Wayne, Pennsylvania, USA—November 2014—The Clinical and Laboratory Standards Institute (CLSI) has released an updated document, Information Technology Security of In Vitro Diagnostic Instruments and Software Systems; Approved Standard—Second Edition (AUTO11-A2). This document provides a framework for communication of information technology security issues between the in vitro diagnostic (IVD) system vendor and the health care organization.
The second edition of this standard includes an increased emphasis on computer, or cyber, security within the health care system. A cyber attack could adversely impact the operation of an IVD system, the delivery of results by an IVD system, the effectiveness of the results generated by an IVD instrument, and safety of the operator controlling the IVD instrument. These problems could all lead to patient safety issues, making information technology security a concern for all IVD vendors and health care providers.
“AUTO11-A2 provides the guidance and direction that IVD vendors need to protect the confidentiality, integrity, and availability of their IVD systems,” highlights Ed Heierman III, PhD, Chairholder of the Document Development Committee on IT Security of IVD Instruments, and the Informatics Software Architect of Systems Development & Core R&D at Abbott Diagnostics Division in Irving, Texas, USA. “AUTO11 recognizes that all IVD systems are not the same, so categories of requirements and their applicability have been established based on specific IVD system capabilities. By using these categories, vendors can tailor the use of AUTO11 to their IVD system.”
This edition of AUTO11 aligns the standard with new technology and best practices that have emerged since the last publication in 2006. For example, AUTO11-A2 includes guidance on cloud-based software and mobile devices. The standard is intended for use by vendors (IVD system manufacturers), users (eg, laboratory personnel), and information technology management of health care organizations.
Notably, in October 2014, the FDA released a document titled Premarket Submissions for Management of Cybersecurity in Medical Devices – Guidance for Industry and Food and Drug Administration Staff. This FDA guidance document lists AUTO11 as a recognized consensus standard for information technology and medical device security.
CLSI is a not-for-profit membership organization that brings together the varied perspectives and expertise of the worldwide laboratory community for the advancement of a common cause: to foster excellence in laboratory medicine by developing and implementing clinical laboratory standards and guidelines that help laboratories fulfill their responsibilities with efficiency, effectiveness, and global applicability. For additional information, visit the CLSI website at www.clsi.org or call 610.688.0100.