Presentation is loading. Please wait.

Presentation is loading. Please wait.

Oct. 2nd 2012, San Francisco Opening the discussion … • Why is it so important to manage Risk in health IT solutions? • How can we optimally protect.

Published byLena Baber Modified over 9 years ago

Similar presentations

Presentation on theme: "Oct. 2nd 2012, San Francisco Opening the discussion … • Why is it so important to manage Risk in health IT solutions? • How can we optimally protect."— Presentation transcript:

1 Oct. 2nd 2012, San Francisco Opening the discussion … • Why is it so important to manage Risk in health IT solutions? • How can we optimally protect the privacy and integrity of patients' records? • How can hospitals and medical device manufacturers benefit from latest safety standards? Dipl.-Ing. Oliver P. Christ CEO Prosystem AG / Prosystem USA LLC 13

2 The Company PROSYSTEM AG is an international consulting company providing comprehensive services for the medical device industry. The company was established in 1999 by Prof. Dr. Jürgen Stettin and his partner Oliver P. Christ. Together with its subsidiary PROSYSTEM USA LLC, located in San Diego, CA/USA, PROSYSTEM AG services clients in more than 25 countries.

3 The Company Our clients are manufacturers and developers of medical devices, suppliers, operators, the pharmaceutical industry, universities, and Notified Bodies. Being an active member of different standardization groups, PROSYSTEM can provide its clients with detailed background information about the origin, implementation and future development of respective applicable standards. Business activities include analysis, training, consulting services, and the realization of projects: more than 150 clients in 25 countries app. 30% of the annual turnover outside Europe (North America / Asia) all services from one source

4 The Company PROSYSTEM FORUM
On-Site Trainings and Workshops , Seminars in the US Software Development, Verification, and Validation On-Site Trainings and Workshops , Seminars

5 Source: Julian Goldman
Demanding needs of General Hospitals for a Safe & Effective Use of Medical Devices and Health Software User isn’t aware data transfer is reliant on so many other components and systems Source: Julian Goldman

6 Requirements from accreditors?
6

7 IOM Report a “Game Changer”?
American Institute of Medicine (IOM) Report, Published late 2011, 220 pages Key findings: Health IT may lead to safer care and/or introduce new safety risks Safety is a characteristic of a sociotechnical system that includes people, process, environment, organization and technology System-level failures occur almost always because of unforeseen combinations of component failures Recommendations: Health care accrediting organizations should adopt criteria relating to EHR safety. All health IT vendors should be required to publicly register and list their products Health IT vendors should be required to adopt quality and risk management processes Reporting of health IT– related adverse events should be mandatory for vendors and voluntary and confidential for users. 7

8 Industry is using Risk Management for Medical Devices

9 Focus on Patient Safety
How does Risk Management focus on Patients? The Intended Use of a medical device can be depicted using an idealized functional input/output diagram: Functional Inputs Functional Outputs Medical Benefit Medical Device So How does Risk Management focus on Patients? The Intended Use of a medical device can be depicted using an idealized functional input/output diagram as follows: The User or Operator delivers Functional Inputs to the medical device And The medical device delivers Functional Outputs to the patient After some time, this results in medical benefit to the patient. The medical device including Functional Inputs and Functional Outputs is known as the “engineering World” The effect of these functional outputs on the patient, including medical benefit, is known as the “clinical world” Time Patient Patient User (Operator)

10 Industry is using Safety Standards for Medical Devices

11 Electrical Safety: IEC 60601-1 (3rd edition)
In an environment of 1,5 m around an (accommodated) Patient … … increased requirements for Medical Electrical Equipment do apply including their connection to (medical) IT networks.

12 IEC 60601-1/A1 - FDIS (verteilt als 62A/805/FDIS; vom 27.4.2012)
PEMS = Programmable Electrical Medical Systems IEC /A1 - FDIS (verteilt als 62A/805/FDIS; vom ) PEMS intended to be connected to an IT-Network If the pems is intended to be incorporated into an it-network that is not validated by the pems manufacturer, the manufacturer shall make available instructions for implementing such connection including the following: a) the purpose of the pems’s connection to an it-network; b) the required characteristics of the it-network incorporating the pems; c) the required configuration of the it-network incorporating the pems; d) the technical specifications of the network connection of the pems including security specifications; e) the intended information flow between the pems the it-network and other devices on the it-network, and the intended routing through the it-network; and NOTE 1 This can include aspects of effectiveness and data and system security as related to BASIC SAFETY and ESSENTIAL PERFORMANCE (see also Clause H.6 and IEC :2010). f) a list of the hazardous situations resulting from a failure of the it-network to provide the characteristics required to meet the purpose of the pems connection to the it-network. Compliance is checked by inspection of the instructions.

13 IEC 60601-1/A1 - FDIS (verteilt als 62A/805/FDIS; vom 27.4.2012)
(continue) In the accompanying documents the manufacturer shall instruct the responsible organisation that: – connection of the pems to an it-network that includes other equipment could result in previously unidentified risks to patient, operators or third parties; – the responsible organisation should identify, analyze, evaluate and control these risks; – subsequent changes to the it-network could introduce new risks and require additional analysis; and – changes to the it-network include: • changes in the IT-network configuration; • connection of additional items to the it-network; • disconnecting items from the it-network; • update of equipment connected to the it-network; • upgrade of equipment connected to the it-network. NOTE 3: IEC provides guidance for the RESPONSIBLE ORGANIZATION to address these risks. Compliance is checked by inspection of the accompanying documents.

14

15 Scope and Key Properties of IEC 80001-1: 2010
“ This standard defines roles, responsibilities and activities that are necessary for RISK MANAGEMENT of IT-NETWORKS incorporating MEDICAL DEVICES to address SAFETY, EFFECTIVENESS Data & system Security (the KEY PROPERTIES), …

16 The „Medical IT-Network“ (protection goal of IEC 80001-1)
Originally separate Medical Devices get connected via an (unsafe & unsecure) IT-Network of the Responsible Organization Out of this „general“ IT-Network emerge a new „Medical IT-Network“ The Issues are Heavily regulated „safe Medical Devices“ get connected with „off-the-shelf IT-Hardware“ There is no clear Responsibilities established (MT vs. IT) Disturbances/Overload at an IT-Network could compromise the safety of Medical Devices IT-Networks are supposed to „run“ 24/7

17 Risk-Management Planning for each Key Propery
Definition for each Medical IT-Network (separately) Key Properties for Risk-Management are: Safety for Patient, User/Operator und Third Parties Effectiveness for intended workflows supported by the IT-Network ability to produce the intended result for the patient and the Responsible Organization Data- & System Security reasonable protection from degradation of confidentiality, integrity and availability (of information assets)

18 Requirements to:

19 Important roles and responsibilities in IEC 80001-1
Responsible Organization reports assigns Top Management Risk-Manager provide Information Medical Devices Manufacturer Others

20 The structure of the IEC 80001-1 series
Part 1: Roles, Responsibilities and Activities IEC Y Technical Reports IEC X References to other IT Standards / Spec ISO/IEC :2005 IEC 62304:2006 IEEE ff HL7, DICOM Y = 1: Step-by Step RM Y = 2: Security Y = 3: Wireless Y = 4: HDO Guidance

21 Up-date on IEC 80001-1 activities
On July 19, three new Technical Reports has been published: IEC TR Ed Application of risk management for IT-networks incorporating medical devices - Part 2-1: Step by step risk management of medical IT-networks - Practical applications and examples   IEC TR Ed Application of risk management for IT-networks incorporating medical devices - Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls  IEC TR Ed Application of risk management for IT-networks incorporating medical devices - Part 2-3: Guidance for wireless networks 

Download ppt "Oct. 2nd 2012, San Francisco Opening the discussion … • Why is it so important to manage Risk in health IT solutions? • How can we optimally protect."

Similar presentations

Understanding Food Safety Management Systems

Understanding Food Safety Management Systems
1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senns Information Technology, 3 rd Edition Chapter 7 Enterprise Databases.

1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senns Information Technology, 3 rd Edition Chapter 7 Enterprise Databases.
© Copyright 2006 FPT Software 1 © FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 How to work in Fsoft project Authors: KienNT.

© Copyright 2006 FPT Software 1 © FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 How to work in Fsoft project Authors: KienNT.
Elements of an Effective Safety and Health Program

Elements of an Effective Safety and Health Program
Significance of ISO to the Food Industry

Significance of ISO to the Food Industry
Institute for Cyber Security

Institute for Cyber Security
Assurance Services Independent professional services that “improve the quality of information, or its context, for decision makers” Assurance service encompass.

Assurance Services Independent professional services that “improve the quality of information, or its context, for decision makers” Assurance service encompass.
IHE Workshop – June 2006What IHE Delivers 1 Cynthia A. Levy Cedara Software IHE Technical Committee Import Reconciliation Workflow Profile.

IHE Workshop – June 2006What IHE Delivers 1 Cynthia A. Levy Cedara Software IHE Technical Committee Import Reconciliation Workflow Profile.
Medical devices: Application of risk management to medical devices

Medical devices: Application of risk management to medical devices
International Organization International Organization

International Organization International Organization
ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.
RECORD KEEPING Cooperative Development of Operational

RECORD KEEPING Cooperative Development of Operational
1 Introduction to Safety Management April 2006. 2 Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.

1 Introduction to Safety Management April Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.
On the relationship between ISO/DTS29321 and ISO14971 & Japans Comments for new draft & amended clause 8 final of ISO/DTS29321 3/5/2008 JAHIS.

On the relationship between ISO/DTS29321 and ISO14971 & Japans Comments for new draft & amended clause 8 final of ISO/DTS /5/2008 JAHIS.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
European Standards for (RF)ID-Systems Helmut Wolf Phone: +49 (0) 6131 – 18 - 2249 ETSI Workshop on RFID and The Internet.

European Standards for (RF)ID-Systems Helmut Wolf Phone: +49 (0) 6131 – ETSI Workshop on RFID and The Internet.
International Organization

International Organization
Supplier’s Declaration of Conformity (SDoC)

Supplier’s Declaration of Conformity (SDoC)
18 Copyright © 2005, Oracle. All rights reserved. Distributing Modular Applications: Introduction to Web Services.

18 Copyright © 2005, Oracle. All rights reserved. Distributing Modular Applications: Introduction to Web Services.
The Implementation Structure DG AGRI, October 2005

The Implementation Structure DG AGRI, October 2005

Similar presentations

Ads by Google