标准摘要
[中文适用范围]: 此文档建立了要求并给出了医疗保健提供组织(HDOs)和健康软件及医疗器械制造商(MDMs)确保案例框架的指导,可支持所有相关方之间的沟通与信息传递。一个确保案例可以用于向其他角色传达有关不同风险的信息和知识。 此文档建立: - 识别、开发、解释、更新和维护确保案例的HDOs和健康软件以及MDMs的保证案例框架; - 一种可能的方法,通过提供充足信息来弥合制造商与HDOs之间的差距,支持HDOs对IT网络的风险管理; - 通过利用ISO/IEC/IEEE 15026-2和其他标准识别关键考虑因素,并为确保案例的结构和内容提供最佳实践,例如迭代和持续的方法; - 提供改进确保案例一致性和可比性的示例结构、方法和格式。 此文档适用于健康软件和健康IT系统生命周期中所有相关方,包括: a) 规定、获取、设计、开发、集成、实施和操作健康软件及健康IT系统的组织、卫生信息系统专业人员和临床领导,例如健康软件开发商和MDMs、系统集成商、系统管理员(包括云和其他IT服务提供商); b) 提供医疗服务的医疗保健服务机构、医疗服务提供者及其他使用健康软件和健康IT系统的个人; c) 政府、卫生系统资助方、监督机构、专业组织及寻求对组织持续提供安全、有效且安全的健康软件、健康IT系统和服务能力的信心的人士; d) 寻求通过一致理解安全管理、有效性管理和安全性管理中使用的概念和技术术语来改善风险管理沟通的相关组织和利益相关者; e) 提供与健康软件和健康IT系统的安全、有效性和安全性风险管理系统相关的培训、评估或建议的提供者; f) 相关的安全、有效性和安全性标准的开发者。 此文档适用于所有构建、获取、操作、维护、使用或废弃健康软件及健康IT系统(包括医疗器械)的组织和个人。无论规模、复杂性或商业模式如何,所有相关方均适用。 [外文原描述]: This document establishes requirements and gives guidance on assurance case framework for healthcare delivery organizations (HDOs) and for health software and medical device manufacturers (MDMs) and can be used to support the communication and information transfer between all parties. An assurance case can be used to communicate information and knowledge about different risks to other roles. This document establishes: - an assurance case framework for HDOs and health software and MDMs for identifying, developing, interpreting, updating and maintaining assurance cases. - one of the possible means to bridge the gap between manufacturers and HDOs in providing adequate information to support the HDOs risk management of IT-networks; - best practice by leveraging ISO/IEC/IEEE 15026-2 and other standards to identify key considerations and for the structure and contents of an assurance case, e.g. iterative and continuous approaches; - example structure, method and format to improve the consistency and comparability of assurance cases. This document is applicable to all parties involved in the health software and health IT systems life cycle, including: a) organizations, health informatics professionals and clinical leaders specifying, acquiring, designing, developing, integrating, implementing and operating health software and health IT systems, for example health software developers and MDMs, system integrators, system administrators (including cloud and other IT service providers); b) healthcare service delivery organizations, healthcare providers and others who use health software and health IT systems in providing health services; c) governments, health system funders, monitoring agencies, professional organizations and customers seeking confidence in an organization’s ability to consistently provide safe, effective and secure health software, health IT systems and services; d) organizations and interested parties seeking to improve communication in managing safety, effectiveness and security risks through a common understanding of the concepts and terminology used in safety, effectiveness and security management; e) providers of training, assessment or advice in safety, effectiveness and security risk management for health software and health IT systems; f) developers of related safety, effectiveness and security standards. This document is for use by organizations and people who build, acquire, operate, maintain, use or decommission health software and health IT systems (including medical devices). It is applicable to all organizations involved, regardless of size, complexity or business model.
英文名称Health software and health IT systems safety, effectiveness and security - Part 2-1: Coordination - Guidance for the use of assurance cases for safety and security