Development and validation of the MedITNet assessment framework: improving risk management of medical IT networks

The use of networked medical devices can provide a number of benefits such as improved patient safety, reduced costs of care and a reduction in adverse events. Traditionally, medical devices were placed onto a proprietary IT network provided by the manufacturer of the device. Today, medical devices are increasingly designed for incorporation into a hospital’s general IT network enabling devices to exchange critical information. However, this can introduce risks and negate the potential benefits to patients. While the IEC 80001-1 standard has been developed to aid Healthcare Delivery Organisations (HDOs) in addressing these risks, HDOs may struggle to understand and implement the requirements. The MedITNet framework has been developed to allow HDOs to assess the capability of their risk management processes against the requirements of IEC 80001-1. MedITNet provides a flexible assessment framework enabling HDOs to gain a greater understanding of the requirements of the standard and to improve risk management processes by determining their current state and highlighting areas for improvement. This paper examines the challenges faced by HDOs in the risk management of medical IT networks and briefly explains the components of the MedITNet framework and how the framework addresses these challenges. This paper also details how Action Design Research (ADR) was used in the development and validation of MedITNet.