Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective.

Slides:

Advertisements

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Advertisements

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

Stephen S. Yau CSE , Fall Security Strategies.

Instituting Controls in Systems Development Gurpreet Dhillon Virginia Commonwealth University.

Standardization. Introduction A standard is a document. It is a set of rules that control how people should develop and manage materials, products, services,

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

SEC835 Database and Web application security Information Security Architecture.

What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions.

The Use of Health Information Technology in Physician Practices

HIPAA COMPLIANCE WITH DELL

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.

1 Healthcare Privacy and Security: Concepts and Challenges Dixie B. Baker, Ph.D. Chair, HIMSS Privacy and Security Advocacy Task Force.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

Compliance with FDA Regulations: Collecting, Transmitting and Managing Clinical Information Dan C Pettus Senior Vice President iMetrikus, Inc.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

Product Documentation Chapter 5. Required Medical Device Documentation  Business proposal  Product specification  Design specification  Software.

HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

Eliza de Guzman HTM 520 Health Information Exchange.

Urban Infrastructure and Its Protection Responding to the Unexpected Interest Group Report Group Members G. Giuliano (USC), Jose Holguin-Veras (CUNY),

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.

Working with HIT Systems

Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.

Integrating a Federated Healthcare Data Query Platform With Electronic IRB Information Systems Shan He IPHIE 2010.

What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.

Institutional affiliation Date.  Security is very important as it keeps your secret from other know.  An insecure network exposes a business to various.

The IT Vendor: HIPAA Security Savior for Smaller Health Plans?

Health Insurance portability and Accountability Act (HIPAA)‏

Enterprise Cybersecurity Strategy

Clinical Computing Secure, reliable technology that improves clinical workflow at the point of care.

IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.

HIPAA History March 3, HIPAA Ruling Health Insurance Portability Accountability Act Health Insurance Portability Accountability Act Passed by Congress.

HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.

The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.

Health Management Information Systems Clinical Decision Support Systems Lecture b This material Comp6_Unit5b was developed by Duke University, funded by.

HIPAA Yesterday, Today and Tomorrow? Dianne S. Faup Office of HIPAA Standards Centers for Medicare & Medicaid Services.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.

1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.

CS457 Introduction to Information Security Systems

Clinical Trials Validation, 21 CFR Part 11 Compliance

Compliance with hardening standards

Clinical Engineering Lecture (3).

Paul T. Smith Davis Wright Tremaine LLP

Health Insurance Portability and Accountability Act

Move this to online module slides 11-56

Final HIPAA Security Rule

Health Insurance Portability and Accountability Act

INFORMATION SYSTEMS SECURITY and CONTROL

HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.

HIPAA Security Standards Final Rule

Competencies in Health Information Systems

Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP

Drew Hunt Network Security Analyst Valley Medical Center

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

Presentation transcript:

Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective David R. Jones Philips Medical Systems

2 David R. Jones Philips Medical Systems High Confidence Medical Device SW & Systems Issues & Challenges SW development/verification/validation practices that drive predictable results The convergence of Information Technology & Biomedical Engineering The real-time patient monitoring and diagnosis continuum Security SW based predictive medicine

3 David R. Jones Philips Medical Systems Software Development & Validation Practices That Drive Predictable Results CMMI (a) Level Heroes/Initial: Level 1 Optimizing: Level 5 Defect Predictability Defects/KLOC In delivered code 0.05 Defects/KLOC In delivered code Schedule Predictability Software release schedules slip up to 100% Software releases on schedule 95% of the time Product Predictability Several key features deferred to the next release Product performance delivered meets the Systems Requirement Specification Ref: Real-world benchmarks for PSP, Carnegie Mellon University Software Engineering Institute 1999 (a) : Capability Maturity Model Integrated

4 David R. Jones Philips Medical Systems Software Development & Validation Practices That Drive Predictable Results – and Map To FDA Requirements Ref: Best Practices in Software Design for Medical Devices March, Presentation by D.R. Jones, T. Shah.

5 David R. Jones Philips Medical Systems IT and Biomedical Our devices are life- critical! Our information systems are mission- critical!

6 David R. Jones Philips Medical Systems IT and Biomedical Different Perspective Life-critical vs. mission-critical Medical devices vs. Information Systems The Biomed links medicine and technology

7 David R. Jones Philips Medical Systems Convergence Medical Technology intertwined with IT Move toward Electronic Medical Record (EMR), Clinical Decision Support Systems (CDSS) requires information flow Devices are an integral part of information flow More regulations and protocol requirements (JCAHO, Leapfrog) drives data movement Desire to integrate data from real-time systems to achieve smart/predictive alarms

8 David R. Jones Philips Medical Systems The Real Time Patient Monitoring And Diagnosis Continuum

9 David R. Jones Philips Medical Systems Security: Today’s Environment Thousands of new vulnerabilities yearly Weekly attacks on the rise Viruses are quick – patch validation is relatively slow Hospitals are public places Hospitals subject to privacy and security regulations

10 David R. Jones Philips Medical Systems Security Risk = Vulnerabilities x Threats Mitigation Vulnerabilities –Flaws or weaknesses in system design, implementation, operation, or management Threats –Malicious inside or outside intruders, accidents Mitigation –Security measures

11 David R. Jones Philips Medical Systems HIPAA Security Rule A regulation, not a standard Goal: develop and maintain the security of all electronic protected health information (PHI). Hospitals must protect against “reasonably anticipated” security threats/disclosure of info Largely administrative, even for security Some technical safeguards are recommended Covered Entities are: –Health Plans –Health Care Providers –Health Care Data Clearing Houses Heath care providers, therefore, ask Medical Device Manufacturers for features and assurances that help them comply

12 David R. Jones Philips Medical Systems Shared Responsibility for Security Vendor role –Risk assess products considering intended user environment –Be sure hospital IT is involved early –Validate patches for critical systems –Understand customer security needs Customer role –Multi-layer strategy to protect information Policy, process, technology risk management, and contingency planning –Firewalls or other network devices are good practice –Follow medical device vendor statements on patching

13 David R. Jones Philips Medical Systems The Role of the FDA With respect to security patching of the OS on certain (regulated) products: The vendor must prove that software still is safe and effective in the presence of the patch Thorough testing under a quality system takes time and effort to prove this, depending on complexity The FDA requires that vendors have a quality system, and that vendors verify changes, including patches.

14 David R. Jones Philips Medical Systems Current Diagnosis and Treatment Process Ref: MEDICAMUNDI 47/1 April 2003

15 David R. Jones Philips Medical Systems Software Based Predictive Medicine Ref: MEDICAMUNDI 47/1 April 2003