Keynote on IEC

Transcription

1 Oct. 30, 2012, Luebeck Keynote on IEC What is the objective of IEC ? Which benefits are provided for hospitals? Where apply the key properties of IEC ? Beim Strohhause Hamburg phone +49 (0) fax +49 (0) web Dipl.-Ing. Oliver P. Christ CEO Prosystem AG / Prosystem USA LLC

2 2

3 Scope and Key Properties of IEC : 2010 This standard defines roles, responsibili3es and ac3vi3es that are necessary for RISK MANAGEMENT of IT- NETWORKS incorpora3ng MEDICAL DEVICES to address Ø SAFETY, Ø EFFECTIVENESS Ø DATA & SYSTEM SECURITY (the KEY PROPERTIES), Diese int. Norm definiert Aufgaben, Verantwortlichkeiten und Ak6vitäten: Sicherheit für Pa3enten, Anwender und DriVe Effek6vität *) = Wirksamkeit eines medizinischen IT Netzwerkes angestrebte Abläufe zu erreichen (Workflow) Daten- und Systemsicherheit Schutz vor dem Verlust der Vertraulichkeit, der Vollständigkeit und der Verfügbarkeit der Daten und Systeme *) German Na6onal Foodnote 3

4 Milestones & Publication Dates of IEC series Publication of International Standard: October 27 th, 2010 Publication of the German national Version: Nov., 2011 Last international Meeting JWG7: Sept 24-25, 2012, Vienna Further Technical Reports for the IEC series: - Responsibility Agreement (IEC y) - Distributed Alarm Systems (IEC y) 4

5 The structure of the IEC series IEC Part 1: Roles, Responsibili6es and Ac6vi6es IEC X References to other IT Standards / Spec ISO/IEC :2005 IEC 62304:2006 IEEE ff HL7, DICOM IEC Y Technical Reports Y = 1: Step- by Step RM Y = 2: Security Y = 3: Wireless Y = 4: HDO Guidance Y = 5: Alarm Integra6on Y = 6: Responsibility Agreement 5

6 Application of risk management for IT-networks incorporating medical devices Part 2-Y: Guidance for Responsibility Agreements This Technical Report provides guidance on implemen3ng RESPONSIBILITY AGREEMENTS, which are required in ISO/IEC for the purpose of defining the roles and responsibili3es of all relevant stakeholders in the MEDICAL IT- NETWORK. Stakeholders may include health delivery organiza3ons, IT vendors, medical device manufacturers and others. RESPONSIBILITY AGREEMENTS are intended to support risk management of the three KEY PROPERTIES (SAFETY, EFFECTIVENESS, and DATA AND SYSTEMS SECURITY) for the benefit of pa3ents. The goal of a responsibility agreement is to establish roles and responsibili3es among the stakeholders engaged in the incorpora3on of a MEDICAL DEVICE into an IT- NETWORK in order to support compliance to These roles and responsibili3es should cover the complete lifecycle of the resul3ng MEDICAL IT- NETWORK info@prosystem-ag.com 6

7 The Start: Responsibility Agreement among various parties Hospital IT Department (IT) BioMed (MT) Einkauf und Vertrags- management MDM IT- Provider 7

8 Responsibility Agreement Provides legal framework for collaboration Is needed, when Medical Devices from more than one supplier are intended to be incorporated into one (medical) IT network Recommand also to be used for internal departments at a Responsible Organization (e.g. BioMeds, IT, others) It is suitable as a Service Level Agreement (SLA) Content Identification of all parties to be involved Specification of Medical IT-Network and project goals. Description of roles, responsibilities and activities Definition of all Information to be provided / exchanged info@prosystem-ag.com 8

9 Example: Medical Device Regula6on in Europe (MDD) Who is responsible for Safety & Effectiveness? Located outside EU 93/42/EEC Criteria: Name + Address First- 6me placing on the market Placing on the market 9

10 Essential Requirements (MDD inkl. 2007/47/EG vom ) 13. Information supplied by the manufacturer (MDD 93/42/EEC, Annex I) Each device must be accompanied by the information needed to use it safely and properly, taking account of the training and knowledge of the potential users, and to identify the manufacturer. relevant for the manufacturer 10

11 Example: Legal Requirements in German Medical Device Act (MPBetreibV; Stand: ; I 2326) Rules for Responsible Organisation: Medical Devices shall be established, operated and used only in accordance with their Intended Use & state-of-the art Personnel need necessary education & experience to established, operated, use and maintain Medical Devices Combined Medical Devices (including Accessories and Software) shall only be put into service according the rules above The Operator/User of a Medical Device (or System) must cross-check the integrity of the functional capabilities of a Medical Device (including SW) before applying it to a patient. These rules are also applicable for Medical Devices incorporated to an Medical IT-Network 11

12 Defini6on of Medical Device according 2007/47/EEC medical device means any instrument, apparatus, appliance, sodware, material or other ar3cle, whether used alone or in combina3on, including the sodware intended by its manufacturer to be used specifically for diagnos3c and/or therapeu3c purposes and necessary for its proper applica3on, intended by the manu- facturer to be used for human beings for the purpose of. : 12

13 Essential Requiremements MDD, Annex I, clause 12.1a For devices which incorporate so2ware or which are medical so2ware in themselves, the so2ware must be validated according to the state of the art taking into account the principles of - development lifecycle, - risk management *), - valida?on and verifica?on. *) relevant for Sodware: DIN EN ISO DIN EN IEC/TR IEC Health sodware systems Part 1: General requirements 13

14

15 Electrical Safety: IEC (3 rd edition) In an environment of 1,5 m around an (accommodated) Patient increased requirements for Medical Electrical Equipment do apply including their connection to (medical) IT networks. 15

16 PEMS = Programmable Electrical Medical Systems IEC /A1 (8.2012) PEMS intended to be connected to an IT-Network If the PEMS is intended to be incorporated into an IT-NETWORK that is not validated by the PEMS MANUFACTURER, the MANUFACTURER shall make available instructions for implementing such connection including the following: a) the purpose of the PEMS s connection to an IT-NETWORK; b) the required characteristics of the IT-NETWORK incorporating the PEMS; c) the required configuration of the IT-NETWORK incorporating the PEMS; d) the technical specifications of the network connection of the PEMS including security specifications; e) the intended information flow between the PEMS the IT-NETWORK and other devices on the IT-NETWORK, and the intended routing through the IT-NETWORK; and NOTE 1 This can include aspects of effectiveness and data and system security as related to BASIC SAFETY and ESSENTIAL PERFORMANCE (see also Clause H.6 and IEC :2010). f) a list of the HAZARDOUS SITUATIONS resulting from a failure of the IT-NETWORK to provide the characteristics required to meet the purpose of the PEMS connection to the IT-NETWORK. Compliance is checked by inspec?on of the instruc?ons. 16

17 IEC clause

18 IEC /A1 (continue) In the ACCOMPANYING DOCUMENTS the MANUFACTURER shall instruct the RESPONSIBLE ORGANISATION that: connection of the PEMS to an IT-NETWORK that includes other equipment could result in previously unidentified RISKS to PATIENT, OPERATORS or third parties; the RESPONSIBLE ORGANISATION should identify, analyze, evaluate and control these RISKS; subsequent changes to the IT-NETWORK could introduce new RISKS and require additional analysis; and changes to the IT-NETWORK include: changes in the IT-network configuration; connection of additional items to the IT-NETWORK; disconnecting items from the IT-NETWORK; update of equipment connected to the IT-NETWORK; upgrade of equipment connected to the IT-NETWORK. NOTE 3: IEC provides guidance for the RESPONSIBLE ORGANIZATION to address these RISKS. Compliance is checked by inspec?on of the ACCOMPANYING DOCUMENTS. 18

19 Important roles and responsibilities in IEC Responsible Organiza3on Top Management reports assigns Risk- Manager provide Informa6on Medical Devices Manufacturer Others 19

20 The Medical IT-Network (protection goal of IEC ) Originally separate Medical Devices get connected via an (unsafe & unsecure) IT-Network of the Responsible Organization Out of this general IT-Network emerge a new The Issues are Medical IT-Network Heavily regulated safe Medical Devices get connected with off-the-shelf IT-Hardware There is no clear Responsibilities established (MT vs. IT) Disturbances/Overload at an IT-Network could compromise the safety of Medical Devices IT-Networks are supposed to run 24/7 info@prosystem-ag.com 20

21 Requirements to: 21

22 Change-Release- Management (upper part)

23 Change-Release-Management (lower part)

24 Med. IT-Network Documentation Information-flow (simplified) Information-flow and Dataflow in the Network Medical IT- Network Hospital Network UltraSound Clinical- Worksta6on Router Switch PACS - System DICOM - Image Pa6entdata 24

25 Risk-Management Plan Key Properties Definition for each Medical IT-Network (separately) Key Properties for Risk-Management are: Safety for Patient, User/Operator und Third Parties Effectiveness for intended workflows supported by the IT-Network ability to produce the intended result for the PATIENT and the RESPONSIBLE ORGANIZATION Data- & System Security reasonable protection from degradation of confidentiality, integrity and availability (of information assets) 25

26 Risk-Management Central Process of IEC for: Identification of Hazards Evaluation of corresponding Risks Control of these Risks always in conjunction with the Intended Use of a network The Process Risk-Management shall be applied Before putting a Medical IT-Network into service When modifying an existing Medical IT- Network and/or its components info@prosystem-ag.com 26

27 Risk Analysis & Evaluation - Defined Terms Cause Blackbox UltraSound Equipment PACS - System Clinical- Worksta6on Hazard Hazardous Situa6on Amniocentesis 27

28 Which benefits provide IEC ? Insures the Ability to communicate between the Responsible Organization and its Suppliers (MDM, IT-Provider, others) Introduce the concept of Medical IT-Network and requires a distinguished separation to other IT Networks. Clarifies Requirements for Safety of Medical IT-Networks (safety, effectiveness, security) and protect against liability issues. Requires 5 Processes to ensure that Medical IT-Networks can be operated safe & effective Provides Ability for decision making for complex issues by utilizing systematically a Risk-Management approach 28

29 What are the objectives of IEC ? Talk to each other! (internally, externally, RO with Suppliers) Balanced Key Properties (Risk-Policies of the RO for) Safety (for Patient, User/Operator and Third Parties) Effectiveness (for workflows supported by the IT-Network) Data & System Security (confidentiality, integrity and availability) Implementation of a RM-Process for Medical IT-Networks (+ Change-, Configuration-, Monitoring and Event-Management) Integration* ) of MD in IT-Network only with Risk Controls (after RM-Process or by a Change Permit ) * ) or withdrawal Conscious Decisions! (for Residual Risks of Med. IT-Networks) 29

30 How will IEC impact the Healthcare Sector? (from a Hospital viewpoint) Phase I: Gesprächsfähigkeit herstellen ( IEC Readiness ) Gain Knowledge about IEC requirements; establish required technical documents; open up for dialog with various suppliers. Phase II: Service-Partnerschaft einrichten ( IEC Willingness ) Continuous Collaboration with various Suppliers (MDM, IT-Provider); cooperation is based on Responsibility Agreement(s) e.g. Service-Level Agreements; Implementation of suitable Processes; monthly accurate Security-Patches; testing and release of security-patches in a timely manner; Collaboration with competitive ROs and Suppliers Phase III: RM-Partnerschaft aufbauen ( IEC fulfilling best ) Hospitals (RO) benefit from external Integration-Services from MD-Manufacturer / IT-Provider, e.g. by utilizing external Medical IT-Network Risk-Manager services for Moderation and Integration activities. They establish and maintain detailed IEC Checklists and operate with valid Security-Documentation; Change-Release- Management will become a routine process on a daily basis. 30

31 Summary and Examples for Implementation The foundation to apply IEC is in place Each Medical IT-Network has been Risk analized A comprehensive Technical File for each Medical IT-Network Established Processes ensure a consistent approach for - Changes - Events Activities and Responsibilities are clearly defined Next steps shall be: Improvement of existing Processes Integration of further Medical IT-Networks Establishing Interfaces to other Processes 31