Safety and effectiveness of health IT software and systems-Part 1: Fundamental concepts, principles, and requirements
|Publication Date:||1 January 2018|
This series of provisional standards (AAMI HIT1000 series) provides a framework for managing the safety and effectiveness of health IT software and systems, for the purpose of promoting better patient outcomes
Note 1: Safety is an attribute of a system. The ultimate goal of this standard is to promote patient safety and better patient outcomes. Patient safety requires systems and software that are safe and effective.
Note 2: Safety and effectiveness directly impact patient outcomes. Other attributes of software or systems, such as usability, are essential to assuring safety and effectiveness and are addressed in that context by the HIT1000 series of provisional standards.
Note 3: Security-related risks are dealt with in the HIT1000 series as part of risk management. This does not obviate the need for a more comprehensive security management program to address other security risks. See Annex B for more information.
This part of AAMI HIT1000 (Part 1: Fundamental concepts, principles, and requirements) identifies the core concepts and principles needed to maintain safe and effective health IT software and systems. It also identifies roles and defines responsibilities, activities, and best practices that are necessary for managing that safety and effectiveness.
This standard applies throughout the whole lifecycle of health IT software and systems and to all sizes and types of actors involved with that system-from developers and system integrators who create the systems, to healthcare delivery organizations (HDOs) who own, configure, implement, and use the systems, and to those responsible for operating and ultimately decommissioning health IT systems or health IT system components.
This standard defines the points in the lifecycle where different roles-Top Management, Business Owner, Developer, Integrator, Implementer, Operator, and User (see Table1)-assume primary responsibility for maintaining safety and effectiveness and identifies the communication necessary among the different roles at those points.
Note: Roles in this standard are activity-based and not dependent upon the entity or organization involved. For example, a health delivery organization may be the Business Owner but may also create or substantively modify health IT system components during certain stages of the health IT software and systems lifecycle. At those stages, the HDO would also be serving as a Developer and would assume the appropriate responsibilities of that role.
It is recognized that not all incorporated parts of health IT software and systems will have used this series of standards or applicable medical device software standards throughout the lifecycle. Where this is the case, the safety, quality, and usability impacts of these parts must be considered and addressed so as to appropriately mitigate potential negative consequences
Note: Other parts of the AAMI HIT1000 series can provide guidance on applying requisite vigilance to software or components that have not met the requirements of this part of AAMI HIT1000.