creators_name: Hegarty, Francis J
creators_name: MacMahon, Silvana Togneri
creators_name: Byrne, Patricia
creators_name: McCaffery, Fergal
creators_id: silvana.macmahon@dkit.ie
creators_id: fergal.mccaffery@dkit.ie
type: article
datestamp: 2014-12-11 12:56:54
lastmod: 2014-12-11 12:56:54
metadata_visibility: show
title: Assessing a Hospital’s Medical IT Network Risk Management
Practice with 80001-1
ispublished: pub
subjects: subject_software
full_text_status: public
keywords: Medical devices; Healthcare costs; IT network; ANSI/AAMI/IEC 80001-1; Risk management practice.
abstract: Medical device interoperability has been identified as a key way of decreasing healthcare costs while improving patient care.1 This has lead to a shift toward placing more medical devices onto information technology (IT) networks. However, placing medical devices onto an IT network may lead to additional risks to safety, effectiveness and security of the devices, the network, and the data. ANSI/AAMI/IEC 80001-1 addresses the roles, responsibilities, and activities that need to be carried out when managing these risks. In this article, we describe an exercise undertaken to assess the medical IT network risk management practice implemented
within a hospital to control risk associated with a clinical information system (CIS). The level of compliance with the 80001-1 standard was determined using an assessment framework developed by the Regulated Software Research Centre (RSRC). The purpose of this exercise was to test and inform the development of an assessment method that is part of the assessment framework for this standard. The exercise also sought to identify how the management of such an existing CIS project meets the requirements of 80001-1.
date: 2014-02
date_type: published
publication: AAMI Biomedical Instrumentation and Technology
volume: 48
number: 1
publisher: Association for the Advancement of Medical Instrumentation
pagerange: 64-71
refereed: TRUE
issn: 0899-8205
official_url: http://www.aami.org/publications/BIT/
referencetext: 1. West Health Institute, The Value of Medical Device Interoperability - Improving patient care with more than $30 billion in annual health care savings. 2013.

2. IEC, IEC 60601-1 Medical Electrical Equipment - Part 1: General requirements for basic safety and essential performance. Edition 3.1 2012, International Electrotechnical Commission: Geneva, Switzerland.

3. ISO/IEC 20000-1:2011, Information technology - Service Management - Part 	1: Service management system requirements. Geneva, Switzerland.

4. IEC, IEC 80001-1 - Application of Risk Management for IT-Networks incorporating Medical Devices - Part 1: Roles, responsibilities and activities. 2010, International Electrotechnical Commission: Geneva, Switzerland.

5. Mosby's Medical Dictionary, 8th edition. © 2009, Elsevier.

6. Hegarty F., Sheahan N., Walsh C., Fanning B., & Ryan T. Validating a new Clinical Information system: Mapping data flow between systems. European Journal of Medical Physics Vol.XVII No. 3 Jul 2001.

7. DS/EN/ISO/IEC 17025, General requirements for the competence to testing and calibration laboratories, First edition, 2000-04-27

8. Byrne, P. Validation of Clinical Information System Interfaces. Annual Health Informatics Society of Ireland Conference, 2011. 

9. ISO/IEC, ISO/IEC 15504-2:2003 - Software engineering — Process assessment — Part 2: Performing an assessment. 2003: Geneva, Switzerland.

10. MacMahon, S. T., Mc Caffery, F. & Keenan, F. (2013). Risk Management of Medical IT Networks: An ISO/IEC 15504 Compliant Approach to Assessment against IEC 80001-1. In: ICSSP San Francisco ACM. 156 - 160.

11.MacMahon, S.T., F. McCaffery, and F. Keenan, Transforming Requirements of IEC 80001-1 into an ISO/IEC 15504-2 Compliant Process Reference Model and Process Assessment Model, in EuroSPI. 2013: Dundalk, Co Louth, Ireland. p. 11.11 - 11.18.

12. MacMahon, S.T., F. Mc Caffery, and F. Keenan, The Approach to the Development of an Assessment Method for IEC 80001-1, in Software Process Improvement and Capability Determination, SPICE 2013. 2013, Springer: Bremen, Germany. p. 37-48.

13. MacMahon, S.T., F. Mc Caffery, M. Lepmets, S. Eagles, A. Renault, and F. Keenan, Assessing against IEC 80001-1, in Healthinf 2013. 2013: Barcelona, Spain. p. 305 to 308.

14. MacMahon, S.T., F. McCaffery, S. Eagles, F. Keenan, M. Lepmets, and A. Renault, Development of a Process Assessment Model for assessing Medical IT Networks against IEC 80001-1, in Software Process Improvement and Capability Determination, SPICE 2012. 2012, Springer Mallorca, Spain. p. 148 to 160.

15. MacMahon, S.T., F. Mc Caffery, and F. Keenan, Towards a Process Assessment Model for IEC80001-1, in Healthinf 2013. 2013: Barcelona, Spain. p. 301 to 304.

16. ANSI/AAMI EQ 56:2013 Recommended practice for a medical equipment management program. 2013 AAMI, Arlington, USA

citation:   Hegarty, Francis J and MacMahon, Silvana Togneri and Byrne, Patricia and McCaffery, Fergal  (2014) Assessing a Hospital’s Medical IT Network Risk Management Practice with 80001-1.  AAMI Biomedical Instrumentation and Technology, 48 (1).  pp. 64-71.  ISSN 0899-8205     
document_url: http://eprints.dkit.ie/409/1/AAMI%20-%20STOR%20Upload%20PDF.pdf