Please find link in relation to a survey being conducted by a BEAI member as part of a Master of Science in Healthcare Informatics in University College Dublin. The BEAI would greatly appreciate your support in completing this 5min survey. The link to the survey is as follows: https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_aVFdiHFYOs73fzo
Research Information & Informed Consent
Title: Security of Patient Monitoring on a Medical IT Network
Researcher: Dara Keeley
Supervisor: Dr Patrick Felle
Researcher email: email@example.com
Course: Master of Science in Healthcare Informatics in University College Dublin
Purpose of Study
Medical devices being integrated into healthcare provider’s IT networks has become more prevalent over the last number of years, specifically physiological monitoring. This integration and converging of medical systems with traditional IT networks has transformed the IT architecture and introduced additional risks which may have a bearing on safety and security of this medical IT network. This was highlighted recently in the Health Service Executive (HSE) with WannaCry ransomware attack in May 2017 and the major ransomware cyberattack suffered in May 2021, causing all of the IT systems nationwide to be shut down.
The IEC 80001-1 standard was developed in 2010 as an application of risk management for IT networks incorporating medical devices, defining roles, responsibilities and activities. The National Institute of Standards and Technology (NIST) provide guidelines to secure network connected medical devices. The Association for the Advancement of Medical Instrumentation (AAMI) provides guidance for implementing an effective medical device security risk management program. Support for these networks and systems is provided either by IT personnel or Clinical/Biomedical Engineers or both, depending on the healthcare provider’s resources, which can vary across many different sites.
The HSE is currently implementing a digital initiative nationwide called Vital Signs Automation (VSA) to capture physiological parameters such as oxygen saturation, blood pressure, pulse rate, heart rate and temperature by automatically calculating the national early warning score (NEWS) which is used to track whether a patient’s condition is deteriorating. This digital system will incorporate early detection of the potential of a patient developing sepsis or being at risk of a cardiac arrest resulting in saving lives, improving patient outcomes, staff productivity and compliance. The previous task of calculating the NEWS manually is replaced, thus reducing the error rates that have been highlighted by audits. This system is planned for Our Lady’s Hospital Navan and it is critical that all resources, procedures and risks are identified and mitigations are put in place.
The purpose of this project is to conduct research and determine if the standard IEC 80001-1 “Application of risk management for IT networks incorporating medical devices” is being implemented and determine familiarity with regulations as well as appropriate standards and guidance for an effective medical device security risk management program with Irish healthcare providers.
You have been selected to participate in this research study as you are a CE professional, having experience with integrating medical devices onto medical IT networks and supporting same either directly within a healthcare provider or externally via private enterprise.
Participation for this research study is voluntary.
Withdrawal from this research study can be initiated at any point during the process.
All of the questions do not have to be answered.
Participants of this research study will be anonymized with the results and findings being preserved for same.
Participants in this research study will allow the researcher to determine knowledge, understanding and familiarity with standards pertaining to medical IT networks containing medical devices and security risk management programs that may or may not be implemented.
A copy of the research study included in the thesis will be provided to you if it is requested.
Additional information about this research study can be provided if required.
Participants of this research study must be 18 years of age or older providing consent for participation.
GDPR will be strictly adhered to in relation to data management.
Participants will be asked to fill and complete an on-line questionnaire that will determine experience of integrating medical devices onto medical IT networks, awareness and knowledge of standards relating to risk management of medical IT networks incorporating medical devices and medical device security risk management programs.
This research study will be used in the researcher’s dissertation that will be submitted to University College Dublin, in partial fulfilment of the course requirements in Master of Science of Healthcare Informatics. The dissertation may also be published in scientific publications.
I am 18 years old or older and competent to provide consent.
I have read this document, outlining the background and purpose of this research study and consent that has been provided.
I agree and have no objection that my data be used for scientific purposes and may be published in scientific publications and my data be used in a purposeful manner while not revealing my identity.
I agree to take part in this research study, without prejudice to my legal rights.
I agree not to record or mention any third party vendors in this research study.
I am aware that I do not have to answer all of the questions in this research study and that I can withdraw at any point.
I understand that my participation will be anonymised and my personal details will not be recorded.
A copy of this agreement has been made available to me.
As per the General Data Protection Regulations that came into effect in May 2018, this research study will follow strict adherence. All research and analysis documentation will be stored on the researcher’s PC and laptop that is password protected and encrypted. The research and analysis documentation will include minor thesis in Microsoft Word format and results from the questionnaire in Microsoft Excel format.
The questionnaire will not record personal information and there should be no identifiable information in the results due to be anonymized. Once the minor thesis has been submitted, all relating research and analysis results from the survey will be deleted.
The background and purpose of this research study has been outlined and explained, procedures to be followed and data management involved. I believe that the participant understands the purpose of the research and reasoning for selection with informed consent given freely.