UL 2800-1-1:2022 free download

UL 2800-1-1:2022 free download STANDARD FOR SAFETY Risk Concerns for Interoperable Medical Products
a) Medical data, including physiological readings, gathered by an interoperable medical system and supplied to the operator or external systems to support present or future care-giving is not linked to a patient identity or is linked to an incorrect patient identity, causing care-givers to provide inappropriate care based on incorrect assumptions about the patient’s current state or history.
b) The patient data and associated patient identity is inappropriately disclosed to actors that are not authorized to acquire the patient identity, leading to loss of confidentiality for the patient.
5.2.2.2 The following interoperable system-level objectives shall be considered in the formation of the interoperable item SSOs:
a) While an interoperable medical system is supporting care-giving for a patient, all constituents of the interoperable medical system that have a patient identity storage capability, hold an identifier corresponding to the organization’s patient identifier for the patient under care.
b) Caregiving decisions (either by an interoperable medical system operator or by an interoperable medical system constituent) are based on patient data that has accompanying context information that correctly identifies the patient to which the data pertains.
c) When the interoperable medical system is not associated with a patient, no patient data or identifier for the patient is held in the state of the interoperable medical system or its constituent components, except for:
1) Forensic information that is the subject of confidentiality risk management; or
2) Data held in storage designed as a patient information system that is the subject of appropriate controls. d) When the interoperable medical system is associated with a patient, no identity-linked patient data within the system is communicated to actors that are not authorized to access identity-linked data for the patient under care.
e) The instructions for use of the interoperable medical system include documentation concerning assumed identity management objectives within the operating organization that may produce a machine-readable identifier that uniquely identifies the patient within the scope of patients managed by the organization.
5.2.3 Operator identity, authentication, and authorization
5.2.3.1 The following interoperable medical system-level risk concerns shall be considered in interoperable item risk management:
a) The specific operator responsible for particular actions that gives rise to patient harm or uncontrolled information disclosure cannot be identified during or after the action (e.g., inappropriate or malicious);
b) Unauthenticated operators may, lacking appropriate physical access controls, gain access to the interoperable medical system and claim any identity, leading to actions (e.g., inappropriate or malicious) that give rise to patient harm or uncontrolled information disclosure;
c) Unauthorized commands or access to data may, lacking appropriate physical access controls, allow unqualified or inappropriate operators to issue commands (e.g., inappropriate or malicious) that give rise to patient harm, or access data which is beyond the scope of their responsibilities, leading to uncontrolled information disclosure;
d) Data (e.g., physician orders or patient notes), metadata (e.g., timestamps, attesting to the freshness of information), and/or commands (e.g., direct device commands to start, stop, or