Hello,
Can anybody give an advise to me? Our company hospital has information system (electronical health records) and now we must create a data exchange channel between our information system and the other one. I want to analyze all potential risks acording to the risk management standard. I wrote to ISO and they said that I may use ISO 14971:2007. As I have understood this standard is more connected with medical hardware, like radiology machines for example. May be someone can tell me if it is a right standard to use or, if not, which standard best suits for my problem?

Advice or input anyone?

May be someone can tell me if it is a right standard to use or, if not, which standard best suits for my problem?ISO 17090:2008, Health informatics – Public Key Infrastructure, a three-part standard of which each part makes a contribution to defining how digital certificates can be used to provide security services in the health industry.

ISO 14971 is for medical devices, including medical device software, but not for health software (which semms to be tour case). ISO TC 215, Health informatics, deals with health software. You can look at their standards at the TC home - http://www.iso.org/iso/standards_development/technical_committees/other_bodies/iso_technical_committee.htm?commid=54960 (click in the number after "Total number of published ISO standards related to the TC and its SCs")

Although i participate in some meetings of the TC 215 mirror commiitte in Brazil, i´m not particularly familiar with their standards (i just accompany the development of ISO/CD 80001-1 Health informatics -- Application of risk management for IT -- Nettworks incorporating medical devices because it´s in done in conjunction with IEC 62A), but there´s a lot of standards on Electronic Health Records...one thing you can do is contact the TC directly (sometimes when you contact ISO they give you weird answers...:-))

Thanks erverybody for help.