Revising IEC 80001-1: Risk management of health information technology systems

MacMahon, Silvana Togneri; Cooper, Todd; McCaffery, Fergal

doi:10.1016/j.csi.2018.04.013

Cited by 12 publications

(11 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A PRM and a PAM have been developed enabling risk management improvement. Healthcare Delivery Organizations can assess risk management process capability considering the requirements of IEC 80000‐1 which is the application of risk management to IT‐networks . This risk management life cycle process model provides specific risk management processes in the medical sector.…”

Section: Related Workmentioning

confidence: 99%

“…Healthcare Delivery Organizations can assess risk management process capability considering the requirements of IEC 80000-1 which is the application of risk management to IT-networks. 43 This risk management life cycle process model provides specific risk management processes in the medical sector. After some feedback on the barriers preventing the adoption of the standard, a new approach for simplifying the standard usage has been proposed for its revision.…”

Section: Developed the Prorisk Managementmentioning

confidence: 99%

See 1 more Smart Citation

ISO 31000‐based integrated risk management process assessment model for IT organizations

Barafort

Mesquida

Mas

2018

J Software Evolu Process

View full text Add to dashboard Cite

Governance, Risk management, and Compliance activities are key challenges faced by organizations. Process Models and Capability Process Assessments are governance instruments that can help organization in assessing and improving their processes. Several ISO standards propose process models for Management System Standards based on ISO 9001, ISO/IEC 20000‐1, and ISO/IEC 27001, and for project management with ISO 21500. The ISO 31000 standard provides guidance for Risk management with a process approach and systemic perspective. This paper presents an ISO 31000‐based Integrated Risk Management Process Assessment Model (PAM) for IT organizations enabling to integrate on an easy way several ISO process‐oriented standards which are often targeted by IT organizations. This PAM integrates risk management dimensions with ISO 9001, ISO 21500, ISO/IEC 20000‐1, and ISO/IEC 27001. It offers a centralized and integrated risk management approach which provides the basis to improve, coordinate, and interoperate risk management activities.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Developed the Prorisk Managementmentioning

confidence: 99%

ISO 31000‐based integrated risk management process assessment model for IT organizations

Barafort

Mesquida

Mas

2018

J Software Evolu Process

View full text Add to dashboard Cite

show abstract

“…Lack of trained staff, responsibilities, budget, and management support Literature [25][26][27][28][29][30][31][32][33][34] The existing standards are too complex and complicated to implement Literature [27,30,[35][36][37] Limited knowledge about market-specific regulatory requirements, security standards, and policies…”

Section: Challenges Sourcesmentioning

confidence: 99%

Towards Design and Development of a Data Security and Privacy Risk Management Framework for WBAN Based Healthcare Applications

Paul

Loane

McCaffery

et al. 2021

ASI

Self Cite

View full text Add to dashboard Cite

Assuring security and privacy of data is a key challenge for organizations when developing WBAN applications. The reasons for this challenge include (i) developers have limited knowledge of market-specific regulatory requirements and security standards, and (ii) there are a vast number of security controls with insufficient implementation detail. To address these challenges, we have developed a WBAN data security and privacy risk management framework. The goal of this paper is trifold. First, we present the methodology used to develop the framework. The framework was developed by considering recommendations from legislation and standards. Second, we present the findings from an initial validation of the framework’s usability and effectiveness of the security and privacy controls. Finally, we present an updated version of the framework and explain how it addresses the aforementioned challenges.

show abstract

“…It is also reported that BMEs do not understand complex networking concepts. They "do not speak the same language" [12]. [13].…”

Section: B Implementation and Adoption Challengesmentioning

confidence: 99%

Improving Communication in Risk Management of Health Information Technology Systems by means of Medical Text Simplification

MacMahon

Alfano

Lenzitti

et al. 2019

2019 IEEE Symposium on Computers and Communications (ISCC)

Self Cite

View full text Add to dashboard Cite

Health Information Technology Systems (HITS) are increasingly used to improve the quality of patient care while reducing costs. These systems have been developed in response to the changing models of care to an ongoing relationship between patient and care team, supported by the use of technology due to the increased instance of chronic disease. However, the use of HITS may increase the risk to patient safety and security. While standards can be used to address and manage these risks, significant communication problems exist between experts working in different departments. These departments operate in silos often leading to communication breakdowns. For example, risk management stakeholders who are not clinicians may struggle to understand, define and manage risks associated with these systems when talking to medical professionals as they do not understand medical terminology or the associated care processes. In order to overcome this communication problem, we propose the use of the "Three Amigos" approach together with the use of the SIMPLE tool that has been developed to assist patients in understanding medical terms. This paper examines how the "Three Amigos" approach and the SIMPLE tool can be used to improve estimation of severity of risk by non-clinical risk management stakeholders and provides a practical example of their use in a ten step risk management process

show abstract

Revising IEC 80001-1: Risk management of health information technology systems

Cited by 12 publications

References 11 publications

ISO 31000‐based integrated risk management process assessment model for IT organizations

ISO 31000‐based integrated risk management process assessment model for IT organizations

Towards Design and Development of a Data Security and Privacy Risk Management Framework for WBAN Based Healthcare Applications

Improving Communication in Risk Management of Health Information Technology Systems by means of Medical Text Simplification

Contact Info

Product

Resources

About