Compliance & Safety Mark-Alexander Sujan Warwick CSI
What s wrong with this equation? Safe Medical Device #1 + Safe Medical Device #2 = Unsafe System (J. Goldman) 30/04/08 Compliance & Safety 2
Integrated Clinical Environments Multi-Vendor System Integration Plug-and-Play Network Integration 30/04/08 Compliance & Safety 3
Conformity Assessment Regulators address standards to manufacturers: design features & good process Manufacturer s declaration When risk associated with non-compliance is low Independent safety assessment Conducted by third party 30/04/08 Compliance & Safety 4
Audit of Healthcare Organisations Collects indicators of safe practices (risk management meetings held, participation in NRLS, reaction to medical device safety alerts etc) Focus often on financial risks 30/04/08 Compliance & Safety 5
Problems with the Equation Manufacturer is responsible for ensuring safety based on safety requirements during design Manufacturer has little control over how the device will be used, and in what kind of environment HC service provider needs to ensure that integration of devices results in a safe system, but does not have access to manufacturer data Difficult to anticipate operational interactions with devices from other manufacturers and non-medical devices Safety of resulting system, operations, maintenance not demonstrated 30/04/08 Compliance & Safety 6
From Checklists to Goal-Based Assurance Prescriptive standards are slow to change Do not easily support change & innovation ISO 14971 (Risk Management) Goal-based assurance: manufacturer needs to demonstrate that assurance goals have been met 30/04/08 Compliance & Safety 7
IEC 80001 Application of risk management for ITnetworks incorporating medical devices Application of ISO 14971 to IT-networks Addressed to both manufacturers and responsible organisation 30/04/08 Compliance & Safety 8
Responsibilities Manufacturer: Risk management for medical device Providing accompanying documents: safetyrelated application conditions, how to integrate, relevant information from risk analysis) Responsible Organisation: Appoint roles (IT Integration Risk Manager) Risk management during integration, operation, maintenance Whole life-cycle risk management 30/04/08 Compliance & Safety 9
Goal-Based Assurance How to demonstrate compliance? How to facilitate handover of relevant information? How to tie together different phases of the life-cycle? 30/04/08 Compliance & Safety 10
Safety Assessment & Safety Arguments in Industry Demonstration of safety has a long-standing tradition in some industries Often introduced after major disasters Nuclear: Three Mile Island (1979) Off-Shore: Piper Alpha (1988) Railways & Infrastructure: King s Cross fire (1987), Ladbroke Grove (1999) Build systems that are demonstrably safe 30/04/08 Compliance & Safety 11
Assurance Case An assurance case should communicate a clear, comprehensive and defensible argument that a system is acceptably dependable to operate in a particular context 30/04/08 Compliance & Safety 12
Structured Assurance Cases Sub- Goal Sub- Goal Solution / Evidence Goal / Claim Standard followed Sub- Goal Solution / Evidence Safety Sub- Goal Solution / Evidence Testing results System meets acceptance criteria Solution / Evidence Simulation results 30/04/08 Compliance & Safety 13
Top-Level Argument Description of environment etc C G1: Medical Device is acceptably safe in specific environment List of global assumptions A Argue safety over the whole life-cycle by showing that requirements have been identified and will be met throughout. S G1.1: Satisfactory set of safety requirements has been determined Volume 1 G1.2: Safety requirements are met in the design G1.4: Safety requirements continue to be met G1.3: Safety requirements are met in operational use Volume 2 30/04/08 Compliance & Safety 14
G1.1: Satisfactory set of safety requirements has been determined Relevant standards including ISO 14971 have been met and information for RO has been specified S G1.1.1: Relevant standards met G1.1.2: All hazards identified and ALARP G1.1.3: Safety-related application conditions specified 30/04/08 Compliance & Safety 15
ISO 14971 Template Example -> ASCE demo 30/04/08 Compliance & Safety 16
Opportunities Integration of data and assumptions from device manufacturer and service provider by developing an argument over whole life-cycle Applicable for modern Integrated Healthcare Environments: Multi-vendor integration, PnP Templates can facilitate conformity assessment 30/04/08 Compliance & Safety 17
Challenges Lack of experience in Responsible Organisations Many devices normally do not require an assurance case but could cause harm in operation indirectly Complexity of managing assurance cases for large networked systems including diverse actors 30/04/08 Compliance & Safety 18
Some Resources Eurocontrol Safety Case Development Manual http://www.eurocontrol.int/cascade/gallery/content/public/document s/safetycasedevmanual.pdf Collection of Safety Cases including Eurocontrol RVSM Pre- Implementation Safety Case http://dependability.cs.virginia.edu/info/safety_cases:repository Railways Yellow Book (Safety Management System) http://www.yellowbookrail.org.uk/site/the_yellow_book/the_yellow_book.html Def-Stan 00-56 (Safety Management Requirements for Defence Systems) http://www.dstan.mod.uk/data/00/056/01000400.pdf 30/04/08 Compliance & Safety 19
Some Activities EWICS TC7 Medical Devices Sub- Group SAFECOMP 2008 (22 25 September, Newcastle) 3 rd European Workshop on Medical Device Safety (25 September, Newcastle) http://www2.warwick.ac.uk/fac/med/staff/sujan/ 30/04/08 Compliance & Safety 20
30/04/08 Compliance & Safety 21
Elements of an Assurance Case (Kelly, 1998) 30/04/08 Compliance & Safety 22
ASS2 A G1.2.1.1 G1.2 G1.2.1 Argument G1.2.2 G1.2.1.2 S ASS3: Hospital Information System available & accessible A Identify interactions that could not be predicted on the individual device level or without overarching system model. G1.2.1.2.1 G1.2.1.2.2 S1 Intensive Care: Pharmacy: Maintenance schedule S3 G1: Label printer available ASS1: Pharmacy system accessible A G2: Time until drugs available <x Maintenance schedule Backup printer Automatic Dispensing Unit Manual backup 30/04/08 Compliance & Safety 23
IEC 60601-1 Medical Electrical Equipment General Requirements for Safety 4.2 Risk Management Process for ME Equipment or ME Systems A RISK MANAGEMENT PROCESS complying with ISO 14971 shall be performed 30/04/08 Compliance & Safety 24
Risk Management Identify hazards (i.e. things that can go wrong) Define safety objectives (i.e. the maximum permissible frequency of occurrence) Define safety requirements (i.e. means to prevent things from going wrong) 30/04/08 Compliance & Safety 25
Possible Scenario Consultation Medication administration (source: Cambridge Consultants) Pathology lab 30/04/08 Compliance & Safety 26