IEC/TR 80001-2-5:2014

IEC TR 80001-2-5
Edition 1.0 2014-12
TECHNICAL
REPORT
colour
inside
Application of risk management for IT-networks incorporating medical devices –
Part 2-5: Application guidance – Guidance on distributed alarm systems

IEC TR 80001-2-5:2014-12(en)
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.

IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bi bliographical information on IEC International Standards, electrical terms containing more than 30 000 terms and
Technical Specifications, Technical Reports and other definitions in English and French, with equivalent terms in 14

documents. Available for PC, Mac OS, Android Tablets and additional languages. Also known as the International
iPad. Electrotechnical Vocabulary (IEV) online.

IEC publications search - www.iec.ch/searchpub IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a More than 55 000 electrotechnical terminology entries in
variety of criteria (reference number, text, technical English and French extracted from the Terms and Definitions
committee,…). It also gives information on projects, replaced clause of IEC publications issued since 2002. Some entries
and withdrawn publications. have been collected from earlier publications of IEC TC 37,

77, 86 and CISPR.
IEC Just Published - webstore.iec.ch/justpublished

Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: csc@iec.ch.
IEC TR 80001-2-5
Edition 1.0 2014-12
TECHNICAL
REPORT
colour
inside
Application of risk management for IT-networks incorporating medical devices –

Part 2-5: Application guidance – Guidance on distributed alarm systems

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
PRICE CODE
W
ICS 11.040.01; 35.240.80 ISBN 978-2-8322-1969-0

– 2 – IEC TR 80001-2-5:2014 © IEC 2014
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 7
2 Normative references . 8
3 Terms and definitions . 8
4 Functions of the distribution of ALARM CONDITIONS . 16
4.1 General . 16
4.2 SOURCES and their ALARM CONDITIONS . 17
4.3 INTEGRATOR . 17
4.4 COMMUNICATOR . 17
4.5 MEDICAL IT-NETWORK . 18
5 Types of systems for distributing ALARM CONDITIONS . 18
5.1 General . 18
5.2 DISTRIBUTED INFORMATION SYSTEM ABOUT ALARM CONDITIONS . 19
5.3 DISTRIBUTED ALARM SYSTEM . 19
5.4 DISTRIBUTED ALARM SYSTEM WITH OPERATOR CONFIRMATION . 19
6 RISK MANAGEMENT . 20
6.1 General explanation . 20
6.2 Determining the RESPONSIBLE ORGANIZATION’S objective purpose . 20
6.3 HAZARDS and HAZARDOUS SITUATIONS related to DIS, DAS and CDAS . 21
6.4 Causes and resulting HAZARDOUS SITUATIONS . 21
6.5 RISK CONTROL measures related to the integration of ALARM CONDITIONS . 23
6.5.1 Technical RISK CONTROL measures implemented in equipment . 23
6.5.2 Typical RISK CONTROL measures for implementation by the RESPONSIBLE
ORGANIZATION . 25
6.5.3 Organizational policies and procedures as RISK CONTROL measures for
implementation by the RESPONSIBLE ORGANIZATION . 26
Annex A (informative) Correspondence between the RISK CONTROL measures of this
technical report and IEC 60601-1-8 . 28
Annex B (informative) Types of SOURCES . 29
B.1 MEDICAL DEVICES . 29
B.2 NURSE CALL SYSTEM . 30
ANNEX C (informative) Applicability of types of system for the distribution of ALARM
CONDITIONS . 32
Annex D (informative) Scalability of types of system for the distribution of ALARM
CONDITIONS . 35
Bibliography . 37
Index of defined terms used in this technical report . 38

Figure 1 – Focus of this technical report . 6
Figure 2 – Functions of a MEDICAL IT-NETWORK incorporating SOURCES, an INTEGRATOR
and COMMUNICATORS to distribute ALARM CONDITIONS . 7
Figure C.1 – Cascading structure of system for the distribution of ALARM CONDITIONS . 32
Figure C.2 – Example for INTEGRATOR of a PATIENT monitor with central monitoring
station to distribute ALARM CONDITIONS in a physically isolated IT-NETWORK in a CDAS . 33

IEC TR 80001-2-5:2014 © IEC 2014 – 3 –
Figure C.3 – Example for INTEGRATOR of a PATIENT monitor to distribute ALARM
CONDITIONS in a NURSE CALL SYSTEM, and via a PBX with handsets . 34
Figure D.1 – Example hospital-wide DISTRIBUTED ALARM SYSTEM . 36

Table 1 – General comparison of system properties for ALARM CONDITION integration . 18
Table A.1 – Correspondence of the technical RISK CONTROL measures of this technical
report for a CDAS and IEC 60601-1-8 for a DAS . 28

– 4 – IEC TR 80001-2-5:2014 © IEC 2014
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS
INCORPORATING MEDICAL DEVICES –

Part 2-5: Application guidance –
Guidance on distributed alarm systems

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
The main task of IEC technical committees is to prepare International Standards. However, a
technical committee may propose the publication of a technical report when it has collected
data of a different kind from that which is normally published as an International Standard, for
example "state of the art".
IEC 80001-2-5, which is a technical report, has been prepared by a joint working group of
subcommittee 62A: Common aspects of electrical equipment used in medical practice, of IEC
technical committee 62: Electrical equipment in medical practice and ISO technical committee
215: Health informatics.
IEC TR 80001-2-5:2014 © IEC 2014 – 5 –
The text of this technical report is based on the following documents:
Enquiry draft Report on voting
62A/943/DTR 62A/955/RVC
Full information on the voting for the approval of this technical report can be found in the
report on voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
Terms used throughout this technical report that have been defined in Clause 3 appear in
SMALL CAPITALS.
A list of all parts of the IEC 80001 series, published under the general title Application of risk
management for it-networks incorporating medical devices , can be found on the IEC website.
The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC website under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
A bilingual version of this publication may be issued at a later date.

IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
– 6 – IEC TR 80001-2-5:2014 © IEC 2014
INTRODUCTION
An increasing number of MEDICAL DEVICES are designed to exchange information electronically
with other equipment, including other MEDICAL DEVICES. Such information is frequently
exchanged through an information technology network (IT-NETWORK) that also transfers data
of a more general nature. IEC 80001-1:2010 addresses RISK MANAGEMENT of IT-NETWORKS
incorporating MEDICAL DEVICES.
ALARM SIGNALS are frequently used to indicate unsatisfactory physiological PATIENT states,
unsatisfactory functional states of the MEDICAL DEVICE or other parts of system to distribute
ALARM CONDITIONS, or to warn the OPERATOR of HAZARDS to the PATIENT or OPERATOR. The
ALARM CONDITIONS that cause these ALARM SIGNALS are often transmitted across the MEDICAL
IT-NETWORK, creating a system to distribute ALARM CONDITIONS.
A system to distribute ALARM CONDITIONS provides great benefits; however, as with any
technology, certain RISKS are introduced that can affect the three KEY PROPERTIES of SAFETY,
EFFECTIVENESS, and DATA AND SYSTEMS SECURITY.
This technical report is consistent with other guidance documents of this series [1][2][3][4][5] .
IEC
Figure 1 – Focus of this technical report
_____________
Numbers in square brackets refer to the Bibliography.

IEC TR 80001-2-5:2014 © IEC 2014 – 7 –
APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS
INCORPORATING MEDICAL DEVICES –

Part 2-5: Application guidance –
Guidance on distributed alarm systems

1 Scope
This part of IEC 80001, which is a technical report, gives guidance and practical techniques
for RESPONSIBLE ORGANIZATIONS, MEDICAL DEVICE manufacturers and providers of other
information technology in the application of IEC 80001-1:2010 for the RISK MANAGEMENT of
DISTRIBUTED ALARM SYSTEMS. This technical report applies to the transmission of ALARM
CONDITIONS between SOURCES, INTEGRATOR and COMMUNICATORS where at least one SOURCE is
a MEDICAL DEVICE and at least one communication path utilizes a MEDICAL IT-NETWORK.
This technical report provides recommendations for the integration, communication of
responses and REDIRECTION (to another OPERATOR) of ALARM CONDITIONS from one or more
SOURCES to ensure SAFETY and EFFECTIVENESS. DATA AND SYSTEMS SECURITY is an important
consideration for the RISK MANAGEMENT of DISTRIBUTED ALARM SYSTEMS. Figure 2 illustrates the
functions of a MEDICAL IT-NETWORK incorporating SOURCES, an INTEGRATOR and
COMMUNICATORS to distribute ALARM CONDITIONS.
IEC
NOTE This is a functional diagram and does not imply that these functions are in separate components. It is
possible for functionality to be provided in one or more components.
Figure 2 – Functions of a MEDICAL IT-NETWORK incorporating SOURCES,
an INTEGRATOR and COMMUNICATORS to distribute ALARM CONDITIONS

– 8 – IEC TR 80001-2-5:2014 © IEC 2014
The following is a typical chain of events. An event is detected by a SOURCE that initiates an
ALARM CONDITION. The SOURCE sends the ALARM CONDITION to the INTEGRATOR. Based on the
RESPONSIBLE ORGANIZATION-established assignment protocol, the INTEGRATOR directs the
ALARM CONDITION to the assigned COMMUNICATOR. The COMMUNICATOR generates the
appropriate ALARM SIGNALS. The INTEGRATOR now waits for an OPERATOR response from the
COMMUNICATOR or for the SOURCE to indicate that the ALARM CONDITION no longer exists.
If the COMMUNICATOR is capable of accepting a response and the OPERATOR responds, the
OPERATOR indicates that it either accepts or rejects responsibility for the ALARM CONDITION. If
the OPERATOR rejects the responsibility, the INTEGRATOR redirects the ALARM CONDITION to a
different COMMUNICATOR (i.e. a different OPERATOR) and might also escalate the priority of the
ALARM CONDITION. Eventually an OPERATOR accepts responsibility for the ALARM CONDITION.
When an OPERATOR has taken appropriate action, the ALARM CONDITION subsequently ends.
Alternately, the ALARM CONDITION could end without OPERATOR action in which case when the
SOURCE notifies the INTEGRATOR that the ALARM CONDITION is no longer present, the
INTEGRATOR instructs the COMMUNICATOR to stop generating ALARM SIGNALS. Should an ALARM
CONDITION remain uncorrected for an extended period of time, the ALARM SYSTEM should cause
the ESCALATION of the ALARM CONDITION, notify additional OPERATORS, etc.
EXAMPLE A pulse oximeter detects a low SpO level in the PATIENT, initiates an ALARM CONDITION and sends that
ALARM CONDITION to the INTEGRATOR via a MEDICAL IT-NETWORK. The INTEGRATOR then directs that ALARM CONDITION
to the COMMUNICATOR that is mapped to the clinical OPERATOR assigned to the PATIENT via a MEDICAL IT-NETWORK.
OPERATOR A responds by rejecting responsibility for the ALARM CONDITION. The COMMUNICATOR sends this response
information back to the INTEGRATOR, which then redirects the ALARM CONDITION to the COMMUNICATOR of clinical
OPERATOR B. OPERATOR B then accepts responsibility for the ALARM CONDITION. The COMMUNICATOR sends this
response information back to the INTEGRATOR, which then sends it back to the SOURCE causing an ALARM SIGNAL
inactivation state (e.g. AUDIO PAUSED) to be generated. OPERATOR B adjusts the oxygen concentration in the gas
going to the PATIENT and the ALARM CONDITION ceases (e.g. the event ends).
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and
are indispensable for its application. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any
amendments) applies.
NOTE 1 The way in which these referenced documents are cited in normative requirements determines the extent
(in whole or in part) to which they apply.
NOTE 2 Informative references are listed in the bibliography on page 37.
IEC 80001-1:2010, Application of risk management for IT-networks incorporating medical
devices – Part 1: Roles, responsibilities and activities
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
NOTE An index of defined terms is found beginning on page 38.
3.1
ALARM CONDITION
state of the ALARM SYSTEM when it has determined that a potential or actual HAZARDOUS
SITUATION exists for which OPERATOR awareness or response is required
Note 1 to entry: An ALARM CONDITION can be invalid, i.e. a FALSE POSITIVE ALARM CONDITION.
Note 2 to entry: An ALARM CONDITION can be missed, i.e. a FALSE NEGATIVE ALARM CONDITION.
[SOURCE: IEC 60601-1-8:2006 and IEC 60601-1-8:2006/AMD1:2012, 3.1]

IEC TR 80001-2-5:2014 © IEC 2014 – 9 –
3.2
ALARM SETTINGS
ALARM SYSTEM configuration, including but not limited to:
– ALARM LIMITS;
– the characteristics of any ALARM SIGNAL inactivation states; and
– the values of variables or parameters that determine the function of the ALARM SYSTEM
Note 1 to entry: Some algorithmically-determined ALARM SETTINGS can require time to be determined or re-
determined.
[SOURCE: IEC 60601-1-8:2006, 3.8]
3.3
ALARM SIGNAL
type of signal generated by the ALARM SYSTEM or COMMUNICATOR to indicate the presence (or
occurrence) of an ALARM CONDITION
[SOURCE: IEC 60601-1-8:2006, 3.9, modified – added 'or COMMUNICATOR'.]
3.4
ALARM SIGNAL GENERATION DELAY
time from the onset of an ALARM CONDITION to the generation of its ALARM SIGNAL(S)
[SOURCE: IEC 60601-1-8:2006, 3.10]
3.5
ALARM SYSTEM
parts of a MEDICAL DEVICE that detect ALARM CONDITIONS and, as appropriate, generate ALARM
SIGNALS
[SOURCE: IEC 60601-1-8:2006, 3.11, modified – The term MEDICAL DEVICE replaces
'ME EQUIPMENT or a ME SYSTEM'.]
3.6
COMMUNICATOR
COM
function that generates ALARM SIGNALS to notify an OPERATOR
Note 1 to entry: A COM can receive an OPERATOR response.
Note 2 to entry: An OPERATOR response is not limited to direct OPERATOR action.
3.7
DATA AND SYSTEMS SECURITY
operational state of a MEDICAL IT-NETWORK in which information assets (data and systems) are
reasonably protected from degradation of confidentiality, integrity, and availability
Note 1 to entry: Security, when mentioned in this standard, should be taken to include DATA AND SYSTEMS
SECURITY.
Note 2 to entry: DATA AND SYSTEMS SECURITY is assured through a framework of policy, guidance, infrastructure,
and services designed to protect information assets and the systems that acquire, transmit, store, and use
information in pursuit of the organization’s mission.
Note 3 to entry: For the purposes of this technical report, 'reasonably' should be interpreted to mean necessarily.
[SOURCE: IEC 80001-1:2010, 2.5, modified – a third note to entry has been added.]

– 10 – IEC TR 80001-2-5:2014 © IEC 2014
3.8
DISTRIBUTED ALARM SYSTEM
DAS
ALARM SYSTEM that involves more than one MEDICAL DEVICE intended for delivery of ALARM
CONDITIONS with technical confirmation
Note 1 to entry: The parts of a DISTRIBUTED ALARM SYSTEM can be widely separated in distance.
Note 2 to entry: A DISTRIBUTED ALARM SYSTEM is intended to notify OPERATORS of the existence of an ALARM
CONDITION.
Note 3 to entry: The requirements for a DAS are described in IEC 60601-1-8:2005 and
IEC 60601-1-8:2005/AMD1:2012, 6.11.2.2.1.
Note 4 to entry: For the purposes of this technical report, technical confirmation means that each element of a
DISTRIBUTED ALARM SYSTEM confirms or guarantees the successful delivery of the ALARM CONDITION to the next
element or appropriate TECHNICAL ALARM CONDITIONS are created as described in IEC 60601-1-8:2006 and
IEC 60601-1-8:2006/AMD1:2012, 6.11.2.2.1.
[SOURCE: IEC 60601-1-8:2006, 3.17, modified – Replaced ‘item of equipment of a ME
SYSTEM’ with ‘MEDICAL DEVICE’, added ‘intended for delivery of ALARM CONDITIONS with technical
confirmation’ and added notes to entry 2, 3 and 4.]
3.9
DISTRIBUTED ALARM SYSTEM WITH OPERATOR CONFIRMATION
CDAS
DISTRIBUTED ALARM SYSTEM that includes the capability to receive an OPERATOR response
3.10
DISTRIBUTED INFORMATION SYSTEM
DISTRIBUTED INFORMATION SYSTEM ABOUT ALARM CONDITIONS
DIS
system that involves at least one MEDICAL DEVICE that is intended to provide information about
ALARM CONDITIONS but does not guarantee delivery of that information
Note 1 to entry: A DIS is not intended to notify OPERATORS of the existence of an ALARM CONDITION as a RISK
CONTROL measure. A DIS is intended to provide information about an ALARM CONDITION to an OPERATOR that has
otherwise been made aware of the existence of the ALARM CONDITION by an ALARM SYSTEM.
Note 2 to entry: This is in terms of IEC 60601-1-8:2005 and IEC 60601-1-8:2005/AMD1:2012, 6.11.2.2.2, a
‘DISTRIBUTED ALARM SYSTEM not intended for confirmed delivery of ALARM CONDITIONS’.
3.11
EFFECTIVENESS
ability to produce the intended result for the PATIENT and the RESPONSIBLE ORGANIZATION
[SOURCE: IEC 80001-1:2010, 2.6]
3.12
ESCALATION
PROCESS by which an ALARM SYSTEM increases the priority of an ALARM CONDITION or increases
the sense of urgency of an ALARM SIGNAL
[SOURCE: IEC 60601-1-8:2006, 3.18]
3.13
FALSE NEGATIVE ALARM CONDITION
absence of an ALARM CONDITION when a valid triggering event has occurred in the PATIENT, the
equipment or the ALARM SYSTEM
Note 1 to entry: An ALARM CONDITION can be rejected or missed because of spurious information produced by the
PATIENT, the PATIENT-equipment interface, other equipment or the ALARM SYSTEM itself.

IEC TR 80001-2-5:2014 © IEC 2014 – 11 –
[SOURCE: IEC 60601-1-8:2006, 3.20, modified – replaced last ‘equipment’ with ‘ALARM
SYSTEM’ in the note to entry.]
3.14
FALSE POSITIVE ALARM CONDITION
presence of an ALARM CONDITION when no valid triggering event has occurred in the PATIENT,
ALARM SYSTEM
the equipment or the
Note 1 to entry: A FALSE POSITIVE ALARM CONDITION can be caused by spurious information produced by the
PATIENT, the PATIENT-equipment interface, other equipment or the ALARM SYSTEM itself.
[SOURCE: IEC 60601-1-8:2006, 3.21]
3.15
HARM
physical injury or damage to the health of people, or damage to property or the environment,
or reduction in EFFECTIVENESS, or breach of DATA AND SYSTEM SECURITY
[SOURCE: IEC 80001-1:2010, 2.8]
3.16
HAZARD
potential source of HARM
[SOURCE: IEC 80001-1:2010, 2.9]
3.17
HAZARDOUS SITUATION
circumstance in which people, property, or the environment are exposed to one or more
HAZARD(S)
[SOURCE: ISO 14971: 2007, 2.4]
3.18
HIGH PRIORITY
indicating that immediate OPERATOR response is required
Note 1 to entry: The priority is assigned through RISK ANALYSIS.
[SOURCE: IEC 60601-1-8:2006, 3.22]
3.19
INTEGRATOR
INT
SOURCES and COMMUNICATORS or to other
function that handles communication between
INTEGRATORS
Note 1 to entry: An INTEGRATOR can direct or redirect an ALARM CONDITION to another OPERATOR.
Note 2 to entry: An INTEGRATOR can send the acceptance of responsibility from a COMMUNICATOR to a SOURCE.
3.20
INTENDED USE
INTENDED PURPOSE
use for which a product, PROCESS or service is intended according to the specifications,
instructions and information provided by the manufacturer
[SOURCE: IEC 80001-1:2010, 2.10]

– 12 – IEC TR 80001-2-5:2014 © IEC 2014
3.21
IT-NETWORK
INFORMATION TECHNOLOGY NETWORK
a system or systems composed of communicating nodes and transmission links to provide
physically linked or wireless transmission between two or more specified communication
nodes
Note 1 to entry: Adapted from IEC 61907:2009, definition 3.1.1.
Note 2 to entry: The scope of the MEDICAL IT-NETWORK in this standard is defined by the RESPONSIBLE
ORGANIZATION based on where the MEDICAL DEVICES in the MEDICAL IT-NETWORK are located and the defined use of
the network. It can contain IT infrastructure, home health and non-clinical contexts. See also 80001-1:2010, 4.3.3.
[SOURCE: IEC 80001-1:2010, 2.12]
3.22
KEY PROPERTIES
three risk managed characteristics (SAFETY, EFFECTIVENESS, and DATA AND SYSTEMS SECURITY)
of MEDICAL IT-NETWORKS
[SOURCE: IEC 80001-1:2010, 2.13]
3.23
LOW PRIORITY
indicating that OPERATOR awareness is required
Note 1 to entry: The priority is assigned through RISK ANALYSIS.
[SOURCE: IEC 60601-1-8:2006, 3.27]
3.24
MEDICAL DEVICE
any instrument, apparatus, implement, machine, appliance, implant, in vitro reagent or
calibrator, software, material or other similar or related article:
a) intended by the manufacturer to be used, alone or in combination, for human beings for
one or more of the specific purpose(s) of:
– diagnosis, prevention, monitoring, treatment or alleviation of disease,
– diagnosis, monitoring, treatment, alleviation of or compensation for an injury,
– investigation, replacement, modification, or support of the anatomy or of a
physiological process,
– supporting or sustaining life,
– control of conception,
– disinfection of MEDICAL DEVICES,
– providing information for medical or diagnostic purposes by means of in vitro
examination of specimens derived from the human body; and
b) which does not achieve its primary intended action in or on the human body by
pharmacological, immunological or metabolic means, but which may be assisted in its
intended function by such means.
Note 1 to entry: The definition of a device for in vitro examination includes, for example, reagents, calibrators,
sample collection and storage devices, control materials, and related instruments or apparatus. The information
provided by such an in vitro diagnostic device may be for diagnostic, monitoring or compatibility purposes. In some
jurisdictions, some in vitro diagnostic devices, including reagents and the like, may be covered by separate
regulations.
Note 2 to entry: Products which may be considered to be MEDICAL DEVICES in some jurisdictions but for which
there is not yet a harmonized approach, are:
– aids for disabled/handicapped people;

IEC TR 80001-2-5:2014 © IEC 2014 – 13 –
– devices for the treatment/diagnosis of diseases and injuries in animals;
– accessories for MEDICAL DEVICES (see Note 3 to entry);
– disinfection substances;
– devices incorporating animal and human tissues which may meet the requirements of the above definition but
are subject to different controls.
Note 3 to entry: Accessories intended specifically by manufacturers to be used together with a ‘parent’ MEDICAL
DEVICE to enable that MEDICAL DEVICE to achieve its intended purpose should be subject to the same GHTF
procedures as apply to the MEDICAL DEVICE itself. For example, an accessory will be classified as though it is a
MEDICAL DEVICE in its own right. This may result in the accessory having a different classification than the ‘parent’
device.
Note 4 to entry: Components to MEDICAL DEVICES are generally controlled through the manufacturer’s quality
management system and the conformity assessment procedures for the device. In some jurisdictions, components
are included in the definition of a ‘medical device’.
[SOURCE: IEC 80001-1:2010, 2.14]
3.25
MEDICAL ELECTRICAL EQUIPMENT
ME EQUIPMENT
or transferring energy to or from the PATIENT or
electrical equipment having an applied part
detecting such energy transfer to or from the PATIENT and which is:
a) provided with not more than one connection to a particular supply mains; and
b) intended by its manufacturer to be used:
PATIENT; or
1) in the diagnosis, treatment, or monitoring of a
2) for compensation or alleviation of disease, injury or disability
Note 1 to entry: ME EQUIPMENT includes those accessories as defined by the manufacturer that are necessary to
enable the normal use of the ME EQUIPMENT.
Note 2 to entry: Not all electrical equipment used in medical practice falls within this definition (e.g. some in vitro
diagnostic equipment).
Note 3 to entry: The implantable parts of active implantable medical devices can fall within this definition, but they
are excluded from the scope of this standard (IEC 60601-1) by appropriate wording in Clause 1.
Note 4 to entry: This standard (IEC 60601-1) uses the term “electrical equipment” to mean ME EQUIPMENT or other
electrical equipment.
Note 5 to entry: See also IEC 60601-1:2005, 4.10.1, 8.2.1 and 16.3.
Note 6 to entry: ME EQUIPMENT is a MEDICAL DEVICE.
[SOURCE: IEC 60601-1:2005, 3.63, modified – Added Note 6 to entry.]
3.26
MEDICAL ELECTRICAL SYSTEM
ME SYSTEM
combination, as specified by its manufacturer, of items of equipment, at least one of which is
ME EQUIPMENT to be inter-connected by functional connection or by use of a multiple socket-
outlet
Note 1 to entry: Equipment, when mentioned in this standard, should be taken to include ME EQUIPMENT.
Note 2 to entry: An ME SYSTEM is a MEDICAL DEVICE.
[SOURCE: IEC 60601-1:2005, 3.64, modified – Added Note 2 to entry.]
3.27
MEDICAL IT-NETWORK
an IT-NETWORK that incorporates at least one MEDICAL DEVICE

– 14 – IEC TR 80001-2-5:2014 © IEC 2014
[SOURCE: IEC 80001-1:2010, 2.16]
3.28
MEDIUM PRIORITY
indicating that prompt OPERATOR response is required
Note 1 to entry: The priority is assigned through RISK ANALYSIS.
[SOURCE: IEC 60601-1-8:2006, 3.28]
3.29
NURSE CALL SYSTEM
system intended to call or search for requested persons or send information, including ALARM
CONDITIONS between individuals, including PATIENTS, and healthcare staff
Note 1 to entry: A NURSE CALL SYSTEM typically provides a REDIRECTION to help ensure timely action.
Note 2 to entry: In some jurisdictions based on the INTENDED USE, a NURSE CALL SYSTEM may be considered a
MEDICAL DEVICE.
3.30
OPERATOR
person handling equipment
[SOURCE: IEC 80001-1: 2010, 2.18]
3.31
PATIENT
living being (person or animal) undergoing a medical, surgical or dental procedure or
receiving other healthcare services
Note 1 to entry: A PATIENT can be an OPERATOR.
Note 2 to entry: PATIENT is also referred to as the subject of care.
[SOURCE: IEC 60601-1:2005 and IEC 60601-1:2005/AMD1:2012, 3.76, modified – Added ‘or
receiving other healthcare services’ and Note 2 to entry.]
3.32
PHYSIOLOGICAL ALARM CONDITION
ALARM CONDITION arising from a monitored PATIENT-related variable
EXAMPLE 1 High exhaled anaesthetic agent concentration.
EXAMPLE 2 Low exhaled tidal volume.
EXAMPLE 3 Low oxygen saturation measured by pulse oximetry.
EXAMPLE 4 High arterial pressure.
EXAMPLE 5 High heart rate.
[SOURCE: IEC 60601-1-8:2006, 2.31]
3.33
PROCESS
set of interrelated or interacting activities which transforms inputs into outputs
Note 1 to entry: The term “activities” covers use of resources.
[SOURCE: IEC 80001-1: 2010, 2.19]

IEC TR 80001-2-5:2014 © IEC 2014 – 15 –
3.34
REDIRECTION
means by which an INTEGRATOR provides a response hierarchy for directing an ALARM
CONDITION to a COMMUNICATOR or redirects an ALARM CONDITION to another COMMUNICATOR
3.35
RESPONSIBILITY ACCEPTED
state created by an OPERATOR response accepting ownership for addressing an ALARM
CONDITION
Note 1 to entry: A RESPONSIBILITY ACCEPTED can be used to initiate an ALARM SIGNAL inactivation state.
3.36
RESPONSIBILITY REJECTED
state created by an OPERATOR response rejecting ownership for addressing an ALARM
CONDITION
Note 1 to entry: A RESPONSIBILITY REJECTED can be used to initiate an ESCALATION or REDIRECTION.
3.37
RESPONSIBILITY UNDEFINED
state, automatically initiated when neither a RESPONSIBILITY ACCEPTED nor RESPONSIBILITY
REJECTED is received within a specified period, which indicates that an OPERATOR is not
responding
3.38
RESPONSIBLE ORGANIZATION
entity accountable for the use and maintenance of a MEDICAL IT-NETWORK
Note 1 to entry: The accountable entity can be, for example, a hospital, a private clinician or a telehealth
organization.
Note 2 to entry: Adapted from IEC 60601-1:2005, definition 3.101.
[SOURCE: IEC 80001-1:2010, 2.22]
3.39
RISK
combination of the probability of occurrence of HARM and the severity of that HARM
[SOURCE: IEC 80001-1:2010, 2.23]
3.40
RISK ANALYSIS
HAZARDS and to estimate the RISK
systematic use of available information to identify
[SOURCE: ISO 14971:2007, 2.17]
3.41
RISK CONTROL
process in which decisions are made and measures implemented by which RISKS are reduced
to, or maintained within, specified levels
[SOURCE: ISO 14971:2007, 2.19]
3.42
RISK MANAGEMENT
systematic application of management policies, procedures and practices to the tasks of
analysing, evaluating, controlling and monitoring RISK

– 16 – IEC TR 80001-2-5:2014 © IEC 2014
[SOURCE: IEC 80001-1:2010, 2.28]
3.43
SAFETY
freedom from unacceptable RISK of physical injury or damage to the health of people or
damage to property or the environment
[SOURCE: IEC 80001-1:2010, 2.30]
3.44
SEVERITY
measure of the possible consequences of a HAZARD
[SOURCE: ISO 14971:2007, 2.25]
3.45
SOURCE
SRC
function that has the capability to initiate an ALARM CONDITION
Note 1 to entry: The SOURCE can accept an assignment of responsibility.
3.46
TECHNICAL ALARM CONDITION
ALARM CONDITION arising from a monitored equipment-related or ALARM SYSTEM-related
variable
EXAMPLE 1 An electrical, mechanical or other failure.
EXAMPLE 2 Failure of a sensor or component (unsafe voltage, high impedance, signal impedance, artefact, noisy
signal, disconnection, calibration error, tubing obstruction, etc.).
EXAMPLE 3 An algorithm that cannot classify or resolve the available data.
EXAMPLE 4 A failure of a DISTRIBUTED ALARM SYSTEM, a system TECHNICAL ALARM CONDITION.
[SOURCE: IEC 60601-1-8:2006, 3.36, modified – Added Example 4.]
3.47
USE ERROR
act or omission of an act that results in a different MEDICAL DEVICE response than intended by
the manufacturer or expected by the user
Note 1 to entry: USE ERROR includes slips, lapses, and mistakes
Note 2 to entry: An unexpected physiological response of the PATIENT is not in itself considered a USE ERROR.
[SOURCE: IEC 62366:2007, 3.21, modified – Deleted note 2.]
4 Functions of the distribution of ALARM CONDITIONS
4.1 General
When a manufacturer chooses as a means of RISK CONTROL to have a MEDICAL DEVICE notify
the OPERATOR that a HAZARDOUS SITUATION can exist, then the MEDICAL DEVICE is expected to
include an ALARM SYSTEM for that purpose. The creation of ALARM CONDITIONS and the
notification of OPERATORS are a RISK CONTROL measure. If the OPERATOR is not effectively
notified, the RISK CONTROL measure is ineffective.

IEC TR 80001-2-5:2014 © IEC 2014 – 17 –
When ALARM CONDITIONS are distributed, the effectiveness of the ALARM SYSTEM can be
improved by employing the functions of SOURCES, INTEGRATOR and COMMUNICATORS in a
MEDICAL IT-NETWORK as described in this technical report.
4.2 SOURCES and their ALARM CONDITIONS
SOURCES are the part of the system for the distribution of ALARM CONDITIONS that have the
capability to initiate an ALARM CONDITION. They communicate ALARM CONDITIONS to an
INTEGRATOR. A SOURCE can receive an indication RESPONSIBILITY ACCEPTED originating at a
COMMUNICATOR (from an OPERATOR) that was transferred by an INTEGRATOR.
SOURCES can include, inter alia, MEDICAL DEVICES (e.g., MEDICAL ELECTRICAL EQUIPMENT and
in vitro diagnostics), fire alarm systems, call systems, and building security systems. Annex B
contains expanded information regarding types of SOURCES.
ALARM CONDITIONS can be classified into three types as follows:
a) TECHNICAL ALARM CONDITION;
EXAMPLE 1 A TECHNICAL ALARM CONDITION arising from a SOURCE indicating a technical problem with a
PATIENT measurement.
EXAMPLE 2 A TECHNICAL ALARM CONDITION arising from a SOURCE, INTEGRATOR, COMMUNICATOR or MEDICAL IT-
NETWORK indicating a technical problem with the equipment or communication capability.
b) PHYSIOLOGICAL ALARM CONDITION; and
c) other ALARM CONDITIONS, arising from other events.
EXAMPLE 3 ALARM CONDITION arising from a building security breach.
EXAMPLE 4 ALARM CONDITION arising from a personnel or service call.
EXAMPLE 5 ALARM CONDITION arising from notification of a critical lab result, medication arrival, or bed
availability.
An ALARM CONDITION can only originate from a SOURCE. Most MEDICAL DEVICES that have an
ALARM SYSTEM have both SOURCE and COMMUNICATOR functions as well as an INTEGRATOR
function.
4.3 INTEGRATOR
An INTEGRATOR is the part of the system for the distribution of ALARM CONDITIONS that
combines ALARM CONDITIONS from SOURCES, at least one of which is part of a MEDICAL DEVICE,
and handles the communication between those SOURCES and COMMUNICATORS. An INTEGRATOR
SOURCES and their ALARM CONDITIONS to specific COMMUNICATORS and can provide
can map
REDIRECTION to additional or different COMMUNICATORS based on the response or lack of
response from COMMUNICATORS.
4.4 COMMUNICATOR
A COMMUNICATOR is a part of a system that generates ALARM SIGNALS to alert an OPERATOR of a
situation that requires attention. A COMMUNICATOR can also process or direct an OPERATOR
response to the INTEGRATOR. An OPERATOR response need not be limited to direct OPERATOR
action and can be achieved by other means, e.g. an OPERATOR locator system.
LARM SIGNALS can be generated at various COMMUNICATORS:
A
a) MEDICAL ELECTRICAL EQUIPMENT and MEDICAL ELECTRICAL SYSTEMS:
ALARM SIGNALS compliant with IEC 60601-1-8;
EXAMPLE 1 Directly at the PATIENT bedside and/or at a central monitoring station.
b) general IT equipment and software;

– 18 – IEC TR 80001-2-5:2014 © IEC 2014
EXAMPLES 2 Voice terminals, smart phones, PCs, tablets.
c) MEDICAL DEVICES, other than MEDICAL ELECTRICAL EQUIPMENT or MEDICAL ELECTRICAL
SYSTEMS.
NOTE This category includes software-only MEDICAL DEVICES.
In all cases, the COMMUNICATOR needs to be in compliance with IEC 60601-1-8 when it is
generating ALARM SIGNALS for MEDICAL ELECTRICAL EQUIPMENT.
4.5 MEDICAL IT-NETWORK
In the system for the distribution of ALARM CONDITIONS, a MEDICAL IT-NETWORK is a general
purpose linking communications network consisting of hard-wired or wireless transmissions
between two or more specified functions of the system for the distribution of ALARM
CONDITIONS.
5 Types of systems for distributing ALARM CONDITIONS
5.1 General
The RESPONSIBLE ORGANIZATION should consider which performance properties are needed to
support the desired clinical workflow. Based on their needs, the RESPONSIBLE ORGANIZATION
should select the appropriate system from the following:
– DISTRIBUTED INFORMATION SYSTEM ABOUT ALARM CONDITIONS (DIS);
– DISTRIBUTED ALARM SYSTEM (DAS);
– DISTRIBUTED ALARM SYSTEM WITH OPERATOR CONFIRMATION (CDAS).
A general comparison of the properties of these types of systems is found in Table 1.
Table 1 – General comparison of
system properties for ALARM CONDITION integration
System properties
Delivery of
Direction/
ALARM Prioritization Collection of
Type of system
REDIRECTION
CONDITIONS with of ALARM OPERATOR
of ALARM
technical CONDITIONS response
CONDITION
confirmation
DIS
DISTRIBUTED INFORMATION SYSTEM
 X X ?
ABOUT ALARM CONDITIONS
EXAMPLES Pager, E-Mail, SMS.
DAS
DISTRIBUTED ALARM SYSTEM
NOTE Minimium requirements
X X ? 
according to IEC 60601-1-8.
EXAMPLE PATIENT monitor
connected to a
...