Revising IEC 80001-1: Risk management of health information technology systems

Abstract IEC 80001-1 was published in 2010 and is now undergoing revision. Feedback gathered on the adoption of the standard has revealed a number of barriers that have impacted its adoption. The standard provides requirements related to the roles, responsibilities and activities that need to be performed for the risk management of medical IT networks. One reported barrier is a lack of drivers to motivate Top Management to implement the standard. In addition, there is a lack of alignment between IT and biomedical engineering departments within hospitals. Finally, the IEC 80001-1 standard was considered to be too complicated and complex to implement. This paper presents the barriers identified in the feedback and presents an approach to the revision of the standard as a process based standard following the structure outlined in ISO/IEC Directives Annex SL and aligned risk management standards as a means to overcome these barriers.