Purpose: To present a method for assessing risk of custom clinical software using an approach based on failure modes and effects analysis (FMEA).
Methods: We created a novel model for assessing risk for custom clinical software analogous to FMEA. Using this risk model, we integrated a literature review and institutional experience to form a practical guide for risk mitigation. This model was refined by application in a clinic with a high volume of clinical software development.
Results: We identified three parameters, population (P), intent (I), and complexity (C), analogous to the FMEA parameters of occurrence, severity, and detectability, respectively. Population classifies the scale of the software tool and is a direct measure of the percentage of the clinic’s population that the tool will impact. Intent refers to the classification of the software and how it’s used in clinical decision making. Complexity is a measure of how difficult it is to find an error by an independent reviewer. Analogous to FMEA risk priority number, multiplying these parameters gives the software risk number (SRN).
Conclusion: Software risk number serves as a quantitative metric for the posed risk if the code does not perform as anticipated or if the design is flawed. After SRN is evaluated, clinics can rank tools by highest SRN and intent to determine the most hazardous tools. Tools with the highest SRN and those used for direct clinical decision making can be allotted the appropriate resources during development, commissioning, and routine quality assurance. This model has been integrated into our clinical software development practice.