Are we on the on the same page here? Navigating the World of Standards in the Medical IT networks and Health Information technology systems

Article written by Dr Silvana MacMahon, Assistant Professor at the Dublin City University

When I travelled to Italy when I was eight years old, I became aware of the importance of language and terminology and by that, I mean that I realised that if I wanted ice-cream that I had to say “gelato” rather than ice-cream! I was fascinated by the fact that when I used these words that people understood what I meant and that there were different words for the same thing. This trip sparked my interest in studying languages and I went on to study French and Italian at University.  I quickly realised that these studies meant more than just getting to grips with different words as I grappled with grammar and sentence structure, medieval language in the form of Dante’s Inferno and French existentialist philosophy, Camus and Sartre.  Though I enjoyed the challenge of all of this it was far removed from what I had envisaged when I started which was really just to be able to communicate on an everyday level with people in another language. I was on some level quite relieved when my studies were over, and I started to work in industry as I thought it would be easier as we would all be speaking the same language, but I quickly found out that things weren’t that easy. 

As a “user acceptance test lead”, I quickly found that, somewhat unexpectedly, I had a role of a “translator”. I occupied the middle ground, between the business team and the IT team, translating business needs into IT requirements and explaining technical complexities to business teams. I really enjoyed the role. I got to speak to people in all parts of the business and see how their business processes were supported by the technology put in place in the organisation. I learned how to communicate in different settings, different teams, different priorities, different terminology and I got to see first-hand how all parts of the organisation worked. Unfortunately, the organisation closed but this, fortunately, gave me the opportunity to financially be able to return to education.

My next round of studies were intended to formalise my experience in software testing, project management and business analysis as I took on a higher diploma in this area, and were intended to last a year, but I did well in my studies and then got funded to undertake a PhD. My topic was looking at how hospitals could manage the risks associated with placing a medical device onto an IT network. My research was conducted in collaboration with the standardisation community and ultimately, my research was published as a technical report in the family of standards focused on this area. So, on the surface the topic seems unrelated to my experience, but yet again I found that language and terminology played a crucial part in the development of the report.

My research involved going into hospitals and speaking to people from different departments in the hospital who needed to come together to manage the risks around these devices. My initial conversations were quite difficult. I was coming from a business and acceptance testing background, and I was speaking with clinical engineers, clinical staff, administrative and IT staff. The first thing that we stumbled on was yet again an issue of language. The work risk. Seems simple enough, we are all speaking the same language, right? Wrong! To clinical staff, when you say “risk” they think of risk to patient safety. When you say risk to a clinical engineer, they think of patient safety but in the context of the devices that they manage. Hospital administrative staff tend to think of risk in terms of legal implications of the risk and IT teams tend to think of risk as the risk to the IT system or network that they manage. 

So I asked “how do we manage risk it we are not all talking about the same thing”?

This is where the standards come into play. The Standard (IEC 80001-1) served as a tool to enable these different risk management stakeholders with very different perspectives (that had been shaped by their own experiences and priorities) to come together and arrive at a shared understanding of not only the terminology associated with the management of risk but also how the processes around the management of these risk should be undertaken and their respective responsibilities in managing these risks. In discussing the requirements of the standards several key learnings were shared.

Firstly, that common understanding of terms and terminology is an entry point to the process and can be facilitated using standards and adoption of standard terms and terminology. These discussions should be a precursor to any risk management initiatives. Secondly, effective risk management requires the convening and ongoing commitment of a multi-disciplinary team comprised of all risk management stakeholders. We need to form a team where all perspectives are represented and use the standard to solidify and drive engagement so that team members are aware of and committed to their responsibilities on an ongoing basis. And finally, that in most cases that when the requirements of such standards are discussed, that often the requirements of the standard are already being implemented within the organisation. 

They may be described differently or may need to be formalised in the way that they are recorded but most of the efforts required are in reuse and formalisation of existing processes. By aligning existing processes with the requirements of the standard, organisations are able to demonstrate an incremental increase, immediately and over time, in the capability of their risk management processes leading to safer, more effective and more secure Medical IT networks and Health Information technology systems. 

And all it takes is a little translation and for them to get on the same “standard” page.!