Silvana Togneri MacMahon
ABSTRACT
The incorporation of a medical device into an IT network can introduce risks that may not have been addressed during the design and manufacture of the device. IEC 80001-1 is a lifecycle risk management standard which was developed to address these risks. This paper presents research which has been performed to date which has led to the development of a Process Reference Model (PRM) and Process Assessment Model (PAM) which can be used by Healthcare Delivery Organisations to assess themselves against IEC 80001-1. This paper also presents future work in this area which includes the development of an assessment method for IEC 80001-1 and the validation of the PRM, PAM and assessment method.
- Barafort, B., Betry, V., Cortina, S., Picard, M., St Jean, M., Renault, A., Valdés, O., and Tudor, P.R.C.H., 2009. ITSM Process Assessment Supporting ITIL : Using TIPA to Assess and Improve your Processes with ISO 15504 and Prepare for ISO 20000 Certification. Van Haren, Zaltbommel, Netherlands.Google Scholar
- Barafort, B., Di Renzo, B., and Merlan, O., 2002. Benefits Resulting from the Combined Use of ISO/IEC 15504 with the Information Technology Infrastructure Library (ITIL) Product Focused Software Process Improvement. In (2002), Springer Berlin / Heidelberg, 314-325. DOI= http://dx.doi.org/10.1007/3-540- 36209-6_27. Google ScholarDigital Library
- Barafort, B., Renault, A., Picard, M., and Cortina, S., 2008. A transformation process for building PRMs and PAMs based on a collection of requirements – Example with ISO/IEC 20000. In Proceedings of the SPICE (Nuremberg, Germany2008).Google Scholar
- Cooper, T., David, Y., and Eagles, S., 2011. Getting Started with IEC 80001: Essential Information for Healthcare Providers Managing Medical IT-Networks. AAMI.Google Scholar
- Dugmore, J. and Taylor, S., 2008. ITILv3 and ISO/IEC 20000 - Alignment White Paper - March 2008. In Best Management Practice for IT Service Management OCG,TSO and BSI.Google Scholar
- Gee, T., 2008. Medical Device Networks Trouble Industry Medical Connectivity.Google Scholar
- IEC, 2010. IEC 80001-1 - Application of Risk Management for IT-Networks incorporating Medical Devices - Part 1: Roles, responsibilities and activities International Electrotechnical Commission, Geneva, Switzerland.Google Scholar
- ISO/IEC, 2003. ISO/IEC 15504-2:2003 - Software engineering — Process assessment — Part 2: Performing an assessment, Geneva, Switzerland.Google Scholar
- ISO/IEC, 2005. ISO/IEC 20000-2:2005 - Information technology --Service management --Part 2: Code of Practice, Geneva, Switzerland.Google Scholar
- ISO/IEC, 2008. ISO/IEC 12207:2008 - System and Software Engineering - Software Life Cycle Processes, Geneva, Switzerland.Google Scholar
- ISO/IEC, 2010. ISO/IEC TR 20000-4:2010 - Information technology — Service management - Part 4: Process reference model, Geneva, Switzerland.Google Scholar
- ISO/IEC, 2010. ISO/IEC TR 24774:2010 - Systems and software engineering — Life cycle management — Guidelines for process description, Geneva, Switzerland.Google Scholar
- ISO/IEC, 2011. ISO/IEC 20000-1:2011 - Information technology —Service management Part 1: Service management system requirements, Geneva, Switzerland.Google Scholar
- ISO/IEC, 2012. ISO/IEC 15504-5:2012 Information technology --Process assessment --Part 5: An exemplar software life cycle process assessment model, Geneva,Switzerland.Google Scholar
- The Cabinet Office, 2011. ITIL 2011 - Summary of Updates Crown Copyright, Norfolk, England.Google Scholar
- U.S. Department of Health and Human Services, Food and Drug Administration, Center for Devices and Radiological Health, Office of Compliance, and Evaluation, O.o.D., 2005. Guidance for Industry - Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software, FOOD AND DRUG ADMINISTRATION Ed., 5630 Fishers Lane, Room 1061, (HFA-305), Rockville, MD, 20852.Google Scholar
- Zimmerman, J. and Forlizzi, J., 2008. The role of design artifacts in design theory construction. Artifact 2, 1, 41-45.Google Scholar
Index Terms
- Risk management of medical IT networks: an ISO/IEC 15504 compliant approach to assessment against IEC 80001-1
Recommendations
Development and validation of the MedITNet assessment framework: improving risk management of medical IT networks
ICSSP 2015: Proceedings of the 2015 International Conference on Software and System ProcessThe use of networked medical devices can provide a number of benefits such as improved patient safety, reduced costs of care and a reduction in adverse events. Traditionally, medical devices were placed onto a proprietary IT network provided by the ...
Revising IEC 80001-1: Risk management of health information technology systems
Highlights- The management of chronic disease has increased the focus of providing a high standard of care to patients while reducing costs.
AbstractIEC 80001-1 was published in 2010 and is now undergoing revision. Feedback gathered on the adoption of the standard has revealed a number of barriers that have impacted its adoption. The standard provides requirements related to the ...
Harmonizing ISO-IEC 15504 and CMMI
Special Issue using ISO-IEC 15504The requirements for conformance of a process model to the international standard for process assessment, ISO-IEC 15504, cover a broad range. The most significant of these is the need to establish a complete and unambiguous mapping between the Process ...
Comments