Transcript Impacts of 80001-1 on IT industries providing medical

Benefits of IEC 80001-1 and introduction into new EN 14971:2012
Dr. Jürgen Stettin
CEO Prosystem AG / Prosystem USA LLC
Beim Strohhause 27
20097 Hamburg
phone
web
+ 49 40 47 10 36 19
www.prosystem-ag.com
Software Recalls in the US (03/06/2012)
200
150
100
50
0
2004
2005
2006
2007
2008
2009
Prof. Dr. Jürgen Stettin
Jahr
2010
2011
2
Is this a medical device?
Who is responsible for the components?
?
Telecommunications
-provider
?
Manufacturer
Telecommunications
-provider
Manufacturer
Hospital
Manufacturer
Examples for the benefits of an IEC 80001 compliant network
•
•
•
•
•
•
Change Management
Event Management
Managing Responsibilities
Increased Performance
Verification & Validation Evidence
Process-oriented Management
16.07.2015
[email protected]
5
Change Management – Planing bevor doing
•
•
Changes are well planned and will not effect the Key Porperties of the
network
E.g. Network switch need an upgrade prior to the change

Patient Monitor
Digital X-ray
Without
With
Change Management
PACS - Server
16.07.2015
[email protected]
6
Event Management - Proactive response to Events
×
×
× × ×
Workstation
Workstation
Hospital
IT-Network
HIS- Server
PACS - Server
Diagnostic Workstation
16.07.2015
[email protected]
7
Clearly defined responsibilities
Responsible organisation
IT engineering
Medical engineering
Purchase & contract
management
Service & maintenance
Manufacturer
16.07.2015
[email protected]
8
Networks with improved performance
Radiology - Network






Workstation
Digital X-ray
16.07.2015
Ambulance Network
[email protected]
9
Verified & Validated Medical IT-Networks
before
after
Test Specification
Digital X-ray

PACS - Server
Diagnostic Workstation
Test Report
16.07.2015
[email protected]
10
Process-oriented Management of Networks
Change
Management
Continous
Monitoring
Network
Properties
Contract
Management
Risk
Management
Event
management
Configuration
Management
16.07.2015
[email protected]
11
New Standard: IEC 82304
IEC 82304-1 Healthcare
Software Systems
IEC 62304 Medical device
software life cycle
processes
IEC 60601-1 Medical
IEC 60601-1 Medical
IECelectrical
60601-1equip.
Medical
IECelectrical
60601-1equip
Medical
electrical equip
ISO 14708 electrical
Active equip
implantables
Prof. Dr. Jürgen Stettin
12
Changes in EN 14971:2012
Prof. Dr. Jürgen Stettin
13
• The European Commission has released a list of Harmonized Standards
on 08/30/2012. In this list are EN 14971:2012 und EN 13485:2012
• The European approach that the assumption is that you fulfill the
„Essential Requirements“ is limited in the amendments ZA, ZB und ZC
EN 14971 und EN 13485.
• There is no transition period. The changes are in effect from 09/01/2012
Prof. Dr. Jürgen Stettin
14
Risk reduction "as far as possible" versus "as low as
reasonably practicable"
a) ISO 14971 contains the concept of reducing risks "as low as
reasonably practicable" (ALARP concept). The ALARP concept contains an
element of economic consideration.
b) However, the Directive 93/42/EEC and various particular Essential
Requirements require risks to be reduced "as far as possible" without there
being room for economic considerations.
c) Accordingly, manufacturers and Notified Bodies may not apply the ALARP
concept with regard to economic considerations.
Prof. Dr. Jürgen Stettin
15
The Riskgraph
Probability of occurence
high
Probability of occurence
low
Severity
low
Severity high
non-acceptable risk
ALARP (As Low As Reasonable Practicable)
acceptable risk
16
The Riskgraph
Probability of occurence
high
Probability of occurence
low
Severity
low
Severity high
non-acceptable risk
ALARP (As Low As Reasonable Practicable)
acceptable risk
17
Discretionary power of manufacturers as to the acceptability of
risks
a) ISO 14971 seems to imply that manufacturers have the freedom to decide
upon the threshold for risk acceptability and that only non-acceptable
risks have to be integrated into the overall risk-benefit analysis.
b) However, Medical Device Directive requires that all risks have to be
reduced as far as possible.
c) Accordingly, the manufacturer may not apply any criteria of risk
acceptability prior to applying MDD
Prof. Dr. Jürgen Stettin
18
The Riskgraph
Probability of occurence
high
Probability of occurence
low
Severity
low
Severity high
non-acceptable risk
ALARP (As Low As Reasonable Practicable)
acceptable risk
19
Treatment of negligible risks:
1. According to ISO 14971, the manufacturer may discard negligible risks
2. However, Directive 93/42/EEC requires that all risks, regardless of their dimension,
need to be reduced as much as possible and need to be balanced, together with all
other risks, against the benefit of the device.
3. Accordingly, the manufacturer must take all risks into account when assessing
Directive 93/42/EEC.
Prof. Dr. Jürgen Stettin
20
The Riskgraph
Probability of occurence
high
Probability of occurence
low
Severity
low
Severity high
non-acceptable risk
ALARP (As Low As Reasonable Practicable)
acceptable risk
21
Deviation as to the first risk control option
1. ISO 14971 obliges the manufacturer to "use one or more of the following
risk control options in the priority order listed: (a) inherent safety by
design …" without determining what is meant by this term.
2. However, Directive 93/42/EEC requires to "eliminate or reduce risks as far
as possible (inherently safe design and construction)".
3. Accordingly, as the Directive is more precise than the standard,
manufacturers must apply the former and cannot rely purely on the
application of the standard.
Prof. Dr. Jürgen Stettin
22
Information of the users influencing the residual risk
1. The residual risk is in ISO 14971 defined as the risk remaining after
application of the risk control measures.
2. However, Directive 93/42/EEC says that users shall be informed about the
residual risks. This indicates that, according to Directive 93/42/EEC and
contrary to the concept of the standard, the information given to the users
does not reduce the (residual) risk any further.
3. Accordingly, manufacturers shall not attribute any additional risk reduction
to the information given to the users.
Prof. Dr. Jürgen Stettin
23
Thank you for your attention
Questions?
24