1、BSI Standards PublicationPD ISO/TR 17791:2013Health informatics Guidanceon standards for enablingsafety in health softwareCopyright British Standards Institution Provided by IHS under license with BSI - Uncontrolled Copy Not for ResaleNo reproduction or networking permitted without license from IHS-
2、,-,-PD ISO/TR 17791:2013 PUBLISHED DOCUMENTNational forewordThis Published Document is the UK implementation of ISO/TR17791:2013.The UK participation in its preparation was entrusted to TechnicalCommittee IST/35, Health informatics.A list of organizations represented on this committee can beobtained
3、 on request to its secretary.This publication does not purport to include all the necessaryprovisions of a contract. Users are responsible for its correctapplication. The British Standards Institution 2014. Published by BSI StandardsLimited 2014ISBN 978 0 580 77185 9ICS 35.240.80Compliance with a Br
4、itish Standard cannot confer immunity fromlegal obligations.This Published Document was published under the authority of theStandards Policy and Strategy Committee on 28 February 2014.Amendments issued since publicationDate Text affectedCopyright British Standards Institution Provided by IHS under l
5、icense with BSI - Uncontrolled Copy Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-PD ISO/TR 17791:2013 ISO 2013Health informatics Guidance on standards for enabling safety in health softwareInformatique de la sant Conseils sur les normes de scurit des logiciels d
6、e la santTECHNICAL REPORTISO/TR17791First edition2013-12-15Reference numberISO/TR 17791:2013(E)Copyright British Standards Institution Provided by IHS under license with BSI - Uncontrolled Copy Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-PD ISO/TR 17791:2013ISO
7、/TR 17791:2013(E)ii ISO 2013 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO 2013All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the i
8、nternet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCase postale 56 CH-1211 Geneva 20Tel. + 41 22 749 01 11Fax + 41 22 749 09 47E-mail copyrightiso.orgWeb ww
9、w.iso.orgPublished in SwitzerlandCopyright British Standards Institution Provided by IHS under license with BSI - Uncontrolled Copy Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-PD ISO/TR 17791:2013ISO/TR 17791:2013(E) ISO 2013 All rights reserved iiiContents Pag
10、eForeword ivIntroduction v1 Scope . 12 Terms and definitions . 13 Abbreviated terms 64 Health software safety 64.1 Health software safety incidents . 64.2 Health software definitions 74.3 Towards safer health software 94.4 Health software lifecycle 94.5 How standards were selected for assessment 124
11、.6 Standards assessed in this Technical Report . 134.7 Risk management basis 154.8 Human factors basis 164.9 Granularity 175 Standards assessment and guidance 175.1 Standards assessment . 175.2 Standards assessed by lifecycle applicability and software granularity 315.3 Standards assessment overlap
12、and gap analysis 335.4 Standards for enabling safety in health software Implementation and use guidance 36Annex A (informative) Patient safety benefits arising from eHealth investments 39Annex B (informative) Standards analysis from a software lifecycle perspective .40Annex C (informative) Scope inf
13、ormation of safety-relevant JTC 1 standards.44Bibliography .47Copyright British Standards Institution Provided by IHS under license with BSI - Uncontrolled Copy Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-PD ISO/TR 17791:2013ISO/TR 17791:2013(E)ForewordISO (the
14、 International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committe
15、e has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechni
16、cal standardization.The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in
17、 accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. D
18、etails of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).Any trade name used in this document is information given for the convenience of users and does not constitute an
19、 endorsement.For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary informationThe committee r
20、esponsible for this document is ISO/TC 215 Health informatics.iv ISO 2013 All rights reservedCopyright British Standards Institution Provided by IHS under license with BSI - Uncontrolled Copy Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-PD ISO/TR 17791:2013ISO/T
21、R 17791:2013(E)IntroductionImproving patient safetyPatient safety is a major and worldwide concern in healthcare. As noted in the 2010 publication of ISO/TC215 Summary Report from the Task Force on Patient Safety and Quality, more than a decade had passed since the seminal publication in 1999 of “To
22、 Err is Human: Building a Safer Health System” by the Institute of Medicine (IOM).12Since 1999, patient safety has been a consistent focus of deliberation and action at national and international levels. Best practices in patient safety have emerged with respect to reporting, root cause and risk ana
23、lysis, prevention and mitigation. These practices have informed national and global approaches to improving patient safety. Education programs, national campaigns, local hospital priorities, adverse event and incident reporting tools, risk management training and clinician safety certification progr
24、ams are all examples of ongoing efforts to foster a culture of heightened patient safety and quality improvement.This focus on patient safety has spurred investments in inter-operable electronic health record (EHR) systems and decision support capabilities such as computerized physician order entry
25、(CPOE). These investments ultimately seek to avoid if not mitigate the acknowledged occurrence of patient safety incidents due to causes such as drug-drug interactions.Health informatics can both mitigate and introduce risks to patient safetyHealth informaticsand associated e-Health systems have sig
26、nificant potential to eliminate, reduce or mitigate documented threats to patient safety and quality of care (see Annex A) and are a current focus for major investment within healthcare systems.Any major transformative technological change introduced into an industry, especially into a field as comp
27、lex and life-altering as healthcare, will have both predictable and unexpected consequences. Unintended impacts can be both positive (e.g. by fostering new opportunities for clinicians to collaborate as users working with the new technology and thereby facilitating clinical process improvements) or
28、negative (e.g. through introduction of new risks as a consequence of the design, implementation or use of the technology in busy clinical environments).While the benefits of health informatics for patient safety are increasingly accepted, there are risks of inadvertent and adverse events caused by h
29、ealth software solutions and these risks are becoming more apparent. As increasingly sophisticated health software solutions are deployed that provide higher levels of decision support and integrate patient data between systems, across organizational lines, and across the continuum of care, the pati
30、ent safety benefits increase along with the risks of software induced adverse events.Englands National Health Service (NHS) Connecting for Health IT program established a proactive safety incident management process to address software safety.3During the five year period from 2006 to 2010, 708 repor
31、ted incidents were documented and investigated. Approximately 80 % of these incidents were found to pose some risk to patient safety (see Clause 4.1).Standards enabling safety in health software developments to dateThe issue of safety in health software was first recognized within ISO/TC 215 in 2006
32、, when work began on the following: ISO/TS 25238:2007, Health informatics Classification of safety risks from health software , and ISO/TR 27809:2007, Health informatics Measures for ensuring patient safety of health software .ISO/TS 25238:2007 is targeted at the concept and requirements stages in t
33、he software lifecycle where it is necessary to understand in broad terms what a proposed systems risk class will be. While this Technical Specification includes example categories of severity and likelihood and a sample risk matrix ISO 2013 All rights reserved vCopyright British Standards Institutio
34、n Provided by IHS under license with BSI - Uncontrolled Copy Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-PD ISO/TR 17791:2013ISO/TR 17791:2013(E)that may appear to have wider applicability, it is not the intention of the TS to apply these either to the design o
35、f health software products or to the mitigation of any identified risks to acceptable levels.ISO/TR 27809:2007 provides an overview of the classification of health software products, a discussion of the options for control measures associated with such software, a reference to the risk classificatio
36、n scheme defined in ISO/TS 25238:2007, and the identification of national and international risk management standards.The medical device community has supported software standards development for many years in IEC/TC 62 Subcommittee A (Common aspects of electrical equipment used in medical practice)
37、, ISO/TC 215 (Health informatics) and ISO/TC 210 (Quality management and corresponding general aspects for medical devices). Several other ISO and IEC technical committees such as the ISO/IEC JTC 1 Subcommittee 7 (Software and systems engineering) have been developing software and systems engineerin
38、g standards since the late 1980s.The medical device standards work to date has focused on defined medical devices functionality and testing and has included standards on software as a medical device (In IEC 62304:2006, Medical device software Software life cycle processes, “software as a medical dev
39、ice” is defined as a “software system that has been developed for the purpose of being incorporated into the medical device being developed or that is intended for use as a medical device in its own right”). Key standards developed or referenced for use for safety in medical devices and medical devi
40、ce software have included: ISO 13485:2003, Medical devices Quality management systems Requirements for regulatory purposes, ISO/TR 14969:2004, Medical devices Quality management systems Guidance on the application of ISO 13485:2003, IEC 62304:2006, Medical device software Software life cycle process
41、es , ISO 14971:2007, Medical devices Application of risk management to medical devices, and IEC 80001-1:2010, Application of risk management for IT networks incorporating medical devices, Part 1 Roles, responsibilities and activities .The focus of these standards reflects the medical device industry
42、s primary interest in the pre-market (i.e. design and development) aspects of the software product lifecycle, including software and medical devices that operate on a stand-alone basis. The recent addition of IEC 80001-1 is a sign of the growing attention towards the implementation of devices within
43、 a physical network.Since the definition of what software is considered a medical device in its own right varies significantly between countries, this Technical Report provides guidance on best practices in assuring the safer development, implementation and operation of health software, irrespective
44、 of whether it is regulated as a medical device. This Technical Report examines standards that can provide useful guidance for purchasers, implementers and users, as well as for developers and manufacturers through to configuration, implementation, and ongoing use in all care settings and environmen
45、ts. The analysis and guidance provided in this Technical Report recognize that health software is increasingly implemented and operated within a complex ecosystem or sociotechnical system environment where the software is tightly integrated with other systems, technologies, infrastructure, and domai
46、ns (people, organizations and external environments) and where it also needs to be configured to support local clinical and business processes.Hence the patient safety benefits and risks associated with implementing individual software components need to be evaluated and managed within the implement
47、ing organizations infostructure context, using standards and proven processes that guide and engage both health informatics professionals and clinicians at all stages; a family of standards that enables safety in health software.Clause 4 of this Technical Report discusses the issues involved with en
48、abling safety, and provides a conceptual framework for standards assessment along with a brief description of the relevant standards.vi ISO 2013 All rights reservedCopyright British Standards Institution Provided by IHS under license with BSI - Uncontrolled Copy Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-PD ISO/TR 17791:2013ISO/TR 17791:2013(E)Clause 5 builds on this foundational framework by providing an analytical perspective for assessing which standards are most relevant for the various stages of the software lifecycle. This clause als
