AAMI 80001-GS:2011— Getting Started With IEC 80001

Medical errors occur far too frequently: over 7 million American patients are impacted by medical errors each year; there are 7,000 to 9,000 Americans who die from medical errors every year; and approximately 530,000 injury incidents occur yearly in outpatient clinics due to medication errors. Risk management strategies identify areas prone to error and establish safeguards to prevent them from occurring. This helps protect patients as well as to improve overall healthcare outcomes. AAMI 80001-GS:2011— Getting Started With IEC 80001 provides the basis for healthcare providers to establish their own risk management policies and processes, and apply it to their own unique circumstances and needs.

Health Information Technology (HIT) Benefits and Risks

Health information technology (HIT) refers to the electronic systems health care professionals—and increasingly, patients—use to store, share, and analyze health information. The end-users of this technology include not only patients, physicians, and other front-line healthcare providers, but also medical researchers, healthcare insurance companies, public health agencies, regulatory and quality assurance entities, pharmaceutical and medical device corporations, and various levels of government.

The primary benefits of health information technology (HIT) include improved patient safety, quality of care, and clinical workflow efficiency. Reliance on HIT supports and enhances healthcare delivery around the world; however, it has risks, such as physical injury or damage to the health of a patient or a breach of data and system security. The risks inherent in treating patients are well understood by healthcare delivery organizations (HDOs) and clinicians, but AAMI 80001-GS:2011 notes that extending consideration of the causes of risks to the network infrastructure that provides tools to support care is often overlooked.

What Is AAMI 80001-GS?

AAMI 80001-GS:2011 provides essential information for healthcare providers managing medical IT Networks. It attempts to bring together technology providers, which often work in an international market and need to minimize customization, and healthcare providers, for which patient care is highly localized and personalized. To bridge these two divergent worlds, AAMI 80001-GS:2011 maintains harmonization with the body of standards to which medical device manufacturers must adhere. This ensures that they do not have to do anything extra to support healthcare providers integrating their medical technologies.

AAMI 80001-GS:2011 is intended to be a helpful information resource for IEC 80001-1:2021 projects and assist healthcare providers who are responsible for the management of medical IT networks.

What Is IEC 80001-1?

IEC 80001-1:2021 specifies general requirements for organizations in the application of risk management before, during, and after the connection of a health IT system within a health IT infrastructure. It addresses the key properties of safety, effectiveness, and security. The risk management requirements in this standard are based upon existing concepts adapted and extended for use by all stakeholders supporting implementation and clinical use of connected health software and health IT systems (including medical devices).The requirements in IEC 80001-1:2021 apply to healthcare delivery organizations and other organizations seeking conformance with this risk management framework.

How Does AAMI 80001-GS Fit With Other IT and Medical Device Standards?

AAMI 80001-GS:2011 notes that many developers of informatics standards and interoperability frameworks do not fully recognize the risks that could result from their specifications, especially when medical devices are involved. Consequently, the publication is harmonized with those other standards:

ISO 13485: Quality management standard developed specifically to be used in the regulation of medical devices and based on ISO 9001.
ISO 14971: Primary risk management standard that must be followed by all medical device manufacturers to prove that their devices are safe enough to put into practice.
ISO/IEC 15408: Information security, cybersecurity and privacy protection standard that establishes the general concepts and principles of IT security evaluation.
ISO/IEC 2000-1 and ISO/IEC 2000-2: IT service management (ITSM) standards provide the basis for how a risk management process could be integrated into the other network management processes.
IEC 60601-1: General requirements for basic safety and essential performance focus on pre-market aspects of medical device development and manufacture.
IEC 62304: Medical device software life cycle processes standard that specifies requirements aimed at managing the planning, implementing, auditing, and recoding of life cycle evolution for medical applications.