mdd and medical information systems software as medical device heikki teriö, ph.d. department of...
TRANSCRIPT
MDD and Medical Information SystemsMDD and Medical Information Systemssoftware as medical devicesoftware as medical device
Heikki Teriö, Ph.D.Heikki Teriö, Ph.D.Department of Clinical EngineeringDepartment of Clinical Engineering
is a system which records information from a patient and connects it through a network to a
server, data base etc.
Medical Information Data Systems
MIDS
Medical Information Data SystemsMIDS
Medical Information Data Systems
Medical Information Data Systems
Responsibility for IT-systemsin patient environment in co-operation with IT- organisation
e.g. Roentgen, PACS, CT, Digital storage, PDMS Ultrasound systems
Medical Information Data Systems
Investigation room
Control room Reception
Work stationRIS
8 Heikki Terio, 2009-05-08
Medical Information Data Systems
Medical Information Data Systems
Comments in January 2007Comments in January 2007
PDMS/Clinisoft-Centricity is not today a completed system, but a system under development by the supplier.
PDMS and its all system parts have no written classification by authorities (Medical Product Agency and National Board for Health Welfare). Therefore, the Administration to be set up should work in a project.
There should also be a crystal clear improvement of the support agreement with GE. MT can by all means continue to monitor the PDMS application and processes via Patrol as today.
Last but not least, a System Management must be set up with all the necessary roles and managing elements according to SLL and Karolinska, management model. Both IT and MT are included as service and product providers (management elements).
ChallengesChallenges
110 Workstations (mix of ordinary and medical PC)150 Office clients for care planning and consultation
Proposal to share the supportProposal to share the support
ChallengesChallenges
Safety
ME
Care
Patient
Net work
Soft ware
ITConfidentiality
Integrity
Availability
Accountability
To retrieve physiological data or to control the function of medical devices, IT-systems and software have obtained more crucial importance for the treatment and care of an individual patient.
ChallengesChallenges
These systems are often even life supporting.
Shortcomings and defects in the software can constitute a risk of harm to the patient.
ChallengesChallenges
Quite often the servers and databases used in MIDS are not of the latest design. This means that one has to use operative systems that are not approved by the IT-department.
The manufacture can also demand that the database is installed on a separate physical server.
In all cases it is required that verified and validated anti-virus software is used. Likewise, the patches used must be verified and validated for the application software.
ChallengesChallenges
Different actors are involved in patient care where Medical Equipment and IT is included
Locally at the hospital
Regionally between the hospitals
Nationally/Internationally between the centres of excellence
The use of MIDS increases the requirements for higher competence for those who handle these systems.
It is also necessary to develop the co-operation between clinical engineers and IT-engineers.
SolutionsSolutions
The Guidelines give a proposal for national requirements for competence that engineers working with MIDS should have and also for co-operation between Clinical Engineering (CED) and IT departments in order to fulfill the demands that directives and legislation state.
The Swedish Society for
Medical Engineering and Medical Physics
have published Guidelines for MIDS in September 2008
http://www.mtf.nu/MIDS_Rapport_Eng_2008_web.pdf
SolutionsSolutionsClassification of computers used in MIDS make it easier to point out who is responsible for the support.
All the computers, no matter if it is a thin client, server or workstation, have been divided in three main classes:
• ordinary computer with standard configuration,
• ordinary computer with standard configuration, but with a medical application, and
• medical device with configuration in accordance of the regulations.
SolutionsSolutions
Special MIDS-domains are created for the clients and servers at larger hospitals.
In smaller hospitals Organizational Units in Microsoft Active Directory environment can be used.
CED is proposed to be responsible for the MIDS-domain or the AD-environment for MIDS, whereas the IT-organization would be responsible for the general IT-infrastructure in the hospital.
SolutionsSolutions
To increase the safety when using MIDS, segmented network with Access Control List are used.
Also labeling of the cables and workstations/clients are used in order to separate MIDS and ordinary IT-systems.
The cables used for MIDS are proposed to be green and for the IT-systems white. The labeling of the computers should follow the same convention.
Why is the MPA interested?Why is the MPA interested?
We see an increasing number of incident reports involving Medical Information Systems
and
We receive many qualification and classification questions regarding these systems
Most Medical Information Systems are now unregulated.
The definition of a MDThe definition of a MD
‘medical device’ means any instrument, apparatus, appliance, software, material or other article, whether used alone or in combination, including the software intended by its manufacturer to be used specifically for diagnostic and/or therapeutic purposes and necessary for its proper application, intended by the manufacturer to be used for human beings for the purpose of:
— diagnosis, prevention, monitoring, treatment or alleviation of disease,— diagnosis, monitoring, treatment, alleviation of or compensation for an injury or handicap,— investigation, replacement or modification of the anatomy or of a physiological process,…
Valid March 21,2010!
The task given to the SE groupThe task given to the SE group
to identify:
• what kind of software systems would be of concern and why• regulations that may be applied• standards that may be applied
discuss
• how to interpret the definition of a Medical Device• Medical Devices classification rules that may be applied• terms and nomenclature that can be useful at, for instance, procurement
of systems
suggest
• possible need for follow up and handling of systems where safety is of importance although the device is not regarded as a medical device.
Swedish positionSwedish stakeholders have agreed that the items in the previous picture are the
main issues
Consensus has been reached among SE stakeholders that
• Medical Information Systems that match the definition of a MD should be classified as Medical Devices
• the MDD verification methods have to be clarified for medical device software, particularly for classes IIa and IIb.
The SE report is available on
• http://www.lakemedelsverket.se/english/product/Medical-devices//
OTS software used in combination with OTS software used in combination with Medical Device softwareMedical Device software
Off the shelf (OTS), non medical device software, like MS Windows, are often used in combination with Medical Device software
The safe function of the Medical Device may be dependent on non medical devices
The manufacturer is responsible for the entire combination of software (the product)!
Use of software- based Medical devices in Use of software- based Medical devices in complex environmentscomplex environments
Connection to data networks give rise to new questions
• The manufacturers risk management plan has to address how the network environment can affect the application
Some critical systems might have to stay disconnected from data networks!
Wrap upWrap up
The responsibility for the safe and correct function for a Medical device is with the manufacturer
• this is true as long as the product is used according to the intended purpose.
Thank you for your attentionThank you for your attention