100 likes | 385 Views
PCD MEM Medical Device IT Management. Project Status – April 2013 Axel Wirth PCD MEM Working Group. PCD MEM: Medical Device IT Management. Initial Goal Setting. Work launched in Dec 2011 (scope & outline) Project coordination: PCD MEM priority
E N D
PCD MEMMedical Device IT Management Project Status – April 2013 Axel Wirth PCD MEM Working Group
Initial Goal Setting • Work launched in Dec 2011 (scope & outline) • Project coordination: • PCD MEM priority • PCD ITI (IT Infrastructure) is responsible for infrastructure and will support / consult • These needs are not unique to PCD and may require cooperation with other IHE groups (e.g. RAD) or outside IHE (e.g. NEMA) • Whitepaper purpose: • Define status quo • Established best practices • Existing standards and regulations, including existing profiles • Recommendation for to be developed profiles or standards (where appropriate)
Status • Current active members: • John Rhoads, Philips • Dan Trainor, Philips • Andrew Sargent, Philips • Jeff McGeath, Accents on Integration • Richard Hurst, iSirona • Ryan Roobian, Symantec • Axel Wirth, Symantec
Status • No way around it – progress has been slow • The “day job” problem …. • Identified 3 Focus areas (based on provider feedback) • Cyber Security • Patching • Configuration Management • Researched best practices and existing standards: • Reviewed published thought leadership • Other industries may establish relevant precedent • Data collection winding down, moving towards outline / specific proposal
Status Example: IEC 62443 (SCADA / IACS = Industrial Automation and Control Solution)
Status • In parallel, working on leveraging synergies between us and MDISS (Medical Device Innovation, Safety and Security Consortium, www.mdiss.org) • Proposed MOU between IHE and MDISS to join on Cyber Security. • Reviewed by IHE International Board, assigned to Operations Subcommittee for recommendation. • MDISS has agreed to draft MOU, ready to move forward. • Benefits of cooperation: • Combined resources • IHE - Vendor experience, MDISS - Provider experience • MDISS – broad approach: e.g. “epidemiological” analysis • IHE - established frameworks: e.g. Profiles, Connectathon • Lastly: avoid conflicting messages and confusion
What else? • Need to re-align with CMMS project (Steve Merritt) • Presentation at AAMI 2013 • John Rhoads, Axel Wirth • Presentation due by May 6! IT and Cybersecurity Challenges in a Medical Device World “Medical devices are increasingly becoming interconnected via standard IT networks, resulting in new challenges for healthcare technology management professionals. Because these devices need to be protected against cyber-attacks and privacy breaches, the device lifecycle must include safeguards such as software patch management, IT risk management, authentication, encryption, and more. In this session, you will learn about the challenges of maintaining the highly sensitive and strictly regulated environments required for IT-connected medical devices. You’ll recognize your own role in the process, as well as the role of your IT peers; and find out about existing standards, guidelines, and best practices”
Current Whitepaper Scope • Outline: • Definition and Architecture • Asset Management • Asset Tracking • Discovery • Automatic Configuration • Monitoring and Logging • Patch Management • Lifecycle Management • Risk Management Guidance • Event Communication—non-alarm, system-to-system • Cyber Security Status • Information Privacy (encryption and similar) • Key Management • User-to–Device and Device-To-Network Authentication Note: the topics outlined will be purely IT focused and not deal with clinical functionality or patient management aspects.