Tips for selecting an effective HTM risk management solution

by Lauren Dubinsky, Senior Reporter | November 17, 2020
From the November 2020 issue of HealthCare Business News magazine

It’s important for clinical engineers and biomedical teams to assess their medical device security program and select a risk management solution for their connected devices. During an AAMI Summer Learning Series session, an integrated delivery network, software solution provider and service provider discussed the best way to go about doing just that.

Cory Brennan, attorney and security adviser at Hall Render Advisory Services, started things off by describing an ideal risk management program.

A risk management program should provide:
– an active, up-to-date inventory of all connected devices and a vast amount of attributes for each of those devices, including their specific risk profiles.
– vulnerability and risk prioritization, which includes identifying all active vulnerabilities affecting a connect device and analyzing how those vulnerabilities could be exploited and what the impact of that is.
– the means to contain and segment a device on the network to isolate it from other devices if its risk profile requires it.
– a consistent anomaly and event detection, as well as continuous intrusion monitoring.
– communication to the health system to notify the right the team when anomalous behavior has been discovered on the network or from a medical device, analyze the risk factors of that anomalous behavior and provide risk mitigation options right off the bat.
– assistance with recovery measures after responding to an event or an incident, as well as identifying areas of opportunity for improvement in response time and communication protocols.

“After a program assessment has been completed and the results have been reviewed, including any gaps identified, the health system should begin to remediate those gaps and to incorporate security best practices into their overall medical device management program,” said Brennan.

You can then use that program assessment to assemble a team and develop a set of use case criteria to evaluate and select a risk management solution. This involved assembling a team of diverse experts, reviewing proposals from a variety of vendors, doing demonstrations, performing a final evaluation internally and then awarding a contract.

“One of the things I recommend is to discuss a detailed implementation plan or project plan with the vendor before you sign a contract, because that is where you have the most opportunity to leverage what you want out of that partnership,” said Priyanka Upendra, quality and compliance director at Banner Health.

Sofiia Sovchenko

re: Tips for selecting an effective HTM risk management solution

January 02, 2024 02:42

Thank you, DOTmed News, for addressing the crucial topic of selecting an effective Healthcare Technology Management (HTM) risk management solution. The insights provided by Cory Brennan on an ideal risk management program for connected medical devices are invaluable for clinical engineers and biomedical teams.

In alignment with this discussion, I'd like to recommend an article that delves into the intricacies of medical device integration with Electronic Health Records (EHR): This piece offers additional perspectives on how seamless integration contributes to effective healthcare technology management.

Your focus on guiding professionals in the assessment of medical device security programs is commendable, and I appreciate the depth of information provided in your article.

Log inor Register

to rate and post a comment



Torrey Hughes

ICU Medical EHR Integration

November 17, 2020 11:59

We have a set of three brand new Hospira/ICUmedical Lifecare PC 7.0 IV Infusion Pump Controllers available. These were the first units produced in 2017 with EHR (Electronic Health Record) integration. Are there many healthcare systems using this platform and protocol?

Log inor Register

to rate and post a comment

You Must Be Logged In To Post A Comment