Dear member,
Please find link in relation to a survey being conducted by a BEAI member as part of a Master of Science in Healthcare Informatics in University College Dublin. The BEAI would greatly appreciate your support in completing this 5min survey. The link to the survey is as follows: https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_aVFdiHFYOs73fzo
Research Information & Informed Consent
Title: Security of Patient Monitoring on a Medical IT Network
Researcher: Dara Keeley
Supervisor: Dr Patrick Felle
Researcher email: dara.keeley@ucdconnect.ie
Course: Master of Science in Healthcare Informatics in University College Dublin
Purpose of Study
Medical devices being integrated into healthcare provider’s IT networks has become more prevalent over the last number of years, specifically physiological monitoring. This integration and converging of medical systems with traditional IT networks has transformed the IT architecture and introduced additional risks which may have a bearing on safety and security of this medical IT network. This was highlighted recently in the Health Service Executive (HSE) with WannaCry ransomware attack in May 2017 and the major ransomware cyberattack suffered in May 2021, causing all of the IT systems nationwide to be shut down.
The IEC 80001-1 standard was developed in 2010 as an application of risk management for IT networks incorporating medical devices, defining roles, responsibilities and activities. The National Institute of Standards and Technology (NIST) provide guidelines to secure network connected medical devices. The Association for the Advancement of Medical Instrumentation (AAMI) provides guidance for implementing an effective medical device security risk management program. Support for these networks and systems is provided either by IT personnel or Clinical/Biomedical Engineers or both, depending on the healthcare provider’s resources, which can vary across many different sites.
The HSE is currently implementing a digital initiative nationwide called Vital Signs Automation (VSA) to capture physiological parameters such as oxygen saturation, blood pressure, pulse rate, heart rate and temperature by automatically calculating the national early warning score (NEWS) which is used to track whether a patient’s condition is deteriorating. This digital system will incorporate early detection of the potential of a patient developing sepsis or being at risk of a cardiac arrest resulting in saving lives, improving patient outcomes, staff productivity and compliance. The previous task of calculating the NEWS manually is replaced, thus reducing the error rates that have been highlighted by audits. This system is planned for Our Lady’s Hospital Navan and it is critical that all resources, procedures and risks are identified and mitigations are put in place.
The purpose of this project is to conduct research and determine if the standard IEC 80001-1 “Application of risk management for IT networks incorporating medical devices” is being implemented and determine familiarity with regulations as well as appropriate standards and guidance for an effective medical device security risk management program with Irish healthcare providers.
You have been selected to participate in this research study as you are a CE professional, having experience with integrating medical devices onto medical IT networks and supporting same either directly within a healthcare provider or externally via private enterprise.
Information:
Procedure:
Participants will be asked to fill and complete an on-line questionnaire that will determine experience of integrating medical devices onto medical IT networks, awareness and knowledge of standards relating to risk management of medical IT networks incorporating medical devices and medical device security risk management programs.
Research Study:
This research study will be used in the researcher’s dissertation that will be submitted to University College Dublin, in partial fulfilment of the course requirements in Master of Science of Healthcare Informatics. The dissertation may also be published in scientific publications.
Declaration:
Data Management
As per the General Data Protection Regulations that came into effect in May 2018, this research study will follow strict adherence. All research and analysis documentation will be stored on the researcher’s PC and laptop that is password protected and encrypted. The research and analysis documentation will include minor thesis in Microsoft Word format and results from the questionnaire in Microsoft Excel format.
The questionnaire will not record personal information and there should be no identifiable information in the results due to be anonymized. Once the minor thesis has been submitted, all relating research and analysis results from the survey will be deleted.
Researcher’s responsibility:
The background and purpose of this research study has been outlined and explained, procedures to be followed and data management involved. I believe that the participant understands the purpose of the research and reasoning for selection with informed consent given freely.
Questionnaire URL:
https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_aVFdiHFYOs73fzo
The Biomedical / Clinical Engineering Association of Ireland (BEAI) is a company limited by guarantee and not having a share capital. Company Registration no. 484921.
Stay Connected on:
For general information, including registration, please contact us at: