Presentation is loading. Please wait.

Presentation is loading. Please wait.

Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective.

Published byMerry McDonald Modified over 9 years ago

Similar presentations

Presentation on theme: "Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective."— Presentation transcript:

1 Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective David R. Jones Philips Medical Systems

2 2 David R. Jones Philips Medical Systems High Confidence Medical Device SW & Systems Issues & Challenges SW development/verification/validation practices that drive predictable results The convergence of Information Technology & Biomedical Engineering The real-time patient monitoring and diagnosis continuum Security SW based predictive medicine

3 3 David R. Jones Philips Medical Systems Software Development & Validation Practices That Drive Predictable Results CMMI (a) Level Heroes/Initial: Level 1 Optimizing: Level 5 Defect Predictability 10-20 Defects/KLOC In delivered code 0.05 Defects/KLOC In delivered code Schedule Predictability Software release schedules slip up to 100% Software releases on schedule 95% of the time Product Predictability Several key features deferred to the next release Product performance delivered meets the Systems Requirement Specification Ref: Real-world benchmarks for PSP, Carnegie Mellon University Software Engineering Institute 1999 (a) : Capability Maturity Model Integrated

4 4 David R. Jones Philips Medical Systems Software Development & Validation Practices That Drive Predictable Results – and Map To FDA Requirements Ref: Best Practices in Software Design for Medical Devices March, 2004. Presentation by D.R. Jones, T. Shah.

5 5 David R. Jones Philips Medical Systems IT and Biomedical Our devices are life- critical! Our information systems are mission- critical!

6 6 David R. Jones Philips Medical Systems IT and Biomedical Different Perspective Life-critical vs. mission-critical Medical devices vs. Information Systems The Biomed links medicine and technology

7 7 David R. Jones Philips Medical Systems Convergence Medical Technology intertwined with IT Move toward Electronic Medical Record (EMR), Clinical Decision Support Systems (CDSS) requires information flow Devices are an integral part of information flow More regulations and protocol requirements (JCAHO, Leapfrog) drives data movement Desire to integrate data from real-time systems to achieve smart/predictive alarms

8 8 David R. Jones Philips Medical Systems The Real Time Patient Monitoring And Diagnosis Continuum

9 9 David R. Jones Philips Medical Systems Security: Today’s Environment Thousands of new vulnerabilities yearly Weekly attacks on the rise Viruses are quick – patch validation is relatively slow Hospitals are public places Hospitals subject to privacy and security regulations

10 10 David R. Jones Philips Medical Systems Security Risk = Vulnerabilities x Threats Mitigation Vulnerabilities –Flaws or weaknesses in system design, implementation, operation, or management Threats –Malicious inside or outside intruders, accidents Mitigation –Security measures

11 11 David R. Jones Philips Medical Systems HIPAA Security Rule A regulation, not a standard Goal: develop and maintain the security of all electronic protected health information (PHI). Hospitals must protect against “reasonably anticipated” security threats/disclosure of info Largely administrative, even for security Some technical safeguards are recommended Covered Entities are: –Health Plans –Health Care Providers –Health Care Data Clearing Houses Heath care providers, therefore, ask Medical Device Manufacturers for features and assurances that help them comply

12 12 David R. Jones Philips Medical Systems Shared Responsibility for Security Vendor role –Risk assess products considering intended user environment –Be sure hospital IT is involved early –Validate patches for critical systems –Understand customer security needs Customer role –Multi-layer strategy to protect information Policy, process, technology risk management, and contingency planning –Firewalls or other network devices are good practice –Follow medical device vendor statements on patching

13 13 David R. Jones Philips Medical Systems The Role of the FDA With respect to security patching of the OS on certain (regulated) products: The vendor must prove that software still is safe and effective in the presence of the patch Thorough testing under a quality system takes time and effort to prove this, depending on complexity The FDA requires that vendors have a quality system, and that vendors verify changes, including patches.

14 14 David R. Jones Philips Medical Systems Current Diagnosis and Treatment Process Ref: MEDICAMUNDI 47/1 April 2003

15 15 David R. Jones Philips Medical Systems Software Based Predictive Medicine Ref: MEDICAMUNDI 47/1 April 2003

16

Download ppt "Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.

Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Instituting Controls in Systems Development Gurpreet Dhillon Virginia Commonwealth University.

Instituting Controls in Systems Development Gurpreet Dhillon Virginia Commonwealth University.
Standardization. Introduction A standard is a document. It is a set of rules that control how people should develop and manage materials, products, services,

Standardization. Introduction A standard is a document. It is a set of rules that control how people should develop and manage materials, products, services,
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions.

What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions.

Similar presentations

Ads by Google