1、ANSI/AAMI/IEC TIR80001-2-1:2012Technical Information ReportApplication of risk management for IT-networks incorporating medical devices Part 2-1: Step by step risk management of medical IT-networks; Practical applications and examplesAn ANSI Technical Report prepared by AAMI ANSI/AAMI/IEC TIR80001-2
2、-1:2012 Application of risk management for IT-networks incorporating medical devices Part 2-1: Step by step risk management of medical IT-networks; Practical applications and examples Approved 20 July 2012 by Association for the Advancement of Medical Instrumentation Approved 2 September 2012 by Ame
3、rican National Standards Institute, Inc. Abstract: Step-by-step guide to help in the application of risk management when creating or changing a medical IT-network. Keywords: medical device, risk management, information technology, interoperability, IT-network Published by Association for the Advance
4、ment of Medical Instrumentation 4301 N. Fairfax Drive, Suite 301 Arlington, VA 22203-1633 www.aami.org 2012 by the Association for the Advancement of Medical Instrumentation All Rights Reserved This publication is subject to copyright claims of ISO, ANSI, and AAMI. No part of this publication may be
5、 reproduced or distributed in any form, including an electronic retrieval system, without the prior written permission of AAMI. All requests pertaining to this document should be submitted to AAMI. It is illegal under federal law (17 U.S.C. 101, et seq.) to make copies of all or any part of this doc
6、ument (whether internally or externally) without the prior written permission of the Association for the Advancement of Medical Instrumentation. Violators risk legal action, including civil and criminal penalties, and damages of $100,000 per offense. For permission regarding the use of all or any pa
7、rt of this document, complete the reprint request form at www.aami.org or contact AAMI, 4301 N. Fairfax Drive, Suite 301, Arlington, VA 22203-1633. Phone: +1-703-525-4890; Fax: +1-703-525-1067. Printed in the United States of America ISBN 1570204543 AAMI Technical Information Report A technical info
8、rmation report (TIR) is a publication of the Association for the Advancement of Medical Instrumentation (AAMI) Standards Board that addresses a particular aspect of medical technology. Although the material presented in a TIR may need further evaluation by experts, releasing the information is valua
9、ble because the industry and the professions have an immediate need for it. A TIR differs markedly from a standard or recommended practice, and readers should understand the differences between these documents. Standards and recommended practices are subject to a formal process of committee approval
10、, public review, and resolution of all comments. This process of consensus is supervised by the AAMI Standards Board and, in the case of American National Standards, by the American National Standards Institute. A TIR is not subject to the same formal approval process as a standard. However, a TIR i
11、s approved for distribution by a technical committee and the AAMI Standards Board. Another difference is that, although both standards and TIRs are periodically reviewed, a standard must be acted onreaffirmed, revised, or withdrawnand the action formally approved usually every five years but at leas
12、t every 10 years. For a TIR, AAMI consults with a technical committee about five years after the publication date (and periodically thereafter) for guidance on whether the document is still usefulthat is, to check that the information is relevant or of historical value. If the information is not use
13、ful, the TIR is removed from circulation. A TIR may be developed because it is more responsive to underlying safety or performance issues than a standard or recommended practice, or because achieving consensus is extremely difficult or unlikely. Unlike a standard, a TIR permits the inclusion of diff
14、ering viewpoints on technical issues. CAUTION NOTICE: This AAMI TIR may be revised or withdrawn at any time. Because it addresses a rapidly evolving field or technology, readers are cautioned to ensure that they have also considered information that may be more recent than this document. All standar
15、ds, recommended practices, technical information reports, and other types of technical documents developed by AAMI are voluntary, and their application is solely within the discretion and professional judgment of the user of the document. Occasionally, voluntary technical documents are adopted by go
16、vernment regulatory agencies or procurement authorities, in which case the adopting agency is responsible for enforcement of its rules and regulations. Comments on this technical information report are invited and should be sent to AAMI, Attn: Standards Department, 4301 N. Fairfax Drive, Suite 301,
17、Arlington, VA 22203-1633. ANSI Technical Report This AAMI TIR has been registered by the American National Standards Institute as an ANSI Technical Report. Publication of this ANSI Technical Report has been approved by the accredited standards developer (AAMI). This document is registered as a Techn
18、ical Report series of publications according to the Procedures for the Registration of Technical Reports with ANSI. This document is not an American National Standard and the material contained herein is not normative in nature. Comments on this technical information report are invited and should be
19、 sent to AAMI, Attn: Standards Department, 4301 N. Fairfax Drive, Suite 301, Arlington, VA 22203-1633. Contents Page Glossary of equivalent standards . vii Committee representation . x FOREWORD . xii INTRODUCTION xiv 1 Scope . 1 2 Normative references 1 3 Terms and definitions 1 4 Prerequisites . 7
20、5 Study of terms used in RISK MANAGEMENT 7 5.1 Overview 7 5.2 HAZARDS 8 5.3 HAZARDOUS SITUATIONS . 8 5.4 Foreseeable sequences of events and causes . 9 5.5 UNINTENDED CONSEQUENCE . 9 5.6 RISK CONTROL measures (mitigations) 10 5.7 Degrees of RISK 11 5.8 Checking wording 11 6 The steps 12 6.1 Overview
21、 of the steps 12 6.2 A basic example using the 10 steps . 12 6.2.1 General 12 6.2.2 Initial RISK Steps 1 5 (Figure 2) 12 13 7 IEC 80001-1:2010, Subclause 4.4: Step by step 16 7.1 General 16 7.2 Application of Subclause 4.4.1: Document all RISK MANAGEMENT elements 16 7.3 Note about RISK EVALUATION .
22、16 7.4 The 10-step PROCESS . 16 7.4.1 STEP 1: Identify HAZARDs and HAZARDOUS SITUATIONS 16 7.4.2 STEP 2: Identify causes and resulting HAZARDOUS SITUATIONS 17 7.4.3 STEP 3: Determine UNINTENDED CONSEQUENCES and estimate the potential severities . 18 7.4.4 STEP 4: Estimate the probability of UNINTEND
23、ED CONSEQUENCE . 18 7.4.5 STEP 5: Evaluate RISK . 19 7.4.6 STEP 6: Identify and document proposed RISK CONTROL measures and re-evaluate RISK (return to Step 3) 20 7.4.7 STEP 7: Implement RISK CONTROL measures 21 7.4.8 STEP 8: Verify RISK CONTROL measures . 21 7.4.9 STEP 9: Evaluate any new RISKS ari
24、sing from RISK CONTROL. 22 7.5 The steps and their relationship to IEC 80001-1 and ISO 14971 . 23 Background of AAMI adoption of IEC/TR 80001-2-1:2012 . xi 7.4.10 STEP 10: Evaluate and report overall RESIDUAL RISK 236.2.3 RISK CONTROL and final RISK Steps 6 10 (Figure 3) 8 Practical examples 25 8.1
25、General 25 8.2 Example 1: Wireless PATIENT monitoring during PATIENT transport 25 8.2.1 Full description of context 25 8.2.2 Description of network under analysis 25 8.2.3 The 10 Steps 25 8.3 Example 2: Remote ICU / Distance medicine . 28 8.3.1 Full description of context 28 8.3.2 Description of net
26、work under analysis 28 8.3.3 The 10 Steps 28 8.4 Example 3: Post Anesthesia Care Unit (PACU) 31 8.4.1 Full description of context 31 8.4.2 Description of network under analysis 31 8.4.3 The 10 Steps 32 8.5 Example 4: Ultrasound Operating system (OS) vulnerability 37 8.5.1 Full description of context
27、 37 8.5.2 Description of network under analysis 37 8.5.3 The 10 Steps 37 Annex A (informative) Common HAZARDS, HAZARDOUS SITUATIONS, and causes to consider in MEDICAL IT-NETWORKS 41 Annex B (informative) List of questions to consider when identifying HAZARDs of the MEDICAL IT-NETWORK 46 Annex C (inf
28、ormative) Layers of MEDICAL IT-NETWORKS where errors can be found . 47 Annex D (informative) Probability, severity, and RISK acceptability scales used in the examples in this technical report . 50 Annex E (informative) MONITORING RISK mitigation effectiveness 53 Annex F (informative) RISK ANALYZING
29、small changes in a MEDICAL IT-NETWORK 56 Annex G (informative) Example of Change Window Form . 57 Annex H (informative) Template for examples 58 Bibliography 60 Figure 1 Basic flow of concepts from HAZARD to HAZARDOUS SITUATION to UNINTENDED CONSEQUENCE 8 Figure 2 Steps 1 5: HAZARD identification th
30、rough RISK EVALUATION 13 Figure 3 Steps 6 10: RISK CONTROL measures through overall RESIDUAL RISK . 14 Figure 4 Sample summary RISK ASSESSMENT register format . 15 Figure 5 Relation of cause to HARM . 19 Figure 6 Schematic of the post anesthesia care unit (PACU) 32 Figure 7 Example of the use of col
31、or coding cables 35 Figure 8 Sample summary RISK ASSESSMENT register for the PACU example . 36 Figure D.1 Application of STEPs 5 and 6 with 3 levels of RISK acceptability 52 Figure F.1 Overview of RISK ANALYZING small changes in a MEDICAL IT-NETWORK . 56 Table 1 Relationship of KEY PROPERTIES, SAFET
32、Y, EFFECTIVENESS and DATA AND SYSTEMS SECURITY with associated UNINTENDED CONSEQUENCE as used in this technical report . 10 Table 2 Methods for checking accurate and appropriate wording of causes, HAZARDOUS SITUATIONS, and UNINTENDED CONSEQUENCES 11 Table 3 Relationship between this technical report
33、, IEC 80001-1:2010 and ISO 14971:2007 24 Table A.1 HAZARDS related to potential required network characteristics . 43 Table A.2 Relationship between HAZARDS, foreseeable sequences, and causes 44 Table A.3 Relationship between HAZARDS, causes, foreseeable sequences, and HAZARDOUS SITUATIONS . 45 Tabl
34、e C.1 Layers of a MEDICAL IT-NETWORK . 47 Table C.2 Example of the layers of a MEDICAL IT-NETWORK 49 Table D.1 Probability scales used in the examples in this technical report 50 Table D.2 Severity scales . 50 Table D.3 RISK level matrix . 51 2012 Association for the Advancement of Medical Instrumen
35、tation ANSI/AAMI/IEC TIR80001-2-1:2012 vii Glossary of equivalent standards International Standards adopted in the United States may include normative references to other International Standards. For each International Standard that has been adopted by AAMI (and ANSI), the table below gives the corr
36、esponding U.S. designation and level of equivalency to the International Standard. NOTE: Documents are sorted by international designation. The code in the US column, “(R)20xx” indicates the year the document was officially reaffirmed by AAMI. E.g., ANSI/AAMI/ISO 10993-4:2002/(R)2009 indicates that
37、10993-4, originally approved and published in 2002, was reaffirmed without change in 2009. Other normatively referenced International Standards may be under consideration for U.S. adoption by AAMI; therefore, this list should not be considered exhaustive. International designation U.S. designation E
38、quivalency IEC 60601-1:2005 ANSI/AAMI ES60601-1:2005/(R)2012 Major technical variations IEC 60601-1:2005/A1:2012 ANSI/AAMI ES60601-1:2005/A1:2012 A1 identical IEC Technical Corrigendum 1 and 2 ANSI/AAMI ES60601-1:2005/C1:2009/(R)2012 (amdt) C1 identical to Corrigendum 1 any IEC National Committee in
39、terested in the subject dealt with may participate in this preparatory work. International, governmental and non-governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for Standardization (ISO) in accordance
40、 with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international consensus of opinion on the relevant subjects since each technical committee has representation from all interest
41、ed IEC National Committees. 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC Publications is accurate, IEC cannot be held responsible
42、 for the way in which they are used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications transparently to the maximum extent possible in their national and regional publications. Any divergence betw
43、een any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity assessment services and, in some areas, access to IEC marks of co
44、nformity. IEC is not responsible for any services carried out by independent certification bodies. 6) All users should ensure that they have the latest edition of this publication. 7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and me
45、mbers of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and expenses arising out of the publication, use of, or reliance upon, this IEC Publication
46、 or any other IEC Publications. 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is indispensable for the correct application of this publication. 9) Attention is drawn to the possibility that some of the elements of this IEC Publication
47、 may be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights. The main task of IEC technical committees is to prepare International Standards. However, a technical committee may propose the publication of a technical report when it has collect
48、ed data of a different kind from that which is normally published as an International Standard, for example “state of the art“. IEC 80001-2-1, which is a technical report, has been prepared by a Joint Working Group of subcommittee 62A: Common aspects of electrical equipment used in medical practice,
49、 of IEC technical committee 62: Electrical equipment in medical practice and ISO technical committee 215: Health informatics. 2012 Association for the Advancement of Medical Instrumentation ANSI/AAMI/IEC TIR80001-2-1:2012 xiii The text of this technical report is based on the following documents: Enquiry draft Report on voting 62A/782/DTR 62A/803/RVC Full information on the voting for the approval of this technical report can be found in the report on voting indicated in the above table. This publication has been dr
