Modern Medical Information Systems very often comprise Medical Devices and governed by regulations which require stringent Risk Management activities to be implemented to minimize the occurrence of safety risks. Currently, the reference standard adopted by manufacturers for Risk Management is ISO 14971, which, however, was devised for traditional (mostly hardware) Medical Devices and does not either take into account the peculiarities of modern Medical Information Systems, or define a formal methodology to conduct Risk Assessment. Moreover, the approaches currently implemented by manufacturers typically aims at obtaining qualitative Risk Assessment results. Within the so-delineated application scenario, this paper proposes a methodology for the Dynamic Probabilistic Risk Assessment of Medical Information Systems, by specifically looking at medical devices that are intended as one of the most relevant components in such systems. The methodology complies with ISO 14971 and improves current practices because it allows the analyst to conduct a quantitative analysis, also taking into account the temporal dimension. It relies on a Probabilistic Risk Model, defined as a set of Markov Models, which is model-checked to obtain quantitative information about the risks. The proposed methodology is also adopted to improve definitively the Medical Device post-market surveillance, which is currently implemented as a wait for an incident activity.
Read full abstract