1、ANSI/AAMI/IEC TIR80001-2-4:2012Technical Information ReportApplication of risk management for IT-networks incorporating medical devices Part 2-4: General implementation guidance for healthcare delivery organizationsAn ANSI Technical Report prepared by AAMI ANSI/AAMI/IEC TIR80001-2-4:2012 Application
2、 of risk management for IT-networks incorporating medical devices Part 2-4: General implementation guidance for healthcare delivery organizations Approved 14 June 2013 by Association for the Advancement of Medical Instrumentation Approved 30 April 2013 by American National Standards Institute, Inc.
3、Abstract: This helps a RESPONSIBLE ORGANIZATION through the key decisions and steps required to establish a RISK MANAGEMENT framework, before the organization embarks on a detailed RISK ASSESSMENT of an individual instance of a MEDICAL IT-NETWORK. This Technical Report is addressed to all Healthcare
4、 Delivery Organizations. A Healthcare Delivery Organization includes hospitals, doctors offices, community care homes and clinics. It identifies a series of decision points to steer the RESPONSIBLE ORGANIZATION through the process of understanding the MEDICAL IT-NETWORK context and identifying any o
5、rganizational changes required before undertaking the RISK MANAGEMENT PROCESS identified in IEC 80001-1. Keywords: HDO, IT-networks, risk management Published by Association for the Advancement of Medical Instrumentation 4301 N. Fairfax Drive, Suite 301 Arlington, VA 22203-1633 www.aami.org 2013 by
6、the Association for the Advancement of Medical Instrumentation All Rights Reserved This publication is subject to copyright claims of ISO, ANSI, and AAMI. No part of this publication may be reproduced or distributed in any form, including an electronic retrieval system, without the prior written per
7、mission of AAMI. All requests pertaining to this document should be submitted to AAMI. It is illegal under federal law (17 U.S.C. 101, et seq.) to make copies of all or any part of this document (whether internally or externally) without the prior written permission of the Association for the Advanc
8、ement of Medical Instrumentation. Violators risk legal action, including civil and criminal penalties, and damages of $100,000 per offense. For permission regarding the use of all or any part of this document, complete the reprint request form at www.aami.org or contact AAMI, 4301 N. Fairfax Drive,
9、Suite 301, Arlington, VA 22203-1633. Phone: +1-703-525-4890; Fax: +1-703-525-1067. Printed in the United States of America ISBN 157020473X AAMI Technical Information Report A technical information report (TIR) is a publication of the Association for the Advancement of Medical Instrumentation (AAMI)
10、Standards Board that addresses a particular aspect of medical technology. Although the material presented in a TIR may need further evaluation by experts, releasing the information is valuable because the industry and the professions have an immediate need for it. A TIR differs markedly from a stand
11、ard or recommended practice, and readers should understand the differences between these documents. Standards and recommended practices are subject to a formal process of committee approval, public review, and resolution of all comments. This process of consensus is supervised by the AAMI Standards
12、Board and, in the case of American National Standards, by the American National Standards Institute. A TIR is not subject to the same formal approval process as a standard. However, a TIR is approved for distribution by a technical committee and the AAMI Standards Board. Another difference is that,
13、although both standards and TIRs are periodically reviewed, a standard must be acted onreaffirmed, revised, or withdrawnand the action formally approved usually every five years but at least every 10 years. For a TIR, AAMI consults with a technical committee about five years after the publication da
14、te (and periodically thereafter) for guidance on whether the document is still usefulthat is, to check that the information is relevant or of historical value. If the information is not useful, the TIR is removed from circulation. A TIR may be developed because it is more responsive to underlying sa
15、fety or performance issues than a standard or recommended practice, or because achieving consensus is extremely difficult or unlikely. Unlike a standard, a TIR permits the inclusion of differing viewpoints on technical issues. CAUTION NOTICE: This AAMI TIR may be revised or withdrawn at any time. Be
16、cause it addresses a rapidly evolving field or technology, readers are cautioned to ensure that they have also considered information that may be more recent than this document. All standards, recommended practices, technical information reports, and other types of technical documents developed by A
17、AMI are voluntary, and their application is solely within the discretion and professional judgment of the user of the document. Occasionally, voluntary technical documents are adopted by government regulatory agencies or procurement authorities, in which case the adopting agency is responsible for e
18、nforcement of its rules and regulations. Comments on this technical information report are invited and should be sent to AAMI, Attn: Standards Department, 4301 N. Fairfax Drive, Suite 301, Arlington, VA 22203-1633. ANSI Technical Report This AAMI TIR has been registered by the American National Stan
19、dards Institute as an ANSI Technical Report. Publication of this ANSI Technical Report has been approved by the accredited standards developer (AAMI). This document is registered as a Technical Report series of publications according to the Procedures for the Registration of Technical Reports with A
20、NSI. This document is not an American National Standard and the material contained herein is not normative in nature. Comments on this technical information report are invited and should be sent to AAMI, Attn: Standards Department, 4301 N. Fairfax Drive, Suite 301, Arlington, VA 22203-1633. Contents
21、 Page 1 Scope . 1 1.1 Purpose . 1 1.2 HEALTHCARE DELIVERY ORGANIZATION . 1 1.3 Field of application . 1 1.4 Prerequisites 1 2 Normative references 2 3 Terms and definitions 2 4 RESPONSIBLE ORGANIZATION . 7 4.1 TOP MANAGEMENT responsibilities . 7 4.2 Small RESPONSIBLE ORGANIZATION points to consider
22、7 4.3 Large RESPONSIBLE ORGANIZATION points to consider . 8 5 RISK MANAGEMENT implementation steps 8 5.1 Overview 8 5.2 Determine the clinical context within which the healthcare provision is made . 9 5.3 Establish underlying RISK framework 9 5.4 Determining and understanding a MEDICAL IT-NETWORK 10
23、 5.4.1 Performing a RISK ASSESSMENT . 10 5.4.2 MEDICAL IT-NETWORK configuration . 10 5.4.3 Development status of MEDICAL IT-NETWORK . 13 5.4.4 Manufacturer identification . 13 5.4.5 External IT and bio-medical engineering support 14 6 RESPONSIBILITY AGREEMENTS 14 Annex A (informative) MEDICAL IT-NET
24、WORK configuration examples . 15 Bibliography 20 Figure A.1 Standalone MEDICAL IT-NETWORK outside the scope of IEC 80001-1 . 16 Figure A.2 Standalone MEDICAL IT-NETWORK . 17 Figure A.3 Collaborative MEDICAL IT-NETWORK . 18 Figure A.4 Centralized MEDICAL IT-NETWORK . 19 Glossary of equivalent standar
25、ds v Committee representation . vi Background of AAMI adoption of IEC/TR 80001-2-4:2012 vii FOREWORD viiiINTRODUCTION . x 2013 Association for the Advancement of Medical Instrumentation ANSI/AAMI/IEC TIR80001-2-4:2012 v Glossary of equivalent standards International Standards adopted in the United S
26、tates may include normative references to other International Standards. AAMI maintains a current list of each International Standard that has been adopted by AAMI (and ANSI). Available on the AAMI website at the address below, this list gives the corresponding U.S. designation and level of equivale
27、ncy to the International Standard. www.aami.org/standards/glossary.pdf vi 2013 Association for the Advancement of Medical Instrumentation ANSI/AAMI/IEC TIR80001-2-4:2012 Committee representation Association for the Advancement of Medical Instrumentation Information Technology Working Group The adopt
28、ion of IEC/TR 80001-2-4 as a new AAMI/IEC Technical Information Report was initiated by the AAMI Information Technology Working Group. U.S. cochairs of AAMI/SM/WG 02, William Hintz of Medtronic, Inc. and Richard Schrenker of Massachusetts General Hospital, played an active part in developing the IEC
29、 Technical Report. At the time this document was published, the AAMI Information Technology Working Group had the following members: Cochairs: William Hintz, Medtronic Inc. WHQ Campus Richard A. Schrenker, Massachusetts General Hospital Members: John T. Collins, MSEE, American Society for Healthcare
30、 Engineering Todd Cooper, 80001 Experts (Independent Expert) Rebecca K. Crossley, CBET, Susquehanna Health System (Independent Expert) Conor Curtin, Fresenius Medical Care Renal Therapies Group Yadin David, EdD CCE PE HCSP, Biomedical Engineering Consultants LLC (Independent Expert) Karen S. Delvecc
31、hio, GE Healthcare Christina DeMur, Draeger Medical Systems Inc. Sherman Eagles, SoftwareCPR Donald J. Fournier, Draeger Medical Systems Inc. Kenneth J. Fuchs, Mindray DS USA Inc. George W. Gray, Fluidnet Corporation Thomas Grobaski, Belimed Inc. William Hintz, Medtronic Inc. WHQ Campus Yimin Li, St
32、ryker Instruments Division Marshall Magee, Welch Allyn Inc. Jared Mauldin, Integrated Medical Systems Mary Beth McDonald, St Jude Medical Inc. Tresia L. OShea, Getinge USA Geoffrey A. Pascoe, MSCCS BEE GSEC, (Independent Expert) Steven R. Rakitin, Software Quality Consulting (Independent Expert) Ter
33、rie L. Reed, MSIE, FDA/CDRH Richard A. Schrenker, Massachusetts General Hospital Bob Steurer, Spacelabs Medical Inc. Donna-Bea Tillman, PhD, (Independent Expert) Daidi Zhong, PhD, Chongqing University (Independent Expert) Alternates: James Dundon, Spacelabs Medical Inc. Brian J. Fitzgerald, Eur Ing
34、MIMM, FDA/CDRH Thomas W. Schultz, Medtronic Inc. WHQ Campus Xianyu Shea, Stryker Instruments Division Fei Wang, Fresenius Medical Care Renal Therapies Group NOTE-Participation by federal agency representatives in the development of this document does not constitute endorsement by the federal governm
35、ent or any of its agencies. 2013 Association for the Advancement of Medical Instrumentation ANSI/AAMI/IEC TIR80001-2-4:2012 vii Background of ANSI/AAMI adoption of IEC/TR 80001-2-4:2012 International technical report IEC/TR 80001-2-4:2012 was developed jointly by Sub-Committee IEC/SC 62A, Common asp
36、ects of electrical equipment used in medical practice and ISO/TC 215, Health informatics, to define the roles, responsibilities and activities that are necessary for risk management of IT-networks incorporating medical devices to address safety, effectiveness and data and system security. U.S. parti
37、cipation in this IEC SC is organized through the U.S. Technical Advisory Group for IEC/SC 62A administered by the Advanced Medical Technology Association (AdvaMed) on behalf of the American National Standards Institute. AAMI administers the International Secretariat for IEC/SC 62A on behalf of the U
38、nited States, and U.S. experts made a considerable contribution to this International Technical Report. AAMI encourages its committees to harmonize their work with International Standards in the area of risk management of information technology as it relates to medical devices. The AAMI Information
39、Technology Working Group together with the U.S. Technical Advisory Group for IEC/SC 62A, reviewed IEC/TR 80001-2-4 to formulate the U.S. position and comments while the document was being developed. This close collaboration helped gain widespread U.S. consensus on the document. As the U.S. Technical
40、 Advisory Group for IEC/SC 62A, AdvaMed granted AAMI permission to consider adoption of IEC/TR 80001-2-4 as a new AAMI Technical Information Report. Following AAMI procedures, the AAMI Information Technology Working Group voted to adopt the IEC technical report as written. AAMI (and ANSI) have adopt
41、ed other IEC and ISO documents. See the Glossary of Equivalent Standards for a list of IEC and ISO standards adopted by AAMI, which gives the corresponding U.S. designation and the level of equivalency with the IEC and ISO standard. The concepts incorporated in this technical information report shou
42、ld not be considered inflexible or static. This technical information report, like any other, must be reviewed and updated periodically to assimilate progressive technological developments. To remain relevant, it must be modified as technological advances are made and as new data comes to light. As
43、used within the context of this document, “should” indicates that among several possibilities, one is recommended as particularly suitable, without mentioning or excluding others, or that a certain course of action is preferred but not necessarily required, or that (in the negative form) a certain p
44、ossibility or course of action should be avoided but is not prohibited. “May” is used to indicate that a course of action is permissible within the limits of the technical information report. “Can” is used as a statement of possibility and capability. Finally, “must” is used only to describe “unavoi
45、dable” situations, including those mandated by government regulation. Suggestions for improving this document are invited. Comments and suggested revisions should be sent to Standards Department, AAMI, 4301 N. Fairfax Dr. Suite 301, Arlington, VA 22203-1633. NOTE- Beginning with the IEC foreword on
46、page x, this AAMI Technical Information Report is identical to IEC/TR 80001-2-4:2012. As indicated in the foreword to the main body of this document (page vii), the International Electrotechnical Commission (IEC) is a worldwide federation of national standards bodies. The United States is one of the
47、 IEC members that took an active role in the development of this technical report. viii 2013 Association for the Advancement of Medical Instrumentation ANSI/AAMI/IEC TIR80001-2-4:2012 INTERNATIONAL ELECTROTECHNICAL COMMISSION _ APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS INCORPORATING MEDICAL DEV
48、ICES Part 2-4: Application guidance General implementation guidance for healthcare delivery organizations FOREWORD 1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising all national electrotechnical committees (IEC National Committees). The
49、 object of IEC is to promote international co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with may participate in this preparatory work. Intern
