Revising IEC 80001-1: Risk management of health information technology systems

•The management of chronic disease has increased the focus of providing a high standard of care to patients while reducing costs.•Networked medical devices can provide benefits to patients but can also increase the risk of incorrect operation of the device and increase the risk to patients.•IEC 80001-1 has been published to address these risks but the standard is thought to be complex and is not widely adopted.•Revising the standard to follow Annex SL of the ISO directives and the structure of the draft of ISO 31000 may address the issues of adoption of the standard by integration with existing processes within the HDO. IEC 80001-1 was published in 2010 and is now undergoing revision. Feedback gathered on the adoption of the standard has revealed a number of barriers that have impacted its adoption. The standard provides requirements related to the roles, responsibilities and activities that need to be performed for the risk management of medical IT networks. One reported barrier is a lack of drivers to motivate Top Management to implement the standard. In addition, there is a lack of alignment between IT and biomedical engineering departments within hospitals. Finally, the IEC 80001-1 standard was considered to be too complicated and complex to implement. This paper presents the barriers identified in the feedback and presents an approach to the revision of the standard as a process based standard following the structure outlined in ISO/IEC Directives Annex SL and aligned risk management standards as a means to overcome these barriers.