Safety first! managing risks for a daisy chain of medical devices connected to the IT-network - first experiences applying IEC 80001-1.

The best way to ensure patient safety is to eliminate errors. To avoid errors and resulting harm from medical devices, there are rules and laws in Germany to ensure a certain quality and process [1,2]. This does not cover scenarios where devices are connected to a data network, forming a medical IT network. Arising risks need to be addressed by operating organizations, such as hospitals. International standard IEC 80001-1 offers a process for this and defines roles and responsibilities [3]. The aim of our study was to assess the application of risk management for a small initial project. We studied a daisy chain of medical devices connected to the IT network. The number of involved proprietary protocols and interface-definitions complicates the risk management, if just for the number of involved manufacturers. Identified risks could all be addressed and did not block the setup's deployment. Risk management creates an extra effort, but can reduce harm and potential financial liabilities. We can recommend starting with small projects to familiarize with the process.