CHI+MED logo banner

A new technique for identifying use-related hazards

Key points

  • We have developed a new technique for identifying hazards related to the use of medical devices that complements existing hazard analysis methods.
  • It identifies both hazards and potential causes of them due to design flaws.
  • It is based on widely used interaction design principles and models of human cognition so has a strong focus on use related hazards.
  • Initial experiments suggest that it can detect three times as many use-related hazards as in a traditional method.

An important step in developing new software for a medical device, is to work out the hazards involved. A hazard is a potential source of physical injury or damage to people or the environment. The ways it could possibly cause harm are identified. The device can then be designed to prevent them all occurring. A hazard analysis is the process of identifying all known and foreseeable hazards and their causes in a system. Various methods exist for doing this. However, they do not specifically focus on and do not place enough emphasis on use-related hazards and in particularly identifying potential causes.

A new technique
In collaboration with the US Food and Drug Administration (FDA) we have developed a hazard analysis technique that specifically focuses on identifying the causes in user interface software design of use-related hazards. The technique integrates models of the human cognitive process with general interaction design principles. It therefore has a strong focus on human factors in design and the links between design and hazards. It also uses a model-based approach for systematic exploration of potential hazards.

A model-based approach
The approach is based on normal user interface design documents. In the first stage the analysis is split into a series of separate analyses based on well-known interaction design principles that form part of the widely-used method for evaluating interfaces: heuristic evaluation. This makes sure that common classes of critical interaction design problems are considered.

In the second stage, for each separate area analysed, a set of guide phrases like 'forgotten' and 'wrong order' are combined with the key concepts and steps of a model describing the general steps a person goes through when undertaking tasks. Doing so indicates things that can go wrong. For example, we might combine the guide phrase, 'forgets', with the concept of 'forming a goal' which for the specific example might be to 'set the volume of drug to be delivered to the patient'. This would generate a potential hazard that 'the nurse forgets to set the volume of drug to be delivered to the patient.

In the final stage, hypotheses are generated about how features of a design could hamper a person successfully carrying out the step based on the design principle under consideration. For example, one design principle is that information is visible when needed. This could lead to a cause of the above hazard that 'the fields for inputting the volume are hidden by a notification window at the point it needs to be set'.

The result is a set of potential use errors and problematic interactions, with linked software design flaws that might cause the problems, are identified. This can form the basis for standard hazard analysis techniques extending the depth of those analyses.

Identifying more hazards
Our early experiments suggest that this hazard analysis technique can substantially improve the identification of use-related hazards at the early stages of software design as compared to standard hazard analysis techniques. We previously carried out a preliminary hazard analysis focusing on the number entry software of infusion pumps. A large number of root causes of use-related hazards in software design was identified. We repeated this preliminary hazard analysis using our new model-based technique. We found that it allowed us to articulate and explore subtle causes of use hazards in a systematic way. It also led to our identifying further hazards and related causes that were missed in the original analysis. Our experiments suggest that three times as many use-related hazards can be identified when using the model-based approach, as compared to the standard hazard analysis technique.