This book includes a plain text version that is designed for high accessibility. To use this version please follow this link.
Interoperability


Help for incorporating medical devices into IT networks


New guidance shows how the risk-management process fi ts into the lifecycle of a shared network. By Karen Delvecchio


I


n the last decade, healthcare technologies have become increasingly interconnected and co-depen- dent. IT networks are supporting medical devices that have historically been segregated, and general IT networks, the backbone of a technology infrastructure, are no longer islands on their own. In 2005, the FDA encouraged the standards community to help address this looming issue. The International Elec- trotechnical Commission (IEC) and International Orga- nization for Standardization (ISO) responded by forming a joint working group called JWG7. After years of work and analysis, the working group released a new standard called the “IEC 80001-1: Application of risk management for IT networks incorporating medical devices.” Released late last year, the new IEC 80001-1 stan- dard is designed to help the healthcare industry minimize risks and facilitate efficiency, patient safety and network security. The


Karen Delvecchio is a lead systems designer at GE Healthcare.


For more information on GE Healthcare solutions: www.rsleads.com/106ht-202


standard defi nes a framework for applying the risk- management process incorporating medical devices onto shared enterprise IT networks.


Below are four key recommendations for hospitals to strengthen their risk-management processes.


Educate yourself and your internal teams Because IEC 80001-1 is designed to clearly defi ne positions, functions and activities needed for incorporat- ing medical devices into IT networks, several hospital departments – including clinical engineering, IT, clini- cal staff and risk management – must understand the standard and each role in order to aid in the adoption of new technologies and guidelines as well as facilitate incorporation into existing risk-management practices.


Establish risk management


Risk assessment involves considering all accidents or failures that may occur that are related to operating medi- cal devices on a network, as well as analyzing probable consequences if such events should occur. Performing


10 June 2011


this analysis with a pre-established set of scales and ac- ceptability guidelines ensures a smoother process and better communications among the risk-team members. This new standard is based on the risk-management methods in ISO 14971 and requires four main risk- management activities: analyze, evaluate, control and re-analyze. However, 80001-1 goes beyond ISO 14971 in that it shows how the risk-management process fi ts into the lifecycle of a shared network.


Engage other collaborators


Connecting and working with the medical device manu- facturers as well as the non-medical device manufacturers (e.g., server manufacturers, manufacturers and installers of network infrastructure) is vital to the implementation of the standard. Medical IT networks are complex, living super-systems of medical devices and IT equipment. While risk must be shared and ultimately controlled by those who own and maintain the network, it’s important to ensure that there is appropriate information fl ow between the hos- pital, medical device manufacturer and other IT providers such that thorough risk analysis can be completed.


Take small steps: 80001-1 is currently voluntary It took years to develop the standard, which could be considered phase one. Now we’re moving into phase two, which is early implementation. This is where the standard will be put to the test; 80001-1 can be applied in small steps. Choose a new project, a new portion of the network or a small list of hazards to consider in a network. Hazards can include lost connectivity, incorrect data or some security provision like unauthorized access. You could also start with a small list of faults. What are the top three or four things that could go wrong? Maybe network hardware failures, misconfi guration or timing of network maintenance. Or ask yourself if the network design is capable of managing the load of devices that you are expecting it to manage.


Also, many of the concepts in 80001-1 may already be implemented in your organization but may not be formal- ized or documented. Early efforts in compliance can be simply taking credit for things you already do.


HMT HEALTH MANAGEMENT TECHNOLOGY www.healthmgttech.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68