IEC/SC 62A - Common aspects of electrical equipment used in medical practice

This document specifies terminology, principles and a process for risk management of medical devices, including software as a medical device and in vitro diagnostic medical devices. The process described in this document intends to assist manufacturers of medical devices to identify the hazards associated with the medical device, to estimate and evaluate the associated risks, to control these risks, and to monitor the effectiveness of the controls. The requirements of this document are applicable to all phases of the life cycle of a medical device. The process described in this document applies to risks associated with a medical device, such as risks related to biocompatibility, data and systems security, electricity, moving parts, radiation, and usability. The process described in this document can also be applied to products that are not necessarily medical devices in some jurisdictions and can also be used by others involved in the medical device life cycle. This document does not apply to: — decisions on the use of a medical device in the context of any particular clinical procedure; or — business risk management. This document requires manufacturers to establish objective criteria for risk acceptability but does not specify acceptable risk levels. Risk management can be an integral part of a quality management system. However, this document does not require the manufacturer to have a quality management system in place. NOTE Guidance on the application of this document can be found in ISO/TR 24971[9].

This document focuses on remote maintenance services (RMS) for information systems in healthcare facilities (HCFs) as provided by vendors of medical devices and health information systems. This document specifies the risk assessment necessary to protect remote maintenance activities, taking into consideration the special characteristics of the healthcare field such as patient safety, regulations and privacy protections. This document provides practical examples of risk analysis to protect both the HCF and RMS provider information assets in a safe and efficient (i.e. economical) manner. These assets are primarily the information system itself and personal health data held in the information system.

IEC TR 62366-2:2016(E), which is a Technical Report, contains background information and provides guidance that addresses specific areas that experience suggests can be helpful for those implementing a USABILITY ENGINEERING (HUMAN FACTORS ENGINEERING) PROCESS both as defined in IEC 62366-1:2015 and as supporting goals other than SAFETY. This technical report is not intended to be used for regulatory purposes. It contains no requirements and only provides guidance and tutorial information.