Compliance & Safety - Siemens PLM Software · Solution / Evidence Sub-Goal Sub-Goal Sub-Goal...
Transcript of Compliance & Safety - Siemens PLM Software · Solution / Evidence Sub-Goal Sub-Goal Sub-Goal...
30/04/08 Compliance & Safety 2
What’s wrong with this equation?
Safe Medical Device #1
+ Safe Medical Device #2
= Unsafe System
(J. Goldman)
30/04/08 Compliance & Safety 3
Integrated Clinical Environments
• Multi-Vendor System Integration• Plug-and-Play• Network Integration
30/04/08 Compliance & Safety 4
Conformity Assessment• Regulators address standards to
manufacturers: design features & “good”process
• Manufacturer’s declaration– When risk associated with non-compliance is low
• Independent safety assessment– Conducted by third party
30/04/08 Compliance & Safety 5
Audit of Healthcare Organisations
• Collects indicators of safe practices (risk management meetings held, participation in NRLS, reaction to medical device safety alerts etc)
• Focus often on financial risks
30/04/08 Compliance & Safety 6
Problems with the Equation• Manufacturer is responsible for ensuring safety
based on safety requirements during design • Manufacturer has little control over how the device
will be used, and in what kind of environment• HC service provider needs to ensure that integration
of devices results in a safe system, but does not have access to manufacturer data
• Difficult to anticipate operational interactions with devices from other manufacturers and non-medical devices
• Safety of resulting system, operations, maintenancenot demonstrated
30/04/08 Compliance & Safety 7
From Checklists to Goal-Based Assurance • Prescriptive standards are slow to
change• Do not easily support change &
innovation• ISO 14971 (Risk Management)• Goal-based assurance: manufacturer
needs to demonstrate that assurance goals have been met
30/04/08 Compliance & Safety 8
IEC 80001
• Application of risk management for IT-networks incorporating medical devices
• Application of ISO 14971 to IT-networks• Addressed to both manufacturers and
responsible organisation
30/04/08 Compliance & Safety 9
Responsibilities
• Manufacturer: – Risk management for medical device– Providing accompanying documents: safety-
related application conditions, how to integrate, relevant information from risk analysis)
• Responsible Organisation: – Appoint roles (IT Integration Risk Manager)– Risk management during integration, operation,
maintenance• Whole life-cycle risk management
30/04/08 Compliance & Safety 10
Goal-Based Assurance
• How to demonstrate compliance? • How to facilitate handover of relevant
information? • How to tie together different phases of
the life-cycle?
30/04/08 Compliance & Safety 11
Safety Assessment & Safety Arguments in Industry
• Demonstration of safety has a long-standing tradition in some industries
• Often introduced after major disasters– Nuclear: Three Mile Island (1979)– Off-Shore: Piper Alpha (1988)– Railways & Infrastructure: King’s Cross fire (1987),
Ladbroke Grove (1999)Build systems that are demonstrably safe
30/04/08 Compliance & Safety 12
Assurance Case
An assurance case should communicate a clear, comprehensive and defensible argument that a system is acceptably dependable to operate in a particular context
30/04/08 Compliance & Safety 13
Structured Assurance Cases
Goal / Claim
Solution / Evidence
Sub-Goal
Sub-Goal
Sub-Goal
Sub-Goal
Solution / Evidence
Solution / Evidence
Solution / Evidence
Safety
Standard followed
System meets acceptance criteria
Testing results
Simulationresults
30/04/08 Compliance & Safety 14
Volume 2Volume 1
Top-Level Argument
Argue safety over the wholelife-cycle by showing thatrequirements have been identified and will be met throughout.
G1: Medical Device is acceptably safe in specific environmentDescription of
environment etc List of global assumptionsC
A
S
G1.1: Satisfactory set of safety requirements has been determined
G1.4: Safety requirements continue to be met
G1.2: Safety requirements are met in the design
G1.3: Safety requirements are met in operational use
30/04/08 Compliance & Safety 15
G1.1: Satisfactory set of safety requirements has been determined
Relevant standards includingISO 14971 have been metand information for ROhas been specified S
G1.1.1: Relevant standards met
G1.1.2: All hazards identified and ALARP
G1.1.3: Safety-relatedapplication conditionsspecified
30/04/08 Compliance & Safety 17
Opportunities
• Integration of data and assumptions from device manufacturer and service provider by developing an argument over whole life-cycle
• Applicable for modern Integrated Healthcare Environments: – Multi-vendor integration, PnP
• Templates can facilitate conformity assessment
30/04/08 Compliance & Safety 18
Challenges
• Lack of experience in Responsible Organisations
• Many devices normally do not require an assurance case but could cause harm in operation indirectly
• Complexity of managing assurance cases for large networked systems including diverse actors
30/04/08 Compliance & Safety 19
Some Resources• Eurocontrol Safety Case Development Manual
– http://www.eurocontrol.int/cascade/gallery/content/public/documents/safetycasedevmanual.pdf
• Collection of Safety Cases including Eurocontrol RVSM Pre-Implementation Safety Case – http://dependability.cs.virginia.edu/info/Safety_Cases:Repository
• Railways Yellow Book (Safety Management System)– http://www.yellowbook-
rail.org.uk/site/the_yellow_book/the_yellow_book.html• Def-Stan 00-56 (Safety Management Requirements for Defence
Systems) – http://www.dstan.mod.uk/data/00/056/01000400.pdf
30/04/08 Compliance & Safety 20
Some Activities• EWICS TC7 Medical Devices Sub-
Group• SAFECOMP 2008 (22 – 25 September,
Newcastle)• 3rd European Workshop on Medical
Device Safety (25 September, Newcastle)
http://www2.warwick.ac.uk/fac/med/staff/sujan/
30/04/08 Compliance & Safety 23
G1.2
Argument
G1.2.1 G1.2.2
Maintenance schedule
S
ASS2
A
G1.2.1.2.1 G1.2.1.2.2
S3
G1.2.1.1
S1
G1.2.1.2ASS3: Hospital Information System available & accessible A
G1: Label printeravailable
Maintenanceschedule
Backupprinter
Pharmacy:
G2: Time until drugs available <x
Automatic DispensingUnit
Manualbackup
ASS1: Pharmacy systemaccessible
A
Intensive Care:
Identify interactions that could not be predicted on the individual device level or without overarching system model.
30/04/08 Compliance & Safety 24
IEC 60601-1• Medical Electrical Equipment – General
Requirements for Safety
4.2 Risk Management Process for ME Equipment or ME Systems
A RISK MANAGEMENT PROCESS complying with ISO 14971 shall be performed
30/04/08 Compliance & Safety 25
Risk Management• Identify hazards (i.e. things that can go
wrong)• Define safety objectives (i.e. the
maximum permissible frequency of occurrence)
• Define safety requirements (i.e. means to prevent things from going wrong)