New ISO/TR 80001-2-7 – IEC 80001-1 Compliance for HDO’s

ISO/TR 80001-2-7, “Application of risk management for IT-networks incorporating medical devices – Application guidance – Part 2-7: Guidance for Healthcare Delivery Organizations (HDOs) on how to self-assess their conformance with IEC 80001-1,” has just been released.  As part of the IEC 80001-2 series (also composed of some ISO 80001-2 documents), it helps you address the issue of risk within an IT network that includes medical devices.  It’s been written for organizations such as hospitals, managed care facilities, surgical centers, behavioral health care facilities, and the like.  It allows such facilities to self-assess to IEC 80001-1, “Application of risk management for IT-networks incorporating medical devices – Part 1: Roles, responsibilities and activities.”

Does ISO/TR 80001-2-7 have any additional requirements not included in IEC 80001-1?  No, it is used to facilitate the application of IEC 80001-1 where it has been determined to be applicable.  It contains a set of questions that you can use to assess the performance from a risk perspective of your medical IT network.  And you can tailor the approach to meet your specific needs.

For example, you can use the assessment method of Clause 4 to audit your system to determine IEC 80001-1 conformance.  Or if you already know you conform, you can still use the assessment method to judge capability issues and your risk management processes.  Further, the assessment method is flexible so that it can be modified to meet the concerns of individual HDO’s.

What’s to be gained by using an internal assessment approach?  You’ll be able to spot current risk management weakness and will have a basis for improvement.  Or you might consider using it as a first-pass assessment to which you can add more stringent requirements as you move forward.

What will you find in ISO/TR 80001-2-7?  There’s guidance for the HDO self-assessment for IEC 80001-1 of course.  You’ll also get a set of questions to help you set up your assessment process for your medical IT-network from a risk management point of view.  It also will help you define a PRM (Process Reference Model) as required by IEC 80001-1.  And you’ll be able to set up a PAM (Process Assessment Model) that meets the requirements of ISO/IEC 15504-2, “Information technology — Software process assessment — Part 2: A reference model for processes and process capability.”

What are the stages of this ISO/TR 80001-2-7 assessment method?  Here are the stages that are required:

  • 1 – Defining assessment scope
  • 2 – Stakeholder involvement
  • 3 – Information collection and evaluation
  • 4 – Generating a findings report
  • 5 – Presenting the findings report

There are also a couple of additional optional stages:

  • 6 – Improvement planning
  • 7 – Follow-up assessment

There is no doubt that the reduction of risk in a patient-care setting is essential to the minimization of costs and liability, and the improvement of patient outcomes and satisfaction that are critical in today’s changing healthcare environment.  So those of you responsible for quality in an HDO setting will want to review this timely technical report now.

Where can you get your authorized copy?  Try the Document Center webstore at www.document-center.com.  You can order ISO and IEC standards in both paper format or for pdf download.  And they are available as part of our multi-user subscription service, Standards Online.  Contact our staff by phone (650-591-7600), fax (650-591-7617) or email (info@document-center.com) for more information.

When you use Document Center Inc. you’ll not only get copies of the standards you need, you’ll get free update notification as well as access to other services that support your need for complete and correct compliance documentation.  Make us your Standards Experts!