aami wireless workshop - amazon s3s3.amazonaws.com/.../cooper_aami_wirelessworkshop.pdfaami wireless...

AAMI Wireless Workshop: Systems of Systems &

80001-based Risk Management

~ Herndon, VA ~ 2012.10.04

Todd Cooper Co-Chair, ISO/IEC “80001” Joint Working Group 7

Copyright © 2012, 80001 Experts, LLC. All rights reserved.

Problem?

3 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04

Problem of Systems of Systems

Increasing drive toward heterogeneous networks

Increasing deployment of devices in multi-vendor / multi-modality networking environments

Increasing mix of medical device & I.T. technologies

Systems of Systems Result in …

Unanticipated Emergent Behaviors!

Wireless networks demand a solution because you can’t cable around the problem!


SAFETY: “Secondary” alarm communication failure when then entire wireless network crashes – for days – after smart pump drug libraries are pushed out … simultaneously!

EFFECTIVENESS: PBX and an entire public phone exchange used to monitor home health patients is taken down when Microsoft Office is installed on the server to read documentation … for how to configure the server!

SECURITY: “Why did that system reboot right in the middle of surgery?!” Conflicker infects systems … including medical devices … throughout the hospital when security patch application is suspended after a system actively used in surgery is updated and … resets!

Everyone … EVERYONE! … has a Story


Case Study: Application Virtualization

Situation: Hospital wants to virtualize infusion pump server

Problem: To save money, hospital allows over subscription in order to increase average utilization. For 18 months, hospital & technology providers chased intermittent system malfunctions!

Use 80001: Critical operational requirements defined

Hazards & hazardous situations identified

Risks (severity & probability) identified

Risk controls (e.g., bandwidth alerts) deployed


Case Study: “Go live” … now!

Situation: New radiology system has been acquired and is being integrated & tested

Problem: End of year is coming and management wants to meet annual goals. Top Management pushes to have the system “go live” even though the deployment processes have not been completed.

Use 80001: Organizational roles & responsibilities defined

RM Policy & Process defined

Violation of the P&P would have been identified

Executive “signs off” & assumes responsibility


Key findings: Health IT may lead to safer care and/or introduce new

safety risks Safety is a characteristic of a sociotechnical system

that includes people, process, environment, organization and technology

System-level failures occur almost always because of unforeseen combinations of component failures

Recommendations: Health care accrediting organizations should adopt

criteria relating to EHR safety. All health IT vendors should be required to publicly

register and list their products Health IT vendors should be required to adopt quality

and risk management processes Reporting of health IT– related adverse events should

be mandatory for vendors and voluntary and confidential for users.

IOM Report a “Game Changer”?


Great standard, but…

(The Washington Post “Express”, 2011.06.21, page 6)

Published 2010 November

80001-1 … 101


80001 Basics: Scope

These are the elements of 80001


80001 Basics: Scope - Networks

(IEC 80001-1:2010, Table C.1)

Regulated by the FDA


Network “key properties”

(in order of priority) SAFETY: Freedom from unacceptable risk of physical injury or

damage to the health of people or damage to property or the environment

EFFECTIVENESS: Ability to produce the intended result for the patient and

the responsible organization

DATA AND SYSTEM SECURITY: An operational state of a medical IT-Network in which

information assets (data and systems) are reasonably protected from degradation of confidentiality, integrity, and availability (+ accountability)

Note: ISO 14971 for medical devices is focused on patient safety risk management


TOP MANAGEMENT

Biomedical Engineering

area of expertise

IT area of expertise

Clinical Area of expertise

Other...

Residual Risk

Risk Management

File

MEDICAL IT-NETWORK RISK MANAGEMENT

FILE

Sub-contractorMedical

device manufacturer or provider of

other IT technology

B

ProceduresProcesses

Policies

Medical device

manufacturer or provider of

other IT technology

A

MEDICAL IT-NETWORK

RISK MANAGER

Supervises creation of

Approv

es

Prov

ides

inpu

t to

Pro

vide

s in

put t

o Provides input to

AppointsGuide activities of

Prov

ides

expe

rts to

Prov

ides

expe

rts to

Provides

experts to

Providesexperts to

The RESPONSIBLE ORGANIZATION

(IEC 80001-1:2010, Figure B.1)

Stakeholder partnerships: Healthcare Provider /

Responsible Organization Medical Device Manufacturers I.T. Technology Vendors 3rd Party Integrators Risk Management Experts …

… shared vision & mission!

Roles & Responsibilities


From Hazards to Harms

Hazard

Hazardous Situation

Harm / Unintended Consequence

Probability Severity

Risk

“potential source of harm”

“circumstances in which people, property, or the environment are exposed to one or more hazard(s)”

“physical injury or damage to the health of people, or damage to property or the environment, or reduction in effectiveness, or breach of data and system security”

“combination of the probability of occurrence of harm and the severity of that harm”

Risk Evaluation “process of comparing the estimated risk against given risk criteria to determine the acceptability of the risk”

Sequence of Events w/ Root Cause RISK

ANALYSIS

“systematic use of available information to identify hazards and to estimate the risk”


(IEC 80001-1:2010, Figure 2)

1. Hazard Identification

2. Hazardous Situations & Root Cause Analysis

3. Harm Identification + Severity Estimation

4. Harm Probability Estimation

5. Risk Acceptability Evaluation

6. Risk Control Measure ID & Residual Risk Eval.

7. RCM Implementation

8. Verify RCMs

9. RCM Risk Evaluation

10. Residual Risk Evaluation & Report

Note: Though generally sequential, these steps iterate until acceptable completeness has been achieved.

(from draft IEC 80001-2-1, Step by Step Risk Management)

10 Step RM Process


80001 Risk Management Process Identify Hazards

Loss of data Incorrect data Incorrect timing of data Degraded function of devices Unauthorized access to private data Etc…

Identify Causes Overloaded link Network configuration error Wireless dropout Network hardware failure IP Addressing conflict Security too aggressive Faulty cabling User/procedural error Etc…

Identify Risk Control Measures Network design, best practices Pre-go-live testing Redundancy IT procedures, Clinical procedures Etc…

Go Live!

80001++


80001-x: Emerging Guidance

80001-1 is just the start! Published Summer 2012 …

Technical “Guidance” Reports (TRs) in process: 80001-2-1: Step-by-Step Risk Management

(w/Examples) 80001-2-2: Communication of Medical

Device Security Needs, Risks & Controls 80001-2-3: Wireless Networking


80001-2-x: Emerging Guidance

Additional 80001 projects … (in publication!) Implementation guidance for

Healthcare Delivery Organizations Guidance for Responsibility Agreements 80001-1 & ISO/IEC 20000-1 Coordinated

Usage (+ ITIL) HDO 80001-1 Conformance Self-assessment Distributed alarm systems …

Wireless Guidance


80001-2-3 Wireless Guidance


Collaboration for Key Properties

Safe, Effective & Secure … Networked

Medical Technology

HDO Technology Suppliers

Information exchange (disclosure & dialog) focused on a shared vision…


Key Collaboration Concepts

#1 Disclosure & Dialog (D&D) Risk Assessment & Controls

information from manufacturers Design, deployment & monitoring

#2 Leverage Best Practices Networked technology management Organizational Governance Involve All Subject Matter Experts


Example: West MGWU

Medical Grade Wireless Utility

Reference Architecture

Location Local Area Network

Wireless Local Area Network

Wireless Wide Area Network

Wireless Clinical Data Network

Room Area Network Personal Area Network

Body Area Network 802.11

Bluetooth ANT

Zigbee UWB

Future

PCS/Cellular Paging

Fire Life Safety 2 Way Radio

Future

Wireless Medical Telemetry Wireless Medical Monitoring

Future

802.11 Zigbee

IR Ultrasound

UWB RFID

Future

Assets People

Infrastructure Independence Ubiquitous coverage inside & outside

Democratize Healthcare Data Pervasive, open, low cost monitoring

Break the proprietary hold on healthcare

Clinically Relevant Information Pervasive, low cost medical sensors

Turn data into wisdom

Pervasive Clinical Apps Voice, Data, Video, Location

Created by providers via the West Wireless Health Council

aami wireless workshop - amazon s3s3.amazonaws.com/.../cooper_aami_wirelessworkshop.pdfaami wireless...

Documents