AAMI Wireless Workshop: Systems of Systems & 80001-based Risk Management ~ Herndon, VA ~ 2012.10.04 Todd Cooper Co-Chair, ISO/IEC “80001” Joint Working Group 7 Copyright © 2012, 80001 Experts, LLC. All rights reserved.
AAMI Wireless Workshop: Systems of Systems &
80001-based Risk Management
~ Herndon, VA ~ 2012.10.04
Todd Cooper Co-Chair, ISO/IEC “80001” Joint Working Group 7
Copyright © 2012, 80001 Experts, LLC. All rights reserved.
Problem?
3 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
Problem of Systems of Systems
Increasing drive toward heterogeneous networks
Increasing deployment of devices in multi-vendor / multi-modality networking environments
Increasing mix of medical device & I.T. technologies
Systems of Systems Result in …
Unanticipated Emergent Behaviors!
Wireless networks demand a solution because you can’t cable around the problem!
4 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
SAFETY: “Secondary” alarm communication failure when then entire wireless network crashes – for days – after smart pump drug libraries are pushed out … simultaneously!
EFFECTIVENESS: PBX and an entire public phone exchange used to monitor home health patients is taken down when Microsoft Office is installed on the server to read documentation … for how to configure the server!
SECURITY: “Why did that system reboot right in the middle of surgery?!” Conflicker infects systems … including medical devices … throughout the hospital when security patch application is suspended after a system actively used in surgery is updated and … resets!
Everyone … EVERYONE! … has a Story
5 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
Case Study: Application Virtualization
Situation: Hospital wants to virtualize infusion pump server
Problem: To save money, hospital allows over subscription in order to increase average utilization. For 18 months, hospital & technology providers chased intermittent system malfunctions!
Use 80001: Critical operational requirements defined
Hazards & hazardous situations identified
Risks (severity & probability) identified
Risk controls (e.g., bandwidth alerts) deployed
6 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
Case Study: “Go live” … now!
Situation: New radiology system has been acquired and is being integrated & tested
Problem: End of year is coming and management wants to meet annual goals. Top Management pushes to have the system “go live” even though the deployment processes have not been completed.
Use 80001: Organizational roles & responsibilities defined
RM Policy & Process defined
Violation of the P&P would have been identified
Executive “signs off” & assumes responsibility
7 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
Key findings: Health IT may lead to safer care and/or introduce new
safety risks Safety is a characteristic of a sociotechnical system
that includes people, process, environment, organization and technology
System-level failures occur almost always because of unforeseen combinations of component failures
Recommendations: Health care accrediting organizations should adopt
criteria relating to EHR safety. All health IT vendors should be required to publicly
register and list their products Health IT vendors should be required to adopt quality
and risk management processes Reporting of health IT– related adverse events should
be mandatory for vendors and voluntary and confidential for users.
IOM Report a “Game Changer”?
8 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
Great standard, but…
(The Washington Post “Express”, 2011.06.21, page 6)
Published 2010 November
80001-1 … 101
10 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
80001 Basics: Scope
These are the elements of 80001
11 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
80001 Basics: Scope - Networks
(IEC 80001-1:2010, Table C.1)
Regulated by the FDA
12 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
Network “key properties”
(in order of priority) SAFETY: Freedom from unacceptable risk of physical injury or
damage to the health of people or damage to property or the environment
EFFECTIVENESS: Ability to produce the intended result for the patient and
the responsible organization
DATA AND SYSTEM SECURITY: An operational state of a medical IT-Network in which
information assets (data and systems) are reasonably protected from degradation of confidentiality, integrity, and availability (+ accountability)
Note: ISO 14971 for medical devices is focused on patient safety risk management
13 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
TOP MANAGEMENT
Biomedical Engineering
area of expertise
IT area of expertise
Clinical Area of expertise
Other...
Residual Risk
Risk Management
File
MEDICAL IT-NETWORK RISK MANAGEMENT
FILE
Sub-contractorMedical
device manufacturer or provider of
other IT technology
B
ProceduresProcesses
Policies
Medical device
manufacturer or provider of
other IT technology
A
MEDICAL IT-NETWORK
RISK MANAGER
Supervises creation of
Approv
es
Prov
ides
inpu
t to
Pro
vide
s in
put t
o Provides input to
AppointsGuide activities of
Prov
ides
expe
rts to
Prov
ides
expe
rts to
Provides
experts to
Providesexperts to
The RESPONSIBLE ORGANIZATION
(IEC 80001-1:2010, Figure B.1)
Stakeholder partnerships: Healthcare Provider /
Responsible Organization Medical Device Manufacturers I.T. Technology Vendors 3rd Party Integrators Risk Management Experts …
… shared vision & mission!
Roles & Responsibilities
14 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
From Hazards to Harms
Hazard
Hazardous Situation
Harm / Unintended Consequence
Probability Severity
Risk
“potential source of harm”
“circumstances in which people, property, or the environment are exposed to one or more hazard(s)”
“physical injury or damage to the health of people, or damage to property or the environment, or reduction in effectiveness, or breach of data and system security”
“combination of the probability of occurrence of harm and the severity of that harm”
Risk Evaluation “process of comparing the estimated risk against given risk criteria to determine the acceptability of the risk”
Sequence of Events w/ Root Cause RISK
ANALYSIS
“systematic use of available information to identify hazards and to estimate the risk”
15 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
(IEC 80001-1:2010, Figure 2)
1. Hazard Identification
2. Hazardous Situations & Root Cause Analysis
3. Harm Identification + Severity Estimation
4. Harm Probability Estimation
5. Risk Acceptability Evaluation
6. Risk Control Measure ID & Residual Risk Eval.
7. RCM Implementation
8. Verify RCMs
9. RCM Risk Evaluation
10. Residual Risk Evaluation & Report
Note: Though generally sequential, these steps iterate until acceptable completeness has been achieved.
(from draft IEC 80001-2-1, Step by Step Risk Management)
10 Step RM Process
16 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
80001 Risk Management Process Identify Hazards
Loss of data Incorrect data Incorrect timing of data Degraded function of devices Unauthorized access to private data Etc…
Identify Causes Overloaded link Network configuration error Wireless dropout Network hardware failure IP Addressing conflict Security too aggressive Faulty cabling User/procedural error Etc…
Identify Risk Control Measures Network design, best practices Pre-go-live testing Redundancy IT procedures, Clinical procedures Etc…
Go Live!
80001++
18 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
80001-x: Emerging Guidance
80001-1 is just the start! Published Summer 2012 …
Technical “Guidance” Reports (TRs) in process: 80001-2-1: Step-by-Step Risk Management
(w/Examples) 80001-2-2: Communication of Medical
Device Security Needs, Risks & Controls 80001-2-3: Wireless Networking
19 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
80001-2-x: Emerging Guidance
Additional 80001 projects … (in publication!) Implementation guidance for
Healthcare Delivery Organizations Guidance for Responsibility Agreements 80001-1 & ISO/IEC 20000-1 Coordinated
Usage (+ ITIL) HDO 80001-1 Conformance Self-assessment Distributed alarm systems …
Wireless Guidance
21 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
80001-2-3 Wireless Guidance
22 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
80001-2-3 Wireless Guidance
23 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
80001-2-3 Wireless Guidance
24 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
Collaboration for Key Properties
Safe, Effective & Secure … Networked
Medical Technology
HDO Technology Suppliers
Information exchange (disclosure & dialog) focused on a shared vision…
25 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
Key Collaboration Concepts
#1 Disclosure & Dialog (D&D) Risk Assessment & Controls
information from manufacturers Design, deployment & monitoring
#2 Leverage Best Practices Networked technology management Organizational Governance Involve All Subject Matter Experts
26 ISO/IEC 80001 Symposium @ Samsung Hospital ~ Seoul ~ 2011.07.19 SoS - Risk Management & IEC 80001 @ AAMI Wireless Workshop ~ D.C.~ 2012.10.04
Example: West MGWU
Medical Grade Wireless Utility
Reference Architecture
Location Local Area Network
Wireless Local Area Network
Wireless Wide Area Network
Wireless Clinical Data Network
Room Area Network Personal Area Network
Body Area Network 802.11
Bluetooth ANT
Zigbee UWB
Future
PCS/Cellular Paging
Fire Life Safety 2 Way Radio
Future
Wireless Medical Telemetry Wireless Medical Monitoring
Future
802.11 Zigbee
IR Ultrasound
UWB RFID
Future
Assets People
Infrastructure Independence Ubiquitous coverage inside & outside
Democratize Healthcare Data Pervasive, open, low cost monitoring
Break the proprietary hold on healthcare
Clinically Relevant Information Pervasive, low cost medical sensors
Turn data into wisdom
Pervasive Clinical Apps Voice, Data, Video, Location
Created by providers via the West Wireless Health Council
www.80001Experts.com
Thank You!
Copyright © 2011, 80001 Experts, LLC. All rights reserved.