本文件提供了健康软件和健康IT系统的原则、概念、术语和定义，以及从概念到退役的整个生命周期的安全性、有效性和安全性的关键属性，如图1所示。它还确定了生命周期中发生责任转移的过渡点，以及在这些过渡点所需的多边沟通类型。本文件还为其他标准建立了一致的概念和术语，这些标准涉及健康软件和健康IT系统的安全性、有效性和安全性（包括隐私）的特定方面
本文件适用于涉及健康软件和健康IT系统生命周期的所有各方，包括: a） 设计、开发、集成、实施和操作健康软件和健康IT系统的组织、健康信息学专业人士和临床领导者，例如健康软件开发商和医疗设备制造商、系统集成商、系统管理员（包括云和其他IT服务提供商）
b） 医疗服务提供组织、医疗服务提供者和其他使用医疗软件和医疗IT系统提供医疗服务的人
c） 政府、卫生系统资助者、监测机构、专业组织和客户希望对一个组织持续提供安全、有效和安全的卫生软件、卫生IT系统和服务的能力有信心；
d） 通过对安全、有效性和安保管理中使用的概念和术语的共同理解，寻求在管理安全、有效性和安保风险方面改善沟通的组织和相关方
e） 为健康软件和健康IT系统提供安全、有效性和安全风险管理方面的培训、评估或建议
f） 相关安全、有效性和安全标准的开发者。

This document provides the principles, concepts, terms and definitions for health software and health IT systems, key properties of safety, effectiveness and security, across the full life cycle, from concept to decommissioning, as represented in Figure？1. It also identifies the transition points in the life cycle where transfers of responsibility occur, and the types of multi-lateral communication that are necessary at these transition points. This document also establishes a coherent concepts and terminology for other standards that address specific aspects of the safety, effectiveness, and security (including privacy) of health software and health IT systems.
This document is applicable to all parties involved in the health software and health IT systems life cycle including the following:
a) Organizations, health informatics professionals and clinical leaders designing, developing, integrating, implementing and operating health software and health IT systems a？for example health software developers and medical device manufacturers, system integrators, system administrators (including cloud and other IT service providers);
b) Healthcare service delivery organizations, healthcare providers and others who use health software and health IT systems in providing health services;
c) Governments, health system funders, monitoring agencies, professional organizations and customers seeking confidence in an organizationa？s ability to consistently provide safe, effective and secure health software, health IT systems and services;
d) Organizations and interested parties seeking to improve communication in managing safety, effectiveness and security risks through a common understanding of the concepts and terminology used in safety, effectiveness and security management;
e) Providers of training, assessment or advice in safety, effectiveness and security risk management for health software and health IT systems;
f) Developers of related safety, effectiveness and security standards.