Assessing a Hospital's Medical IT Network Risk Management Practice with 80001-1

Hegarty, Francis; MacMahon, Silvana Togneri; Byrne, Patricia; McCaffery, Fergal

doi:10.2345/0899-8205-48.1.64

Cited by 13 publications

(9 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…IT do not understand clinical workflows and BME do not understand complex networking concepts. This issue was also identified during pilot implementations of ISO TR 80001-2-7 [47]. Using a structure based on Annex SL and ISO 9001 may aid in providing a common language between BME and IT.…”

Section: Hdo Organisational Challengesmentioning

confidence: 99%

Revising IEC 80001-1: Risk management of health information technology systems

MacMahon

Cooper²,

McCaffery

2018

Computer Standards & Interfaces

Self Cite

View full text Add to dashboard Cite

IEC 80001-1 was published in 2010 and is now undergoing revision. Feedback gathered on the adoption of the standard has revealed a number of barriers that have impacted its adoption. The standard provides requirements related to the roles, responsibilities and activities that need to be performed for the risk management of medical IT networks. One reported barrier is a lack of drivers to motivate Top Management to implement the standard. In addition, there is a lack of alignment between IT and biomedical engineering departments within hopitals. Finally, the IEC 80001-1 standard was considered to be too complicated and complex to implement. This paper presents the barriers identified in the feedback and presents an approach to the revision of the standard as a process based standard following the structure outlined in ISO/IEC Directives Annex SL and aligned risk management standards as a means to overcome these barriers.

show abstract

Section: Hdo Organisational Challengesmentioning

confidence: 99%

Revising IEC 80001-1: Risk management of health information technology systems

MacMahon

Cooper²,

McCaffery

2018

Computer Standards & Interfaces

Self Cite

View full text Add to dashboard Cite

show abstract

“…Moreover, the person managing the project was only formally identified during the assessment. The IT-network risk manager role could be undertaken by personnel from clinical engineering (Hegarty et al, 2014) or clinical informatics; however neither have responsibility for the IT network. The author suggests that when there is no medical IT-network risk manager; this role should be undertaken by the IT person involved in the medical IT-network modification project.…”

Section: Risk Management Resourcesmentioning

confidence: 99%

“…The assessment showed that there was no documented risk list with corresponding risk control measures, risk relevant assets were not described and there was no system architecture diagram showing data flow. A deficit in formal risk management processes with inadequate documentation was identified by Hegarty et al (2014). The analysers and IT-network interface validation processes were formally documented.…”

Section: Documenting Risk Management Activitiesmentioning

confidence: 99%

See 1 more Smart Citation

Improving ICU risk management and patient safety

Kielty

2017

IJHCQA

View full text Add to dashboard Cite

Purpose The purpose of this paper is to describe a study which aimed to develop and validate an assessment method for the International Electrotechnical Commission (IEC) 80001-1 (IEC, 2010) standard (the Standard); raise awareness; improve medical IT-network project risk management processes; and improve intensive care unit patient safety. Design/methodology/approach An assessment method was developed and piloted. A healthcare IT-network project assessment was undertaken using a semi-structured group interview with risk management stakeholders. Participants provided feedback via a questionnaire. Descriptive statistics and thematic analysis was undertaken. Findings The assessment method was validated as fit for purpose. Participants agreed (63 per cent, n=7) that assessment questions were clear and easy to understand, and participants agreed (82 per cent, n=9) that the assessment method was appropriate. Participant's knowledge of the Standard increased and non-compliance was identified. Medical IT-network project strengths, weaknesses, opportunities and threats in the risk management processes were identified. Practical implications The study raised awareness of the Standard and enhanced risk management processes that led to improved patient safety. Study participants confirmed they would use the assessment method in future projects. Originality/value Findings add to knowledge relating to IEC 80001-1 implementation.

show abstract

“…The standard outlines the roles, responsibilities and activities to be carried out in the management of these risks. However, HDOs face challenges when implementing the requirements of this standard . These challenges include the following: HDOs vary in size and in terms of the capability of their risk management processes HDOs provide care in different regulatory environments meaning that the implementation of the requirements of the standard will vary depending on the regulation of the region in which the HDO provides care. Effective performance of risk management activities requires interaction between different stakeholder groups to understand the context of the HDO and manage identified risks accordingly . HDOs may be unprepared for the organisational changes that are required to facilitate this level of interaction among stakeholders who typically operate in silos . …”

Section: Introductionmentioning

confidence: 99%

The MedITNet assessment framework: development and validation of a framework for improving risk management of medical IT networks

MacMahon

McCaffery

Keenan

2016

J Software Evolu Process

Self Cite

View full text Add to dashboard Cite

Medical devices are increasingly designed for incorporation into a hospital's IT network allowing devices to exchange critical information. However, connecting devices in this way can introduce risks potentially negating the benefits to patients. While the IEC 80001-1 standard has been developed to aid Healthcare Delivery Organisations (HDOs) in addressing these risks, HDOs often struggle to understand and implement the requirements. The MedITNet framework has been developed to allow HDOs to assess the capability of their risk management processes against the requirements of IEC 80001-1. MedITNet provides a flexible assessment framework enabling HDOs to gain a understanding of the requirements of the standard and to improve risk management processes by determining their current state and highlighting areas for improvement. This paper examines the challenges faced by HDOs in the risk management of medical IT networks and explains the components of the MedITNet framework and how the framework addresses these challenges. The use of Action Design Research (ADR) in the development and validation of MedITNet are also discussed focusing on a pilot implementation of the assessment method and expert review of the overall framework. The changes to the framework and its components as a result of the validation process are also discussed.

show abstract

Assessing a Hospital's Medical IT Network Risk Management Practice with 80001-1

Cited by 13 publications

References 3 publications

Revising IEC 80001-1: Risk management of health information technology systems

Revising IEC 80001-1: Risk management of health information technology systems

Improving ICU risk management and patient safety

The MedITNet assessment framework: development and validation of a framework for improving risk management of medical IT networks

Contact Info

Product

Resources

About