DIN EN 80001
Include application of risk management for IT-networks that medical devices
Medical IT networks are a necessary pre-condition for efficient patient care in hospitals, telemedicine- and medical centres. Interlinking of medical devices with the "general IT" is playing an increasingly important role in these health facilities. Nowadays, medical devices must be more and more integrated into higher-level IT networks in order to be able to use data both clinical wide, as well as cross company borders for telemedicine applications. With an increasing interlinking and integration of different IT systems, also caused by the integration of different manufacturers, in a group of information the risk of incidents rises. Accordingly a very high value is to be portioned out to the proper and conform operation of medical facilities, including all accompanying IT infrastructures.
To be able to reduce risks from interlinking of medical systems with IT networks and to create clear responsibility structures between the clinic-operator, the manufacturer of medical devices and the IT-network provider, the DIN EN 80001 was brought to life.
Essential key elements of this norm are the weighting of safety goalswith regard to the safety of patients, users and third; the guarantee of actual / effective health measures and the data as well as the system security concerning confidentiality, availability and correctness. Other aspects are the implementation of a risk management process and the integration of medical devices into an IT network, considering effective protection goals. Additionally it should be noted that existing residual risks are consciously accepted by the top management, based on clear values and should documented.
The implementation of the norm should be initiated early on. A first step towards the DIN EN 80001 is the establishment of a risk management process on the IT network. Then within the scope of the continuous improvement, this process can be extended to medical devices. Another approach is the possibility to treat and certify individual units, e.g. the operating room or particularly critical processes, such as the emergency room separately.
The certification of IT structures in health facilities can make an efficient contribution to align the clinic, telemedicine centres and medical centres on the observance of the legal and normative demands, to ensure the ability to make decisions on complex connections through a systematic approach to risk management and to meet the requirements for safety of medical IT networks.
As a certification body for medical devices and quality management systems DQS MED as a competent partner is at your disposal for auditing of IT security and data protection.