Risikomanagement für medizinische Netzwerke in der Intensiv- und Notfallmedizin. Gemeinsames Positionspapier zur Norm IEC 80001-1 [Risk management for medical networks in intensive care and emergency medicine – a joint position paper on IEC 80001-1]

[english] IEC 80001-1 is an international standard and offers recommendations for a risk management process for medical information technology networks (MITs). MITs are defined as IT networks incorporating at least one medical device. The goal is to build and maintain reliable and secure MITs for hospitals of all kids. To achieve it, the standard suggests applying risk management and defines the roles involved as well as their responsibilities. A central role is the medical IT-network risk manager, assigned by the top management of organizations. He communicates with and mediates between clinical, medical device and IT divisions and compiles risk relevant facts usually distributed among them. All identified risks are analyzed, evaluated and documented in the risk management file along with counter measures and a final assessment of acceptability.We acknowledge that implementing the suggested process will create an overhead cost in documentation and – partly by extension – in personnel. However we believe that the investment at the start of projects is worthwhile, because it helps to prevent or solve problems in later stages. Especially consecutive projects can profit from the investment, reducing required effort and costs. Furthermore, a reliable and secure MIT forms the basis for frictionless routine operations and innovations for connected medical devices. Hence the investment is justified. Applying risk management to the whole cooperation all at once is unrealistic. Focusing on parts of the network, which are crucial to a new project is more recommendable. With a smaller scope, risk management remains feasible and can later be expanded to other parts of the network.IEC 80001-1 demands communication among involved employees from different specialties and divisions. This offers a chance for cooperation to find better decisions and solutions regarding an organization’s medical IT network. [german] Die IEC 80001-1 ist eine Norm, die Empfehlungen für einen Risikomanagementprozess für medizinische IT-Netzwerke (MIT) – also Netzwerke mit angeschlossenen Medizinprodukten – gibt. Das Ziel ist der Aufbau und Betrieb von stabilen und sicheren IT-Netzwerken in Kliniken. Die Empfehlungen richten sich vor allem an die Betreiber von Krankenh usern, weisen Verantwortlichkeiten innerhalb einer verantwortlichen Organisation (meist einer Klinik) zu und geben deren Interaktion vor. Eine zentrale Rolle ist der MIT Risiko-Manager, der von der Gesch ftsführung beauftragt wird und die Anstrengungen in Richtung Risikomanagement koordiniert. Dazu steht er in Kontakt mit Mitarb