This December 2020 Standards Navigator Report content is only available to Standards Navigator subscribers. See our Subscribe page for information on subscriptions.
SoftwareCPR Standards Navigator Report provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards Navigator keeps you up to date on new standards activity and gives you expert insight into future changes to existing standards.
Recent standards and regulatory activity
Standards work has clearly slowed down as the pandemic restricted travel and meetings. While work is continuing, it is harder to keep people’s attention and get homework done at a virtual meeting. Several standards that were expected to have drafts for ballot this year have slipped into 2021. These include 62304 Second Edition (a committee draft for vote is expected in January), IEC 80001-1 Second Edition (Final Draft expected 1st quarter) and IEC 81001-1 (Final Draft is expected in January).
- New work has been proposed in ISO for an Application guidance for use of assurance cases for safety and security.
Medical device software
- The first part of the AAMI series on Health IT Software and Systems (HIT1000-1) has been approved and will be published as an American National Standard. HIT1000-3 on risk management and HIT1000-4 on usability are expected to be revised and approved as American National Standards in 2021. Work on HIT1000-2 on quality systems will continue (restart) in 2021.
- IEC TR 60601-4-5: Medical electrical equipment – Part 4-5 Guidance and interpretation – Safety related technical security specifications for medical devices has been approved and will be published in the first quarter of 2021.
- A committee draft for ballot of IEC 81001-5-1 Security Activities in the product life cycle is available. This draft will be voted on as a draft international standard. This ballot is the last chance for technical comments. The standard defines the life cycle requirements for development and maintenance of health software, including medical devices, needed to support conformity to IEC 62443-4-1 – taking the specific needs for health software into account. Requirements are arranged in the ordering of IEC 62304. Implementing the processes, activities and tasks specified in this document is sufficient to implement the process requirements of IEC 62443-4-1. The specifications for Annex E may be implemented in order to achieve full conformity to IEC 62443-4-1.
- AAMI SW95 Medical device security – Security risk management for medical device manufacturers, a second committee draft is expected in first quarter of 2021.
- ISO has a new proposed project for cybersecurity for telemedicine.
- Technical report, ISO 24291 Health informatics – Applications of machine learning technologies in imaging and other medical applications has been approved and will be published in the first quarter of 2021.
- AAMI and BSI are collaborating to develop guidance for AI. Their first activity is to rapidly develop a technical report on risk management. They will be looking at ISO 14971 and considering what is unique to AI for risk management. They hope to have this guidance published in the first half of 2021. Their second project is to look at an algorithm change that allows changes without a need for resubmission to a regulator.
- An ISO ad hoc committee on AI has proposed that a new guidance on AI addressing security and privacy analysis be developed. This would include:
- Use case analysis
- Integration of an AI system into a health care system of systems
- Security by design and privacy by design approach and practice
- Trustworthy framework including suitable assurance needs
No new project has been submitted yet, but a new work proposal is expected in 2021.