IT-NETWORK in PEMS Sub-Clause 14.13 for Medical Device

akp060

Involved In Discussions
#1
Hi All,

I have the following question, trying to figure out the applicability of Sub-clause 14.13, and thoughts of an answer but would like to see if there is a different thought process here,

Q. Can a Medical Device paired to a non-medical device using BLE be considered as an example of PEMS intended to be incorporated into IT-NETWORK?

My thoughts- There are two wireless communicating nodes, and data is intended to be transmitted for display (one-way communication from the medical device to the non-medical device), so yes 14.13 applies.

Confusion- This is not a typical example of what is explained about IT-NETWORK in Annex H. But then in 14.13 an example of IT-NETWORK is PEMS is connected to a printer. So are my thoughts correct
 
Elsmar Forum Sponsor

Tidge

Trusted Information Resource
#2
BLE = Bluetooth?

I have trouble imagining how 14.13 wouldn't be applicable. Aside from whatever safety (and security) risks may exist, 14.13 lays out the need to document/describe rather basic elements of a system such as you describe.
 

akp060

Involved In Discussions
#3
BLE = Bluetooth?

I have trouble imagining how 14.13 wouldn't be applicable. Aside from whatever safety (and security) risks may exist, 14.13 lays out the need to document/describe rather basic elements of a system such as you describe.
Hi Tidge,

Yes, BLE = Bluetooth. It would be really helpful if you can help me with a reference like how this instruction looks like. I am doing some search of my own.

Thank You
 

Tidge

Trusted Information Resource
#4
Working from memory here (DANGEROUS!) but 14.13 has requirements that (among other things) requires that the medical electrical device includes instructions on how to connect to the non-ME device/network. Presumably your ME device isn't always on as a bluetooth, minimally you need to provide instructions how to turn it on and synch with other devices... and likely be able to tell what it is synched with.

I would recommend that for ANY sort of networked device that ME manufacturers (who seek certification to the Standard) treat every part of 14.13 as applicable until it becomes blatantly obvious why that part of 14.13 is NOT applicable. 60601-1 is a safety standard, and that is why 14.13 is important, but careful consideration of those elements will offer you insight into some issues around security. Cybersecurity has become a HUGE issue for health delivery organizations... and just as ME manufacturers look for for 60601-1 certification as evidence that an HDO doesn't have to worry about the ME device burning down the building we may as well take the baby steps from 60601-1 to begin understanding the cybersecurity needs.

Full disclaimer: 60601-1 is NOT a security standard, and cannot serve as one. My point is that there are touchpoints between safety and security, if you avoid touching 14.13 you have denied yourself one handhold for security considerations.
 

akp060

Involved In Discussions
#5
Working from memory here (DANGEROUS!) but 14.13 has requirements that (among other things) requires that the medical electrical device includes instructions on how to connect to the non-ME device/network. Presumably your ME device isn't always on as a bluetooth, minimally you need to provide instructions how to turn it on and synch with other devices... and likely be able to tell what it is synched with.

I would recommend that for ANY sort of networked device that ME manufacturers (who seek certification to the Standard) treat every part of 14.13 as applicable until it becomes blatantly obvious why that part of 14.13 is NOT applicable. 60601-1 is a safety standard, and that is why 14.13 is important, but careful consideration of those elements will offer you insight into some issues around security. Cybersecurity has become a HUGE issue for health delivery organizations... and just as ME manufacturers look for for 60601-1 certification as evidence that an HDO doesn't have to worry about the ME device burning down the building we may as well take the baby steps from 60601-1 to begin understanding the cybersecurity needs.

Full disclaimer: 60601-1 is NOT a security standard, and cannot serve as one. My point is that there are touchpoints between safety and security, if you avoid touching 14.13 you have denied yourself one handhold for security considerations.
Thank you for the details. I completely understand your point and agree thereto
 

Cybel

Involved In Discussions
#6
Hi,
I'm wondering what do the following words in bold mean ? In 14.13, "if the PEMS is intended to be incorporated into an IT-NETWORK that is not validated by the PEMS MANUFACTURER..."
Is the connection mean (bluetooth technology) to be considered in this case?
My case: we have a medical device containing a SW, and it can be connected via BT to a non medical app that the user can download from Apple Store or Google Play. We are manufacturer of the medical device and of the App as well. The App is verified and validated in the same way we do for the SW of the medical device.
Does 14.13 applies to us?
I would consider 14.13 as applicable also considering the suggestion from Tidge, but I really don't want to complicate something simple.

Your thoughts?
 
Thread starter Similar threads Forum Replies Date
L AS9100 - Infrastructure or Product? Inflight internet connectivity network AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
N Anyone working on NIST SP 800-171 (Network and Information Security)? Records and Data - Quality, Legal and Other Evidence 4
Marc Definition GDSN - Global Data Synchronization Network Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 0
R Network/Computer Data Migration Sampling GMP Software Quality Assurance 1
D Validation of Computer and Network Equipment Test System Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
P How do you calibrate a VNA (Vector Network Analyzer) cal kit? General Measurement Device and Calibration Topics 4
Gman2 Control of Documents and (FORMS) on a Computer Network ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
B Any forum at par with Elsmar Cove for Network and System Administration? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
drgnrider Records control on a shared, open, network Records and Data - Quality, Legal and Other Evidence 15
M Need help with Network Analyzers and which DUT can be Calibrated with it Calibration and Metrology Software and Hardware 2
B CCNA (Cisco Certified Network Associate) Self Study Help? Professional Certifications and Degrees 3
C Process Maps vs. Activity Network Diagrams - Differences Process Maps, Process Mapping and Turtle Diagrams 7
BradM Can Minitab version 16 perform Neural Network Analysis Using Minitab Software 1
C Artificial Neural Network Template Document Control Systems, Procedures, Forms and Templates 0
R Separation of Network Port from other Circuits including Patient Circuit IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
S Attrition Procedure for IT to Disable Network Accounts and Collect Equipment Quality Manager and Management Related Issues 2
G Is Agilent?s automated network analyzer verification ISO/IEC-17025 compliant? ISO 17025 related Discussions 4
AnaMariaVR2 IT Audit: WPA/WPA2 PSK Network Security Demo Software Quality Assurance 0
J IT Department Network Infrastructure - 7.3 Design and Development Requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
M RAPS (Regulatory Affairs Professionals Society) Brazil LinkedIn Network Other Medical Device and Orthopedic Related Topics 0
J Responsibilities for Network Cabling, Security Camera, Door Lock Access, etc. Misc. Quality Assurance and Business Systems Related Topics 3
S Organization of a Shared Network Drive Document Control Systems, Procedures, Forms and Templates 4
P ISO 13485 and network security protection - Medical device manufacturer ISO 13485:2016 - Medical Device Quality Management Systems 5
M Business Wireless network setup After Work and Weekend Discussion Topics 10
F Certifying for Calibrations of Network Analyzers - Looking for classes/training General Measurement Device and Calibration Topics 1
D We had a worm or virus hit our network yesterday - a.exe worm After Work and Weekend Discussion Topics 7
A Including multimeters and network testers as monitoring and measurement devices ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
D System Administrator procedures - Network administration, backup administration, etc Document Control Systems, Procedures, Forms and Templates 5
a_bardi FMEA and service providing - FMEA examples in fixed network carriers sector or CATV FMEA and Control Plans 2
W A Site of interest for Covers - In2:InThinking Network Book, Video, Blog and Web Site Reviews and Recommendations 4
Antonio Vieira IQNET ? International Certification Network - Really a recognized Organization? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
I Info request - Outlines of the VDE and UL marks process - Electrical, network cables Various Other Specifications, Standards, and related Requirements 1
D Customer Network and Desktop Support - Master Product History ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
T Quality Manual on a Network - Authorising Signatures - How do we handle? Quality Management System (QMS) Manuals 9
A NETWORK SOLUTIONS Beware After Work and Weekend Discussion Topics 1
W Becoming ISO 9001 certified - Telecommunications and network services for military ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
E PEMS Hazards - IEC 60601 Clause 14.6 - Internal data use - Pressure sensor IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
R Please share your method used for PEMS Validation IEC 62304 - Medical Device Software Life Cycle Processes 5
J Medical Device which is NOT a PEMS? IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
S PEMS Documentation for Medical Device Software - Requirements IEC 62304 - Medical Device Software Life Cycle Processes 3
R Does dental unit need to meet the requirements of clause 14 (PEMS)? IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
P Medical Devices - PEMS, PESS, PE/E/E and the like... once again! IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
R Can manufacturer separately evaluate the clause 14 (PEMS) of 60601-1: 2005? IEC 60601 - Medical Electrical Equipment Safety Standards Series 7
S Device with different options for a sub-component - CE marking implications EU Medical Device Regulations 2
B GMDN for sub assemblies? EU Medical Device Regulations 0
D Special IATF audit of sub-supplier IATF 16949 - Automotive Quality Systems Standard 18
M Pre-Sub preparation (for de Novo request) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
S MDR - System and procedure pack article 22 and all sub processes that apply ISO 13485:2016 - Medical Device Quality Management Systems 0
S Knee Implant (Femoral -Cobalt chrome)-Sub chronic toxicity test (ISO 10993-11)choice of root Medical Device and FDA Regulations and Standards News 2
F AS9100 - Validation, FAIR's, ITAR and Sub-Contracting AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3

Similar threads

Top Bottom