In the past, health-related software was primarily applied to relatively non-critical administrative functions and clinical decision support systems tended to be relatively simple and understandable in their logic and used as a background adjunct to decisions, rather than a major influence on which to rely routinely. So the potential for harm to the patient, as distinct from disruption to the organization, was low.

But this has substantially changed and the nature of these changes will increase the potential for risks to patients. Incidents where health software has caused harm to, or the premature death of, patients has severely affected the trust of the general public. They expect such software to be safe for its purpose. These incidents have also had consequences on the reputation of health organizations or led to substantial legal damages.

The new technical report ISO/TR 27809:2007, Health informatics – Measures for insuring patient safety of health software considers the control measures required to ensure patient safety in respect to health software products and the standards needed to underpin them. Its scope is intended to cover those health software products which are not, in practice, covered by medical device regulations.

Chief Executives and others responsible for healthcare organizations need to recognise that:

  • health software products have the potential to harm patients;
  • this potential is growing as the complexity of implementations grows;
  • healthcare organizations are increasingly reliant on health software products;
  • standards for manufacture and use need to be created and adhered to if harm is to be avoided

Manufacturers need to recognize that:

  • controls needs to be exerted over the conception, design, production and deployment of health software and standards are required for all of these aspects including quality control and risk management;
  • such controls are likely in the future to be demanded by customers and regulators.

The technical report considers the standards which will be necessary if health software safety is to be ensured through controls exerted throughout a products life cycle. As it is starting point it considers the standards and controls applied to medical devices and offers practical solutions for how to adapt them to health software products.

ISO/TR 27809:2007, Health informatics – Measures for insuring patient safety of health software, costs 132 Swiss francs and is available from national member institutes (see the complete list with contact details) and ISO Central Secretariat.