Risk management for IT-networks incorporating medical devices – new BS Standard
Recognising that medical devices are incorporated into IT-networks to achieve desirable benefits (for example,
interoperability), a new Standard defines the roles, responsibilities, and activities necessary for risk management of
IT-networks incorporating medical devices to address safety, effectiveness, and data and system security. BS EN
80001-1:2011 Application of risk management for IT-networks incorporating medical devices. Roles, responsibilities and activities applies after a medical device has been acquired by a responsible organisation and is a candidate for incorporation
into an IT-network.
BS EN 80001-1 applies throughout the life cycle of IT-networks incorporating medical devices. The Standard applies where
there is no single medical device manufacturer assuming responsibility for addressing the key properties of the
IT-network incorporating a medical device. It applies to responsible organisations, medical device manufacturers, and
providers of other information technology for the purpose of risk management of an IT-network incorporating medical
devices as specified by the responsible organisation.
For many jurisdictions, design and production of medical devices is subject to regulation, and to Standards recognised
by the regulators. Traditionally, regulators direct their attention to medical device manufacturers, by requiring design
features and by requiring a documented process for design and manufacturing. Medical devices cannot be placed on the
market in these jurisdictions without evidence that those requirements have been met.
The use of the medical devices by clinical staff is also subject to regulation. Members of clinical staff have to be
appropriately trained and qualified, and are increasingly subject to defined processes designed to protect patients from
unacceptable risk.
In contrast, the incorporation of medical devices into IT-networks in the clinical environment is a less regulated area.
Until the publication of BS EN 80001-1, no Standard addressed how medical devices can be connected to IT-networks,
including general purpose IT-networks, to achieve interoperability without compromising the organisation and delivery of
health care in terms of safety, effectiveness, and data and system security.
Summarised from the BSI Healthcare and Medical Devices Newsletter June 2011.
Order BS EN 80001-1:2011 Application of risk management for IT-networks incorporating medical devices. Roles, responsibilities and activities.
You can order PDFs of BS Standards by calling 0800 782 632 during business hours or emailing enquiries@standards.co.nz.
You can read more Standards New Zealand media releases here.
ENDS