Software Risk Management in the Safety-critical Medical Device Domain - Involving a User Perspective
Sammanfattning: There is a thin line between life and death. In the medical domain, risk management can be an instrument that helps the development organisations to develop safer medical devices. A medical device that fails can bring harm to both patients and medical staff. The medical device domain is a complex field where there are several characteristics contributing to the complexity. Many of the functions performed by medical devices and systems are affecting human lives, directly when the devices are used in treatment and indirectly when the devices are used in monitoring. In the risk management process a major challenge is to assure safety and prevent the patients and the medical staff from harm. The process is a dynamic process and it is necessary to manage risk throughout the whole lifecycle of the medical device in order to avoid potential hazardous situations over time. The main goals of the research effort in this thesis are to integrate users and user perspective in the software risk management process in the medical device domain, and to develop a new risk management process involving a user perspective. This thesis is based on empirical research with both qualitative and quantitative approaches. The research contains a survey presenting the characteristics of the state of practice of software development in the context of the medical devices and systems. One part of the survey focuses on quality assurance of software, risk management, and the developers’ conception of safety criticality of software. The conception of risk was further investigated in two controlled experiments. The identified challenges and experiences from the survey and the experiments were utilized after that in three case studies. A new software risk management process, RiskUse, was derived from the experiences and conclusions gained from two of the three case studies. In the first case study was the risk management process studied and in the second case study the introduction of usability testing included the risk management process. The aim of RiskUse is to support software risk management activities in the medical device domain and to bring in an emphasised user perspective into the risk management process. Finally, the first version of RiskUse was empirically evaluated in the third last case study. The research was conducted as action research with the aim to evaluate the user perspective parts of the new risk management process. In conclusion RiskUse, is found, in the studied cases, to support the practitioners in their work with user risks and risk management.
KLICKA HÄR FÖR ATT SE AVHANDLINGEN I FULLTEXT. (PDF-format)