The MedITNet assessment framework: development and validation of a framework for improving risk management of medical IT networks
Journal of Software: Evolution and Process
Medical devices are increasingly designed for incorporation into a hospital's IT network allowing devices to exchange critical information. However, connecting devices in this way can introduce risks potentially negating the benefits to patients. While the IEC 80001-1 standard has been developed to aid Healthcare Delivery Organisations (HDOs) in addressing these risks, HDOs often struggle to understand and implement the requirements. The MedITNet framework has been developed to allow HDOs to
... ess the capability of their risk management processes against the requirements of IEC 80001-1. MedITNet provides a flexible assessment framework enabling HDOs to gain a understanding of the requirements of the standard and to improve risk management processes by determining their current state and highlighting areas for improvement. This paper examines the challenges faced by HDOs in the risk management of medical IT networks and explains the components of the MedITNet framework and how the framework addresses these challenges. The use of Action Design Research (ADR) in the development and validation of MedITNet are also discussed focusing on a pilot implementation of the assessment method and expert review of the overall framework. The changes to the framework and its components as a result of the validation process are also discussed.