By John Noblitt, MAEd, CBETICC Prep JohnNoblitt

Over the years, much has been written about the standard sections of the CBET exam, such as anatomy and physiology, electronics, medical devices, and problem-solving. As mentioned in my last article, more attention may need to be devoted to the new section of the exam concerned with health care information technology. This topic will need to be explored further for exam takers to do well on this portion of the test.

Here I will touch on a couple of areas I have not written about before in the ICC Prep column. I should note that other authors with more experience in these areas, such as Jeff Kabachinski, have covered this area extensively. Personally, I would not consider taking the CBET exam without reading all of his 24×7 Networking columns.

Medical Device Data Systems

First, let us look at the FDA’s MDDS rule, concerned with medical device data systems. The FDA describes MDDS as any hardware or software that transfers, stores, converts, formats, and displays medical device data. For example, suppose you are working on a central monitoring network and you have to switch out a bedside monitor. The network cannot recognize the new monitor unless it knows the unit’s IP address. Even as a technician, if you have to make changes in the IP address of the bedside unit, you have become an MDDS manufacturer—or at least the facility you work for has now become a manufacturer.

Why is this? In the MDDS Final Rule, the FDA classifies as a manufacturer anyone that is engaged in “modifying a general purpose IT equipment/software or infrastructure for purposes of interfacing with medical devices and performing functionality described in the MDDS rule (transfer, store, display, or convert data).” This information could be used to formulate a question on the CBET exam. Therefore, knowing what MDDS stands for and how it can affect the role of a biomedical technician could be extremely important.


Another key topic worth mentioning is IEC 80001-1. This is an evolving standard that addresses the application of risk management for networks that incorporate medical devices. With more and more interconnectivity between networked devices, this is an increasing area of concern in the health care delivery system. This standard is designed to help health care providers identify and manage new risks associated with this trend. That, in turn, makes this an increasing area of concern for CBET test takers as well.

All test takers should know the three key risks this standard is attempting to manage: safety, effectiveness, and data and system security. As Elliot B. Sloane of Drexel University has stated, safety encompasses preventing injury or damage to people, property, or the environment; effectiveness is the ensuring that the intended result is produced; and data and system security means that system information is reasonably protected from compromises to confidentiality, integrity, and availability. More information is available from IEC 80001-2, a guidance document that outlines a step-by-step process for implementing the IEC 80001-1 standard.

Protected Information

A third area test takers should be prepared for is the Health Insurance Portability and Accountability Act of 1996, or HIPAA. Although all health care providers are trained in these regulations, test takers must be sure they understand how this information may be integrated into the test. HIPAA provides guidance on electronic health information privacy policies. These policies must be integrated into electronic medical records for future use in the health care delivery system in the United States.

One subject the test might cover could be what electronic medical information is protected under this law. The department of Health and Human Services, which enforces HIPAA, deems individually identifiable health information to be protected. The agency defines that term as any information that includes demographic information, that relates to physical or mental health or the provision of, or payment for, health care, and that may identify an individual. HIPAA requires removal of identifiers in an electronic medical record, such as names, locations, dates, and social security numbers. By contrast, the agency does not consider employment records and records associated with the Family Education Rights and Privacy Act (FERPA) to be protected information.


Finally, test takers should be familiar with the Digital Millennium Copyright Act of 1998, or DMCA. This act criminalizes the production and dissemination of technology, devices, or services intended to circumvent measures that control access to copyrighted works. It would be wise to know what DMCA stands for and how it applies in the world of a BMET.

AAMI publishes a study guide, BMET Study Guide: Preparing for Certification and Sharpening Your Skills, which encompasses all the topics I have discussed here.

It is my hope you find this information useful in your journey to become certified. 24×7 ICC Prep, June 2013

John Noblitt, MAEd, CBET, is the BMET program director at Caldwell Community College and Technical Institute, Hudson, NC. For more information, contact [email protected]



1) Protection of copyrighted material is provided by which act?
c) HHS
d) CMS

2) Which government agency oversees MDDS?
b) FDA

3) Which standard oversees risk management of medical devices found on a network?
a) IEC 6000
c) IEC 8001-1
d) NFPA 99

4) Protected health information as described by HIPAA includes which of the following?
a) Safety, effectiveness, data, and security
b) Name, location, and social security number
c) Disease and outcome
d) Employment records

Answers: 1–a; 2–b; 3–c; 4–b.