Advanced

Software Risk Management in the Safety-critical Medical Device Domain - Involving a User Perspective

Lindholm, Christin LU (2015)
Abstract
There is a thin line between life and death. In the medical domain, risk management can be an instrument that helps the development organisations to develop safer medical devices. A medical device that fails can bring harm to both patients and medical staff. The medical device domain is a complex field where there are several characteristics contributing to the complexity. Many of the functions performed by medical devices and systems are affecting human lives, directly when the devices are used in treatment and indirectly when the devices are used in monitoring.

In the risk management process a major challenge is to assure safety and prevent the patients and the medical staff from harm. The process is a dynamic process and it is... (More)
There is a thin line between life and death. In the medical domain, risk management can be an instrument that helps the development organisations to develop safer medical devices. A medical device that fails can bring harm to both patients and medical staff. The medical device domain is a complex field where there are several characteristics contributing to the complexity. Many of the functions performed by medical devices and systems are affecting human lives, directly when the devices are used in treatment and indirectly when the devices are used in monitoring.

In the risk management process a major challenge is to assure safety and prevent the patients and the medical staff from harm. The process is a dynamic process and it is necessary to manage risk throughout the whole lifecycle of the medical device in order to avoid potential hazardous situations over time.

The main goals of the research effort in this thesis are to integrate users and user perspective in the software risk management process in the medical device domain, and to develop a new risk management process involving a user perspective.

This thesis is based on empirical research with both qualitative and quantitative approaches. The research contains a survey presenting the characteristics of the state of practice of software development in the context of the medical devices and systems. One part of the survey focuses on quality assurance of software, risk management, and the developers’ conception of safety criticality of software. The conception of risk was further investigated in two controlled experiments. The identified challenges and experiences from the survey and the experiments were utilized after that in three case studies.

A new software risk management process, RiskUse, was derived from the experiences and conclusions gained from two of the three case studies. In the first case study was the risk management process studied and in the second case study the introduction of usability testing included the risk management process. The aim of RiskUse is to support software risk management activities in the medical device domain and to bring in an emphasised user perspective into the risk management process. Finally, the first version of RiskUse was empirically evaluated in the third last case study. The research was conducted as action research with the aim to evaluate the user perspective parts of the new risk management process.

In conclusion RiskUse, is found, in the studied cases, to support the practitioners in their work with user risks and risk management. (Less)
Please use this url to cite or link to this publication:
author
supervisor
opponent
  • Paech, Barbara, University of Heidelberg, Germany
organization
publishing date
type
Thesis
publication status
published
subject
keywords
Software development, Medical device development, User perspective, Risk management, Usability testing
defense location
Lecture hall E:1406, E:building, Ole Römers väg 3, Lund University, Faculty of Engineering, LTH.
defense date
2015-03-06 10:15
ISSN
1404-1219
ISBN
ISBN 978-91-7623-219-4 (printed version)
ISBN 978-91-7623-220-0 (electronic version)
language
English
LU publication?
yes
id
ddcd77eb-8289-410f-94b6-ab7570ee9680 (old id 5041791)
date added to LUP
2015-02-03 13:28:52
date last changed
2016-09-19 08:45:00
@phdthesis{ddcd77eb-8289-410f-94b6-ab7570ee9680,
  abstract     = {There is a thin line between life and death. In the medical domain, risk management can be an instrument that helps the development organisations to develop safer medical devices. A medical device that fails can bring harm to both patients and medical staff. The medical device domain is a complex field where there are several characteristics contributing to the complexity. Many of the functions performed by medical devices and systems are affecting human lives, directly when the devices are used in treatment and indirectly when the devices are used in monitoring. <br/><br>
In the risk management process a major challenge is to assure safety and prevent the patients and the medical staff from harm. The process is a dynamic process and it is necessary to manage risk throughout the whole lifecycle of the medical device in order to avoid potential hazardous situations over time. <br/><br>
The main goals of the research effort in this thesis are to integrate users and user perspective in the software risk management process in the medical device domain, and to develop a new risk management process involving a user perspective. <br/><br>
This thesis is based on empirical research with both qualitative and quantitative approaches. The research contains a survey presenting the characteristics of the state of practice of software development in the context of the medical devices and systems. One part of the survey focuses on quality assurance of software, risk management, and the developers’ conception of safety criticality of software. The conception of risk was further investigated in two controlled experiments. The identified challenges and experiences from the survey and the experiments were utilized after that in three case studies. <br/><br>
A new software risk management process, RiskUse, was derived from the experiences and conclusions gained from two of the three case studies. In the first case study was the risk management process studied and in the second case study the introduction of usability testing included the risk management process. The aim of RiskUse is to support software risk management activities in the medical device domain and to bring in an emphasised user perspective into the risk management process. Finally, the first version of RiskUse was empirically evaluated in the third last case study. The research was conducted as action research with the aim to evaluate the user perspective parts of the new risk management process. <br/><br>
In conclusion RiskUse, is found, in the studied cases, to support the practitioners in their work with user risks and risk management.},
  author       = {Lindholm, Christin},
  isbn         = {ISBN 978-91-7623-219-4 (printed version)},
  issn         = {1404-1219},
  keyword      = {Software development,Medical device development,User perspective,Risk management,Usability testing},
  language     = {eng},
  school       = {Lund University},
  title        = {Software Risk Management in the Safety-critical Medical Device Domain - Involving a User Perspective},
  year         = {2015},
}