Compliance & Safety - Siemens PLM Software · Solution / Evidence Sub-Goal Sub-Goal Sub-Goal...

Compliance & Safety

Mark-Alexander SujanWarwick CSI

30/04/08 Compliance & Safety 2

What’s wrong with this equation?

Safe Medical Device #1

+ Safe Medical Device #2

= Unsafe System

(J. Goldman)


Integrated Clinical Environments

• Multi-Vendor System Integration• Plug-and-Play• Network Integration


Conformity Assessment• Regulators address standards to

manufacturers: design features & “good”process

• Manufacturer’s declaration– When risk associated with non-compliance is low

• Independent safety assessment– Conducted by third party


Audit of Healthcare Organisations

• Collects indicators of safe practices (risk management meetings held, participation in NRLS, reaction to medical device safety alerts etc)

• Focus often on financial risks


Problems with the Equation• Manufacturer is responsible for ensuring safety

based on safety requirements during design • Manufacturer has little control over how the device

will be used, and in what kind of environment• HC service provider needs to ensure that integration

of devices results in a safe system, but does not have access to manufacturer data

• Difficult to anticipate operational interactions with devices from other manufacturers and non-medical devices

• Safety of resulting system, operations, maintenancenot demonstrated


From Checklists to Goal-Based Assurance • Prescriptive standards are slow to

change• Do not easily support change &

innovation• ISO 14971 (Risk Management)• Goal-based assurance: manufacturer

needs to demonstrate that assurance goals have been met


IEC 80001

• Application of risk management for IT-networks incorporating medical devices

• Application of ISO 14971 to IT-networks• Addressed to both manufacturers and

responsible organisation


Responsibilities

• Manufacturer: – Risk management for medical device– Providing accompanying documents: safety-

related application conditions, how to integrate, relevant information from risk analysis)

• Responsible Organisation: – Appoint roles (IT Integration Risk Manager)– Risk management during integration, operation,

maintenance• Whole life-cycle risk management


Goal-Based Assurance

• How to demonstrate compliance? • How to facilitate handover of relevant

information? • How to tie together different phases of

the life-cycle?


Safety Assessment & Safety Arguments in Industry

• Demonstration of safety has a long-standing tradition in some industries

• Often introduced after major disasters– Nuclear: Three Mile Island (1979)– Off-Shore: Piper Alpha (1988)– Railways & Infrastructure: King’s Cross fire (1987),

Ladbroke Grove (1999)Build systems that are demonstrably safe


Assurance Case

An assurance case should communicate a clear, comprehensive and defensible argument that a system is acceptably dependable to operate in a particular context


Structured Assurance Cases

Goal / Claim

Solution / Evidence

Sub-Goal

Sub-Goal

Sub-Goal

Sub-Goal

Solution / Evidence

Solution / Evidence

Solution / Evidence

Safety

Standard followed

System meets acceptance criteria

Testing results

Simulationresults


Volume 2Volume 1

Top-Level Argument

Argue safety over the wholelife-cycle by showing thatrequirements have been identified and will be met throughout.

G1: Medical Device is acceptably safe in specific environmentDescription of

environment etc List of global assumptionsC

A

S

G1.1: Satisfactory set of safety requirements has been determined

G1.4: Safety requirements continue to be met

G1.2: Safety requirements are met in the design

G1.3: Safety requirements are met in operational use


G1.1: Satisfactory set of safety requirements has been determined

Relevant standards includingISO 14971 have been metand information for ROhas been specified S

G1.1.1: Relevant standards met

G1.1.2: All hazards identified and ALARP

G1.1.3: Safety-relatedapplication conditionsspecified


ISO 14971 Template Example• -> ASCE demo


Opportunities

• Integration of data and assumptions from device manufacturer and service provider by developing an argument over whole life-cycle

• Applicable for modern Integrated Healthcare Environments: – Multi-vendor integration, PnP

• Templates can facilitate conformity assessment


Challenges

• Lack of experience in Responsible Organisations

• Many devices normally do not require an assurance case but could cause harm in operation indirectly

• Complexity of managing assurance cases for large networked systems including diverse actors


Some Resources• Eurocontrol Safety Case Development Manual

– http://www.eurocontrol.int/cascade/gallery/content/public/documents/safetycasedevmanual.pdf

• Collection of Safety Cases including Eurocontrol RVSM Pre-Implementation Safety Case – http://dependability.cs.virginia.edu/info/Safety_Cases:Repository

• Railways Yellow Book (Safety Management System)– http://www.yellowbook-

rail.org.uk/site/the_yellow_book/the_yellow_book.html• Def-Stan 00-56 (Safety Management Requirements for Defence

Systems) – http://www.dstan.mod.uk/data/00/056/01000400.pdf


Some Activities• EWICS TC7 Medical Devices Sub-

Group• SAFECOMP 2008 (22 – 25 September,

Newcastle)• 3rd European Workshop on Medical

Device Safety (25 September, Newcastle)

http://www2.warwick.ac.uk/fac/med/staff/sujan/


Elements of an Assurance Case

(Kelly, 1998)


G1.2

Argument

G1.2.1 G1.2.2

Maintenance schedule

S

ASS2

A

G1.2.1.2.1 G1.2.1.2.2

S3

G1.2.1.1

S1

G1.2.1.2ASS3: Hospital Information System available & accessible A

G1: Label printeravailable

Maintenanceschedule

Backupprinter

Pharmacy:

G2: Time until drugs available <x

Automatic DispensingUnit

Manualbackup

ASS1: Pharmacy systemaccessible

A

Intensive Care:

Identify interactions that could not be predicted on the individual device level or without overarching system model.


IEC 60601-1• Medical Electrical Equipment – General

Requirements for Safety

4.2 Risk Management Process for ME Equipment or ME Systems

A RISK MANAGEMENT PROCESS complying with ISO 14971 shall be performed


Risk Management• Identify hazards (i.e. things that can go

wrong)• Define safety objectives (i.e. the

maximum permissible frequency of occurrence)

• Define safety requirements (i.e. means to prevent things from going wrong)


Possible Scenario

Consultation

Pathologylab

Medicationadministration

(source: Cambridge Consultants)

Compliance & Safety - Siemens PLM Software · Solution / Evidence Sub-Goal Sub-Goal Sub-Goal...

Documents

Transcript of Compliance & Safety - Siemens PLM Software · Solution / Evidence Sub-Goal Sub-Goal Sub-Goal...