Application of risk management for IT-networks incorporating medical devices
Abstract
IEC 80001-1: 2010 recognizing that medical devices are incorporated into IT-networks to achieve desirable benefits (for example, interoperability), defines the roles, responsibilities and activities that are necessary for risk management of IT-networks incorporating medical devices to address safety, effectiveness and data and system security (the key properties). IEC 80001-1:2010 does not specify acceptable risk levels. IEC 80001-1 2010 applies after a medical device has been acquired by a responsible organization and is a candidate for incorporation into an IT-network. It applies throughout the life cycle of IT-networks incorporating medical devices. IEC 80001-1:2010 applies where there is no single medical device manufacture assuming responsibility for addressing the key properties of the IT-network incorporating a medical device. IEC 80001-1:2010 applies to responsible organizations, medical device manufactures and providers of other information technology for the purpose of risk management of an IT-network incorporating medical devices as specified by the responsible organization. It does not apply to personal use applications where the patient, operator or responsible organization are one and the same person.
The aforementioned is the actual abstract from the http://www.iso.org web site.
Risk Management means both wired and now “wireless” medical devices.
The medical device company and wireless capabilities
For the sake of discussion this will primarily discuss 802.11a/b/g/n incorporated medical devices (actually no 802.11n enabled medical devices exist today (power and MIMO issues),but this will also extend to those now starting to incorporate both GSM/CDMA (3G), and LTE (4G). Same similar type of concept; however the 3G/4G network is not internal to the hospital IT environment, but external, thus the shift of any risk to the carrier side. This is the challenge with the 3G/4G devices with medical applications, i.e. quality of service and/or security.
The vast majority of medical device companies are now moving very quickly to network enable their medical devices and shift away from proprietary radio technologies and/or networks. (Rationale, connectivity to the EMR.) First, it is not as easy as it sounds because these wireless competencies are not always present internal to those respective companies that have designed for years “stand alone” medical devices. They often simply go out and find a 802.11a/b/g embedded radio or board, write custom drivers, and then test in-house or in a limited setting for network connectivity. They may or may not know how to design the right antenna micro strip or test this device with the embedded antenna prior to deployment. However, this only one piece of the equation. They may have gone through the FCC and EMC certifications, but while this will treat the system as a “stand alone device or system”, does this really characterize how this device with the embedded WLAN radio and antenna element will operate in a real world environment (hospitals), (different multi-path situations), or under actual load situations, proximity to other RF emitters, and/or all the different security protocols beyond just WPA2? Some of this assumption is probably, well this is WIFI and it just works! The reality is each medical device company has pretty much come up with their way of conducting this internal testing; hence the reason why the industry and thus IEC 80001-1:2010 perhaps needs to validate and recognize what is considered the proper risk validation of the testing of a “wireless” and or “wired” medical device or emitter on a healthcare IT network. Integra Systems, Inc. www.integrasystems.org has been involved in many such validations of wireless enabled medical devices for prior FDA 510k submittals.
We have written the detailed test plans and test protocols to validate how the potential “wireless enabled medical device” will need to be tested, as well as actually conducting the testing. On a high level this includes conducting a predictive model of the facility to understand the RF characteristics, obtaining current network topologies, designing the proper segmentation of the network, completing spectrum analysis on site to determine the baseline of testing, conducting load testing in methodical fashion using such equipment from www.veriwave.com, testing against virtually all of the security protocols and methods used in both the wired and wireless industry and finally conducting RF proximity testing with all the various wireless emitters used in hospitals today. This ranges from microwave ovens, Zigbee, Bluetooth, WMTS, cellular (both GSM/CDMA/LTE), public safety radios, and other spurious emitters, such as 900MHz paging, and outdoor to indoor propagation. The complete combination of all this testing in a real world environment will show that the wireless enabled medical device performs as medical device intended for the described use model, based in this known and validated environment under different network loads, security protocols, and the myriad of RF emitter conditions. It should be additionally added that when testing, that actual use model needs to be taken into account. Will the device be used inside a patient room that has a bathroom (multi-path, water, metal, and/or firewall shielding the signal from reaching the access point? Will the patient be in bed with the device, or in a highly mobile environment? Will the patient with the "wireless" medical device going to radiology (lead lined rooms), or may have to be in isolation? What about the age of construction, new or old hospital construction methods? Did the prior implementation take into account the number of actual medical devices that might reside on the network for QoS? This combination of data when submitted should provide the the proper documentation prior for regulatory approval for risk mitigation and satisfy the heart and intent of the IEC 80001-1:2010 and either the initial IDE and PMA 501k.
Risk Management for IT-networks incorporating medical devices
If the medical device manufacture has followed the aforementioned best of practice, they will then have the baseline documentation necessary to create the right deployment guidelines for the intended medical device. These deployment guidelines should be able to specify the proper security, quality of service, and architecture design criteria and minimize any potential risk. Some of the recommendations for the actual deployment model in a hospital is to actually understand the complete architecture of the network. This can often be done by obtaining the network design plans, but a much more comprehensive analysis can be completed by using WaveDeploy from www.veriwave.com. Once the information is obtained in terms of network traffic, this can be combined with a predictive model from using tools from both www.motorola.com and www.ibwave.com. (Note Ibwave for 3G/4G) Combining all these data elements allow with the requirements based upon the deployment guidelines will provide the right risk management for IT – networks incorporating medical devices. Ideally, then this becomes the deployment guidelines and sign off documentation by the hospital upon the deployment of the “wireless medical device and/or devices" on the hospital IT network.
Risk Management for IT-networks incorporating medical devices – Post Deployment
The combination of all of these data elements will dictate the correct design and changes in the hospital IT network that is going to incorporate wired or wireless medical devices. While this will determine what is correct and what will operate as intended when deployed; it does not provide the sufficient level of guarantee that if the network environment changes, (i.e. new firmware updates into the AP and controller), how will this effect or not affect the operation of the wireless enabled medical device previously validated? It now simply means that there needs to be a way of understanding a feedback loop that will provide the hospital and/or medical device manufacture a way of knowing of “changes in the network”. This could be as simple setting up the right SNMP monitoring service inherent in the wired network, or off load this to a real time 24/7/365 monitoring service. If this monitoring service is enabled either in-house or perhaps an ASP model, this will follow again the intent of IEC 8001-1:2010, that is risk management for IT-networks incorporating medical devices.
SummationThe application of risk management for IT-networks incorporating medical devices demands a standardized process for testing of the medical device prior to regulatory approval, a consistent methodology for hospital deployments, and a post implementation monitoring of the integrity of network. If these steps and processes are followed; then risk should be mitigated, safety, effectiveness, and system security (the key properties), will be assured.
Download Best_Practices_for_Pre_and_Post_Deployment_Verification
Download Product_brochure