medical Devices
Cybersecurity in Medical DevicesCybersecurity in Medical Devices
Cybersecurity in Medical Devices
 
Medical Product Development cycle
Medical Product Development cycleMedical Product Development cycle
Medical Product Development cycle
 
Presentation: Conformity Assessment Evidence
Presentation: Conformity Assessment EvidencePresentation: Conformity Assessment Evidence
Presentation: Conformity Assessment Evidence
 

Recently uploaded

Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
DEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxDEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxRodelinaLaud
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurSuhani Kapoor
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in managementchhavia330
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingShawn Pang
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 

Recently uploaded (20)

Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
DEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxDEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docx
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in management
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 

ISO/IEC80001 - Do we need another standard?

  • 1. Introduction to ISO/IEC 80001-1 --- Application of Risk management for IT-networks incorporating Medical devices Why do we need another standard?
  • 2. Introduction of Speakers Robert.Ginsberg@QAdvis.com  26 years in software development  18 years in Medical Device software  Participated in > 20 audits, FDA, MDD etc.  Co-author of IEC/ISO 62304 (80001-1 and 80002-X)  Working member of Cenelek TK-62 and JWG3
  • 3. The bar is raised over time Accident People get hurt or die Public reaction New laws and regulations
  • 4. Media report the mishaps, and we as the society don’t accept as we mature
  • 5. What is the problem we are facing with MedTech and IT? Heterogeneous networks  Multi-vendor / Multi-modality  Mix of Medical devices – IT   Unanticipated emergent behaviors
  • 6. Integration of Medical devices is becoming a challenge Manufacturers Devices Involuntary Integrators
  • 7. The complexity of the Information Technology is growing fast
  • 8. Who needs to address the problem? Manufacturers Responsible organizations New roles Regulators
  • 9. What properties need to be ensured? Safety Effecti-veness Security
  • 10. IEC/ISO 80001 is made to resolve this problem IEC - ISO • Key stakeholder • Medical Device Manufacturers • Hospitals • FDA Published in 2010
  • 11. Risk management is the key activity in 80001 Responsible organization • Accountable for the use and maintenance of an ME Equipment or an ME System Hazards of Medical Devices in networks • ISO 14971 Residual risk • Approval by appropriate person
  • 12. There are three standards that are tightly interrelated IEC 80001-1 IEC 60101-1 ISO 14971
  • 13. ISO 14971 is the established standard for Risk Management • Identification of Intended use • Identification of Hazards, FTA and FMECA • Estimation of Risk(s) Risk analysis Risk evaluation • Option analysis • Implementation of risk control measures • Risk/benefit analysis • Risks from risk control measures • Completeness of risk control Risk control Residual risk Risk management report (Post-) Production
  • 14. IEC 60601-series assure Basic Safety and Essential performance INTERNATIONAL IEC STANDARD 60601-1 Medical electrical equipment Part 1 General requirements INTERNATIONAL IEC STANDARD 60601-2-1 Medical electrical equipment Part 2 Particular requirements for medical accelerators INTERNATIONAL IEC STANDARD 60601-1-2 Medical electrical equipment Part 1 General requirements for EMC INTERNATIONAL IEC STANDARD 60601-1-3 Medical electrical equipment Part 1 General requirements for radiation protection INTERNATIONAL IEC STANDARD 60601-1-6 Medical electrical equipment Part 1 General requirements for usability Collateral (Common) Particular (Specialized)
  • 15. New Hazards are arising from networks • IEC 60601-1 3rd edition tries to address this o EU – 2012 -06-01 o USA – 2013-06-30 • Targets the manufacturers
  • 16. IEC 60601-1 3rd ed. Section 14.13 ... the technical description shall instruct the RESPONSIBLE ORGANIZATION that: - connection of the PEMS to a NETWORK/DATA COUPLING that includes other equipment could result in previously unidentified RISKS - the RESPONSIBLE ORGANIZATION should identify, analyze, evaluate and control these RISKS
  • 17. IEC 60601-1 3rd ed. Section 14.13 ... the technical description shall instruct the RESPONSIBLE ORGANIZATION that: - changes to the NETWORK/DATA COUPLING could introduce new RISKS and require additional analysis - …
  • 18. The obvious solution is to extend the Instructions for use IEC60601-1 Section 14.13 Instructions for use
  • 19. ISO/IEC 80001 enables an interface between manufacturers and caregivers Manufacturer 60601-1 Caregiver 14971 80001
  • 20. The same interface will be valid for stand-alone software Manufacturer Caregiver 14971 82304 80001
  • 21. Example of problems we need to address
  • 22. The update problem from the responsible organizations point of view If a medical device is connected to a network that has internet access, it may be vulnerable to viruses. What should the responsible organization do when Microsoft announces an urgent update that applies to a medical device?
  • 23. The update problem from the manufacturers point of view If a medical device is connected to a network that has internet access, it may be vulnerable to viruses. What should the manufacturer do when Microsoft announces an urgent update that applies to a medical device?
  • 24. Proper Risk Management is part of the solution Draft Part 2-x: Step by Step Risk Management of Medical IT-Networks; Practical Applications and Examples: • Risk management of the Update • Actions based on the outcome • Change permit • Cooperation • Validation by manufacturer
  • 25. Who needs to do what? Manufacturers Responsible organizations Regulators New Roles
  • 26. Who needs to do What? Manufacturers Responsible organizations Regulators New Roles
  • 27. What manufacturers must do Design for networking State what the network connection is for Narrow the scope Inform about risks
  • 28. Who needs to do What? Manufacturers Responsible organizations Regulators New Roles
  • 29. A new role has to be shaped out Medical IT-Network Risk Manager IT Dept Biomed Dept
  • 30. Who needs to do What? Manufacturers Responsible organizations Regulators New Roles
  • 31. What the Regulator must do IEC 80001-1 is not, and will probably not be, harmonized with the MDD. There is no correspondance to CE-marking for care-givers. So regulators (of healthcare organizations) have to find a way of introducing it.
  • 32. Socialstyrelsen har lagt en bra grund för IEC/ISO 80001 SOCFS Innehåll Aspekt 2005:12, 7§ Ledningssystemet skall säkerställa ... Säker användning och hantering av produkter, försörjningssystem och informationssystem Effectiveness Safety 2008:14, 3§ Vårdgivaren ska utse ... personer ... riskanalyser som har utförts avseende informationssäkerheten Data and system security 2008:1, 4§ Vårdgivaren ... egentillverkade medicintekniska produkternas säkerhet ... CE-märkta produkter Safety
  • 33. Handbok för patientsäkerhetsarbete beskriver grunder för riskanalyser Mallar Definitioner Arbetsbeskrivningar
  • 34. Who needs to do What? Manufacturers Responsible organizations Regulators New Roles
  • 35. A new role for the responsible organization is needed Standard IEC 80001-1 defines: Medical IT-Network Risk Manager
  • 36. A New Role with lots of responsibilities Management of RM process Reporting to Top Mgmt Communicating Collecting information Planning changes Authorizing changes Informing on risks Monitoring all IT projects
  • 37. The role is to be a spider in the web Top Management Risk IT department Policies RM MGR Risk Management File Clinical department Bioengineering dept Manufacturer Manufacturer Subcontractor
  • 38.
  • 39. The content of the standard 80001-1 1 Scope 2 Terms and Definitions 3 Roles and Responsibilites 4 Life Cycle RM in medical IT-networks 5 Document control
  • 40. Higlights in Scope section 1 Scope 2 Terms and Definitions 3 Roles and responsibilites 4 Life Cycle RM in medical IT-networks 5 Document control
  • 41. The responsible organization is the primary target of the standard • This standard applies after a MEDICAL DEVICE has been acquired by a RESPONSIBLE ORGANIZATION and is a candidate for incorporation into an IT-NETWORK. • To address – Safety – Effectiveness – Data and system security
  • 42. 80001 extends the definition of harm Key properties SAFETY EFFECTIVENESS DATA AND SYSTEM SECURITY
  • 43. Higlights in Terms Section 1 Scope 2 Terms and Definitions 3 Roles and responsibilites 4 Life Cycle RM in medical IT-networks 5 Document control
  • 44. 2 Terms and definitions IT-NETWORK - IT-NÄTVERK • A system or systems composed of communicating nodes and transmission links to provide physically linked or wireless transmission between two or more specified communication nodes KEY PROPERTIES - NYCKELEGENSKAPER • Three risk managed characteristics (SAFETY, EFFECTIVENESS, and DATA AND SYSTEMS SECURITY) of MEDICAL IT-NETWORKS
  • 45. 2 Terms and definitions RESPONSIBLE ORGANIZATION - VÅRDGIVAREHFP • Entity accountable for the use and maintenance of a MEDICAL IT-NETWORK TOP MANAGEMENT - HÖGSTA LEDNINGEN • Person or group of people who direct(s) and control(s) the RESPONSIBLE ORGANIZATION accountable for a MEDICAL IT-NETWORK at the highest level
  • 46. 2 Terms and definitions HARM – SKADA [VårdskadaHFP] • Physical injury or damage to the health of people, or damage to property or the environment, or reduction in EFFECTIVENESS, or breach of DATA AND SYSTEM SECURITY RISK - RISKHFP • Combination of the probability of occurrence of HARM and the severity of that HARM RISK MANAGEMENT - RISKHANTERINGHFP • Systematic application of management policies, procedures and practices to the tasks of analyzing, evaluating, controlling, and monitoring RISK RISK MANAGEMENT FILE – RISKHANTERINGSDOKU-MENTATION • Set of records and other documents that are produced by RISK MANAGEMENT
  • 47. 2 Terms and definitions CHANGE PERMIT - Ändringsmedgivande • An outcome of the RISK MANAGEMENT PROCESS consisting of a document that allows a specified change or type of change without further RISK MANAGEMENT Activities subject to specified constraints EVENT MANAGEMENT – Händelshantering • A PROCESS that ensures that all events that can or might negatively impact the operation of the IT-NETWORK are captured, assessed, and managed in a controlled manner
  • 48. IEC/ISO 80001-1 is a process standard New or Change of Medical IT-network Change Permit? Change Control Life environment ”Project” Risk management Go live! Monitoring Event management Yes No Unacceptable risk
  • 49. A CHANGE PERMIT can help you to make Risk Management efficient CHANGE PERMIT: an outcome of the RISK MANAGEMENT PROCESS consisting of a document that allows a specified change or type of change without further RISK MANAGEMENT Activities subject to specified constraints
  • 50. A Change Permit is a way of reusing Risk Management work Patient monitors type XXX may be added to or removed from the High-dependency ward’s shielded wireless network subject to the following conditions: • No more than 15 patient monitors may be connected to the network at any one time. • An up-to-date record of the wireless devices in use in the ward is to be kept available for inspection at the nursing station. If these conditions are not met, this permit is void and the full Risk Management process must be used.
  • 51. Higlights in Roles and responsibilities section 1 Scope 2 Terms and Definitions 3 Roles and responsibilites 4 Life Cycle RM in medical IT-networks 5 Document control
  • 52. There are several ways of implementing the Risk Manager role Respon-sible organiza -tion Medical IT-network Risk Manager Top mana-gement Medical Device Manufac -turer IT Tech provi-ders
  • 53. Higlights in section on Lifecycle 1 Scope 2 Terms and Definitions 3 Roles and responsibilites 4 Life Cycle RM in medical IT-networks 5 Document control
  • 54. 80001 is based on 14971, which is “the” standard for Risk Management • Identification of Intended use • Identification of Hazards, FTA and FMECA • Estimation of Risk(s) Risk analysis Risk evaluation • Option analysis • Implementation of risk control measures • Risk/benefit analysis • Risks from risk control measures • Completeness of risk control Risk control Residual risk Risk Management File (Post-) Go-Live
  • 55. 55 Example: hazard, harm, risk….
  • 56. Safe design is the most desired Risk Control Option Safe design Protective measures in device Protective measures in process Information
  • 57. Example of a Fault Tree Analysis for: Image System Down Top Level Event Faults /Low Level Event Causes Root Cause Mitigator
  • 58. 62A_719_NP has hands-on examples on how to do RM Sample Summary RISK ASSESSMENT Register
  • 59. Effektiv upplägg har optimal balans Centralt - lokalt Centralt Fara (Hazard) Farofylld situation (Hazardous situation) Oönskad konsekvens (Unintended Consequence) Allvarlighets-grad (Severity) Lokalt Sannolikhet (Probability) Orsak (Cause) Åtgärd (Risk Control Measure)
  • 60. Higlights in Document Control section 1 Scope 2 Terms and Definitions 3 Roles and responsibilites 4 Life Cycle RM in medical IT-networks 5 Document control
  • 61. The Medical IT-Network Risk Management File is the key document Trace each identified Hazard to: • Risk Analysis • Risk Evaluation • Implementation and Verification of the Risk Control Measures • The assessment of the acceptability of any Residual Risk(s) with approval
  • 62. There are three new work items on their way to clarify 80001 Step by Step Risk Management of Medical IT-Networks; Practical Applications and Examples • Risk management hands-on Guidance for the communication of medical device security needs, risks and controls • IT Technology for security Guidance for wireless network • Hands-on networking
  • 63. Summary Care givers are facing a challenge This will propagate to manufacturers Manufacturers of stand-alone SW might have a large hurdle to pass
  • 64. Building a solid Risk Mana-gement process can enable productivity Synergus can contribute with Auditing and reviews Mentoring and training Risk manager role Risk management workshops Process development and documentation Risk management documentation
  • 65. Q&A

Editor's Notes

  1. This picture describes how events lead to stricter laws and regulations as the public acceptance of risk is continuously lowered over time.Accident – public reaction – legislation to satisfy reduced acceptance of risk.
  2. I would like to start with a short orientation on how the big picture looks in Europe. And there are similar approaches in other parts of the world.The Medical Device Directive sets the overall structure on what has to be done, when developing and manufacturing a medical device.The concept of essential requirements is very central in this system. They have to be fulfilled in your product before its ready for its CE mark.The EU commission defines a number of harmonized standards, that are ”best choices” to fulfill the essential requirements.The standard that we are talking about today, 62304 , is harmonized for Medical Device Directive. It is also harmonized for Active ImplantableMedical Device Directive and In Vitro DiagnosticDevices Directive.To comply to it is voluntary, but in reality it is very hard to claim alternatives to a harmonized standard.
  3. I would like to start with a short orientation on how the big picture looks in Europe. And there are similar approaches in other parts of the world.The Medical Device Directive sets the overall structure on what has to be done, when developing and manufacturing a medical device.The concept of essential requirements is very central in this system. They have to be fulfilled in your product before its ready for its CE mark.The EU commission defines a number of harmonized standards, that are ”best choices” to fulfill the essential requirements.The standard that we are talking about today, 62304 , is harmonized for Medical Device Directive. It is also harmonized for Active ImplantableMedical Device Directive and In Vitro DiagnosticDevices Directive.To comply to it is voluntary, but in reality it is very hard to claim alternatives to a harmonized standard.
  4. POTENTIELL RISK (HAZARD)möjligkälla till SKADA.SKADA (HARM)Händelser i sekvensIsfläck:Hazard: isfläckSequence of events: Jag glömmer hjälmen. Cyklar på en isfläck. Tappar balansen. Slår huvet i backen.Hazardous situation: Jag cyklar på en isfläck utan hjälm.Harm: HjärnskakningRisk: Sannolikhet att få hjärnskakning för jag cyklar omkullSafe design: 4 wheelsRM in device: HelmetRM in process: Aditionaltraining of driverInformation: Warningsign