IEC80001 and Future Ramifications for Health Systems not currently classed as Medical Devices

Traditionally a medical device is viewed as a standalone hospital system with a carefully segregated private network running on specialist bespoke equipment, managed by highly skilled medical technicians. The regulations in force implementing the Medical Devices Directive support this view. The emerging reality in the modern health organisation is a patient-centric shared electronic record, networked over the organisation’s local area network, with medical devices hanging as endpoints off that shared network and contributing to the central pool of patient data – all the time reliant on the shared network services. The IEC80001 standard has been developed to provide guidance on the measures that the medical devices community considers are required best practice in order to ensure that the integrity and safety of the interconnected medical device is not compromised. This in itself is both a laudable and pragmatic action. The question that it immediately prompts for those left with the new and very real task of ‘compliance’ with the new standards – primarily the over worked health organisation’s IT department, is ‘what impact does this have on me?’. A number of papers exist prepared from a health-system-supplier standpoint. This paper is principally focused on examining the ramifications of IEC80001 from a health organisation stand point. This paper seeks to identify the areas where a health organisation may expect to have their business-as-usual IT processes impacted, and offers a simple framework to address these challenges.