There’s a lot of interest these days in providing security for the data components of medical devices, especially those linked into a network. Back in 2010, the IEC 80001-1 provided you with guidance on how to set up the various roles and responsibilities inherent in such networks. Now the new ISO/TR 80001-2-6 helps you implement the agreements that define them. Titled “Application of risk management for IT-networks incorporating medical devices – Part 2-6: Application guidance – Guidance for responsibility agreements,” this new Technical Report supports compliance that may be required in your situation.
Why would such a document be of use to you? For the patient, medical devices represent a partnership between the medical device manufacturer and the clinical setting in which the device is used. Thus it is essential for all parties involved in providing care that includes networked devices to have a clear understanding of the dependency of the device on the network. This includes medical staff at any given facility. Some examples of issues that could affect device performance include upgrades to a given network. Or perhaps it might be the addition of a new piece of equipment to a network that might affect software versions. So it is essential to have change control procedures to minimize that risk. And that means a clear understanding of who’s responsible for what!
Since the report is in support of IEC 80001-1, it is formatted based on that earlier publication. Your sections include the usual scope, referenced documents and definitions clauses. Then the ISO 80001-2-6 dives into the key aspects of responsibility agreements, including the reasons to have them, participants and types of agreements you might find useful. Section 5 expands the requirements of subclause 4.3.4 of the IEC standard, giving you additional detailed information on a line-by-line basis. And the 2 Annexes cover the development of an RACI (Responsible, Accountable, Consulted, Informed) chart and a chart with the various types of documentation you’d expect to be provided by medical device manufacturers and IT suppliers.
Using a standard like the ISO/TR 80001-2-6 can save you time and trouble in developing your plan, and give you the support you need for compliance to the IEC 80001-1 if required. You’ll need a copy and you’ll want to purchase it from an authorized dealer. You can rely on Document Center Inc. to supply you with copies in paper format, for pdf download or for multi-user access as part of our Standards Online subscription service. Order at our webstore (www.document-center.com) or contact our staff by phone (650-591-7600), fax (650-591-7617) or email (info@document-center.com). Remember, we’re your Standards Experts!
