This document provides the principles, concepts, terms and definitions for health software and health IT systems, key properties of safety, effectiveness and security, across the full life cycle, from concept to decommissioning, as represented in Figure 1. It also identifies the transition points in the life cycle where transfers of responsibility occur, and the types of multi-lateral communication that are necessary at these transition points. This document also establishes a coherent concepts and terminology for other standards that address specific aspects of the safety, effectiveness, and security (including privacy) of health software and health IT systems.

This document is applicable to all parties involved in the health software and health IT systems life cycle including the following:

a) Organizations, health informatics professionals and clinical leaders designing, developing, integrating, implementing and operating health software and health IT systems – for example health software developers and medical device manufacturers, system integrators, system administrators (including cloud and other IT service providers);

b) Healthcare service delivery organizations, healthcare providers and others who use health software and health IT systems in providing health services;

c) Governments, health system funders, monitoring agencies, professional organizations and customers seeking confidence in an organization’s ability to consistently provide safe, effective and secure health software, health IT systems and services;

d) Organizations and interested parties seeking to improve communication in managing safety, effectiveness and security risks through a common understanding of the concepts and terminology used in safety, effectiveness and security management;

e) Providers of training, assessment or advice in safety, effectiveness and security risk management for health software and health IT systems;

f) Developers of related safety, effectiveness and security standards.