Automatic Fault Tree Derivation from Little-JIL Process Definitions

Similar documents
Model-Based Guidance for Human-Intensive Processes

Experience Modeling and Analyzing Medical Processes: UMass/Baystate Medical Safety Project Overview

TG100 Implementation Guide - FTA

Representing Process Variation by Means of a Process Family

A hybrid approach for identification of root causes and reliability improvement of a die bonding process a case study

FAQs about upcoming OPTN policy changes related to blood type determination, reporting, and verification.

Engineering Medical Processes to Improve Their Safety An Experience Report

Therapy symposium Formal Radiation Therapy Safety Processes

Introduction to ISO Risk Management for Medical Devices

Risk-based QM for Incorrect Isocenter at Day 1 Setup. TG 100 risk based QM development Process Mapping

510(k) SUBSTANTIAL EQUIVALENCE DETERMINATION DECISION SUMMARY ASSAY AND INSTRUMENT COMBINATION TEMPLATE

Root Cause Analysis. December, 9 th, 2008

BLADDERSCAN PRIME PLUS TM DEEP LEARNING

Field data reliability analysis of highly reliable item

Appendix G: Methodology checklist: the QUADAS tool for studies of diagnostic test accuracy 1

Biospecimen Adult Urine Procedures. Event: Pre-Preg, PV1, PV2, Birth, 6M, 12M, 36M, and 60M

A Simple Pipeline Application for Identifying and Negating SNOMED CT in Free Text

Fully Automated IFA Processor LIS User Manual

STPA-based Model of Threat and Error Management in Dual Flight Instruction

ICS 606. Intelligent Autonomous Agents 1. Intelligent Autonomous Agents ICS 606 / EE 606 Fall Reactive Architectures

Dynamic Rule-based Agent

FMEA AND RPN NUMBERS. Failure Mode Severity Occurrence Detection RPN A B

Feasibility Evaluation of a Novel Ultrasonic Method for Prosthetic Control ECE-492/3 Senior Design Project Fall 2011

LECTURE 5: REACTIVE AND HYBRID ARCHITECTURES

STANDARD OPERATING PROCEDURE TITLE: TOTAL IGE EIA (HYTEC 288)

Failure Mode and Effects Analysis (FMEA) Margaret Colquhoun

BPMN Business Process Modeling Notations

Step 4: ISO9001:2015 -Risk Based Planning Cont. Methodology used to Prioritise and Control Risk

56:134 Process Engineering

Root Cause Analysis: Mining for Answers/Delivering Prevention. Rob Stepp, CIH, CSP, ARM, REHS. Department of Occupational Safety & Health

Unit 2 Boundary Value Testing, Equivalence Class Testing, Decision Table-Based Testing. ST 8 th Sem, A Div Prof. Mouna M.

GEX Recommended Procedure Eff. Date: 09/21/10 Rev.: D Pg. 1 of 7

Assurance Cases for Model-based Development of Medical Devices. Anaheed Ayoub, BaekGyu Kim, Insup Lee, Oleg Sokolsky. Outline

19 CP Add teaching file export related codes

BAYESIAN NETWORKS AS KNOWLEDGE REPRESENTATION SYSTEM IN DOMAIN OF RELIABILITY ENGINEERING

Support for Cognitive Science Experiments

On the Effectiveness of Specification-Based Structural Test-Coverage Criteria as Test-Data Generators for Safety-Critical Systems

Error Reduction Strategies for High-Alert Medications Kelly Besco, Pharm.D., FISMP, CPPS

Blood Cultures & Blood Bank Specimens

Deviations Inspection Observations & Issues to Consider for Achieving Compliance

Implementation Guide for the DoseControl Dosimetry System

Human Activities: Handling Uncertainties Using Fuzzy Time Intervals

19 CP Add teaching file export related codes

Test design automation: equivalence classes, boundaries, edges and corner cases

Cause Analysis. Ground Rules. Please turn off electronics Participation Breaks Consideration for everyone 9/23/2016.

EXPLORING SUBJECTIVITY IN HAZARD ANALYSIS 1

OECD QSAR Toolbox v.4.2. An example illustrating RAAF scenario 6 and related assessment elements

Supporting Blended Workflows

Computational Tree Logic and Model Checking A simple introduction. F. Raimondi

Micra MC1VR01. MRI procedural information for Micra Model MC1VR01 MR Conditional single chamber transcatheter pacing device (VVIR)

THE DEVELOPMENT OF SPECIAL- STRENGTH IN POWER / SPEED EVENTS

MA 2030 Radiography Skills for Medical Assistants

Bruce Thomadsen. University of Wisconsin - Madison

Plan Recognition through Goal Graph Analysis

Expert System Profile

TRANSFUSION OF BLOOD COMPONENTS ADMINISTRATION. All blood components are administered according to BOP DHB Policy and NZBS Guidelines.

Section 3: Economic evaluation

MRI Image Processing Operations for Brain Tumor Detection

Brain-Centered Hazards: Risks & Remedies

Applying STPA to the Artificial Pancreas for People with Type 1 Diabetes

POC Brain Tumor Segmentation. vlife Use Case

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING. CP 7026-Software Quality Assurance Unit-I. Part-A

Artificial Intelligence For Homeopathic Remedy Selection

Application Note No. 112/2013 Nitrogen & urea determination in cosmetics KjelDigester K-449, KjelMaster K-375 with KjelSampler K-376: Nitrogen and

Systematic Risk Analysis Based Approach to Quality Management Process Failure Mode and Effects Analysis

Central Algorithmic Techniques. Iterative Algorithms

To conclude, a theory of error must be a theory of the interaction between human performance variability and the situational constraints.

Point of Care Testing. Bedside Glucose Meter

BRAIN-CENTERED HAZARDS: RISKS & REMEDIES

A Dependability Case Language for a Radiation Therapy System

Prevention of Medical Errors: Concepts and Tools. Perry Johnson, PhD April 30, 2016

Health Care: Safety and Resilience

Comparison of the FMEA and STPA safety analysis methods a case study

SARASOTA MEMORIAL HOSPITAL

Bayesian Belief Network Based Fault Diagnosis in Automotive Electronic Systems

System Theoretic Process Analysis of a Pharmacovigilance Signal Management Process

Effective Airflow Visualization Studies. Gordon Farquharson, July 2017

FDA issues long-awaited final guidance on when a device modification requires a new 510(k)

Trane TR150 Variable Frequency Drive Guide Specification Section GENERAL II. PRODUCTS

Data mining for Obstructive Sleep Apnea Detection. 18 October 2017 Konstantinos Nikolaidis

The Third-Party Reimbursement Process for Orthotics

Intelligent Machines That Act Rationally. Hang Li Bytedance AI Lab

IMPACT OF DEPENDENT FAILURE ON SIL ASSESSMENT

Anticoagulation therapy : improving processes. Hilary Merrett and Fiona Gale, CHKS 18 th October 2010

Infusion device incidents Lessons learned and recommendations

DEVELOPMENT OF AN EXPERT SYSTEM ALGORITHM FOR DIAGNOSING CARDIOVASCULAR DISEASE USING ROUGH SET THEORY IMPLEMENTED IN MATLAB

COMMITMENT. &SOLUTIONS Act like someone s life depends on what we do. TAKE THE FUZE SAFETY DESIGN QUIZ, PART I UNPARALLELED

Modeling Sentiment with Ridge Regression

Instruction Manual Aerogen, Inc. Part No. AG-AL1010 Rev. C

EBS IT Meeting September 2016

Open Range Software, LLC

Causal Knowledge Modeling for Traditional Chinese Medicine using OWL 2

Guidance for ABO Subtyping Organ Donors for Blood Groups A and AB

University of Bristol - Explore Bristol Research. Peer reviewed version. Link to publication record in Explore Bristol Research PDF-document

Coherence Theory of Truth as Base for Knowledge Based Systems

Drivers have GPS. Dialysis Patients have. Making possible personal.

Test Driven Development. Course of Software Engineering II A.A. 2011/2012 Valerio Maggio, PhD Student Prof. Marco Faella

An Agent-Based Diagnostic System Implemented in G2

We Don t Measure Moisture... We Calculate Risk

Linear-Time vs. Branching-Time Properties

Transcription:

Automatic Fault Tree Derivation from Little-JIL Process Definitions Bin Chen, George S. Avrunin, Lori A. Clarke, and Leon J. Osterweil Laboratory for Advanced Software Engineering Research (LASER) University of Massachusetts Amherst April, 2006

Accident and Hazard Accident Undesired or unplanned event that results in harm to people or damage to property Hazard A state of a system that, together with certain conditions in the environment, will lead inevitably to an accident e.g. Hazard: Incorrect type of blood is transfused Condition: Patient s blood type is incompatible with the blood transfused Accident: Patient has transfusion reaction

Hazard Analysis Types of hazard analysis Identify hazards and evaluate their effects (e.g. Failure Mode and Effects Analysis) Identify and evaluate the causal factors of hazards (e.g. Fault Tree Analysis)

Hazard Analysis Types of hazard analysis Identify hazards and evaluate their effects (e.g. Failure Mode and Effects Analysis) Identify and evaluate the causal factors of hazards (e.g. Fault Tree Analysis)

Fault Tree Analysis (FTA) A well accepted and widely practiced hazard analysis technique Systematically identifies and reasons about all possible events that could lead to a given hazard by Developing fault trees Analyzing fault trees Analysis results can be used to improve the system

Elements of Fault Trees Basic Event: basic initiating faults or conditions Undeveloped Event: events that are not developed any further, either because necessary information for deriving the fault tree leading to these events is unavailable or because these events are considered to have insignificant consequence Intermediate Event: events that need to be developed AND Gate: the output event occurs if all of the input events occur OR Gate: the output event occurs if any of the input events occur

Fault Tree A fault tree captures all the parallel and sequential combinations of events that could lead to a given hazard

FTA for Process Improvement Apply FTA to improve medical safety processes Case study: The real-world blood transfusion process used at Baystate Medical Center, Massachusetts

The Problem Difficult to manually develop correct fault trees for large processes Requires deep understanding of processes Time-consuming Error-prone Errors in fault trees affect the validity of decisions made to improve processes

Our Approach Developed an algorithm that automatically develops fault trees from process definitions The algorithm requires the process to be formal defined The idea can be applied to the other process definition languages Extended existing FTA with visualization Evaluated our approach by applying it to the real-world blood transfusion process

Roadmap of Presentation Running example Automatically deriving fault trees from process definitions Fault Tree Analysis for process improvement Case Study Related work Conclusions Future work

Simplified Blood Transfusion Process Handle Exception : Patient s Blood Type Unavailable

Simplified Blood Transfusion Process Steps Handle Exception : Patient s Blood Type Unavailable Step: represents some specified task to be done

Simplified Blood Transfusion Process Sub-step sequencing Handle Exception : Patient s Blood Type Unavailable Sub-step sequencing: defines the order in which a step s sub-steps execute

Simplified Blood Transfusion Process Sequential Step Handle Exception : Patient s Blood Type Unavailable

Simplified Blood Transfusion Process Try Step Handle Exception : Patient s Blood Type Unavailable

Simplified Blood Transfusion Process Exception: Patient s Blood Type Unavailable Handle Exception : Patient s Blood Type Unavailable Exception: indicates that execution of a step fails

Simplified Blood Transfusion Process Handle Exception : Patient s Blood Type Unavailable Exception handler Exception handler: handles exception

Simplified Blood Transfusion Process Handle Exception : Patient s Blood Type Unavailable Control-flow badge Control-flow badge: indicates how the step catching the exception executes after the handler finishes

Simplified Blood Transfusion Process Artifact Flow Patient ID Blood Type Blood Unit Patient ID Blood Typ e Patient ID Bl ood Type Handle Exception : Patient s Blood Type Unavailable Artifacts: entities that are used or produced in processes

Example Hazard in Simplified Blood Transfusion Process Artifact Flow Patient ID Blood Type Blood Unit Patient ID Blood Typ e Patient ID Bl ood Type Handle Exception : Patient s Blood Type Unavailable Hazard: Blood Unit passed to Perform Transfusion is wrong

Automatically Deriving FTs from Little-JIL Process Definitions 17 templates are defined based on Little-JIL semantics Each can be used to develop certain kind of intermediate events A template specifies events related to the intermediate event defines the cause-consequence relationships between those events and the intermediate event

Template for Artifact o from S is wrong Artifact o from S is wrong Artifact i1 passed to S is wrong... Artifact ij passed to S is wrong All required artifacts are correct, but S produces the wrong o S is a leaf step o is an OUT parameter of S i 1,, i j are IN parameter of S

Apply Template IN: Blood Type OUT: Blood Unit Blood Unit from Pick up Blood from Blood Bank is wrong Blood Type to Pick up Blood from Blood Bank is wrong Input Blood Type is correct, but Pick up Blood from Blood Bank produces wrong Blood Unit

Automatic Fault Tree Derivation Algorithm Define the given hazard as the TOP event and put it to the worklist While the worklist is not empty do Remove an event e from the worklist Apply the proper template according to e For each new intermediate event e, add e to the worklist

Example Hazard in Simplified Blood Transfusion Process Artifact Flow Patient ID Blood Type Blood Unit Patient ID Blood Typ e Patient ID Bl ood Type Handle Exception : Patient s Blood Type Unavailable Hazard: Blood Unit passed to Perform Transfusion is wrong

Fault Tree for Simplified Blood Transfusion Process E1 Blood Unit to Perform Transfusion is wrong E2 Blood Unit from Pick up Blood from Blood Bank is wrong

Simplified Blood Transfusion Process Artifact Flow Patient ID Blood Type Blood Unit Patient ID Blood Typ e Patient ID Bl ood Type Handle Exception : Patient s Blood Type Unavailable Blood unit from Pick up Blood from Blood Bank is wrong

Fault Tree for Simplified Blood Transfusion Process E1 Blood Unit to Perform Transfusion is wrong E2 Blood Unit from Pick up Blood from Blood Bank is wrong E3 Blood Type to Pick up Blood from Blood Bank is wrong E4 Input Blood Type is correct, but Pick up Blood from Blood Bank produces wrong Blood Unit

Simplified Blood Transfusion Process Artifact Flow Patient ID Blood Type Blood Unit Patient ID Blood Typ e Patient ID Bl ood Type Handle Exception : Patient s Blood Type Unavailable Blood Type to Pick up Blood from Blood Bank is wrong

Fault Tree for Simplified Blood Transfusion Process E1 Blood Unit to Perform Transfusion is wrong E2 Blood Unit from Pick up Blood from Blood Bank is wrong E3 Blood Type to Pick up Blood from Blood Bank is wrong E4 Input Blood Type is correct, but Pick up Blood from Blood Bank produces wrong Blood Unit E5 Blood Type from Contact Lab for Patient 's Blood Type is wrong E6 Blood Type from Test Patient 's Blood Type is wrong

Simplified Blood Transfusion Process Artifact Flow Patient ID Blood Type Blood Unit Patient ID Blood Typ e Patient ID Bl ood Type Handle Exception : Patient s Blood Type Unavailable Blood Type from Contact Lab for Patient s Blood Type is wrong

Fault Tree for Simplified Blood Transfusion Process E1 Blood Unit to Perform Transfusion is wrong E2 Blood Unit from Pick up Blood from Blood Bank is wrong E5 E3 Blood Type from Contact Lab for Patient 's Blood Type is wrong Blood Type to Pick up Blood from Blood Bank is wrong E6 Blood Type from Test Patient 's Blood Type is wrong E4 Input Blood Type is correct, but Pick up Blood from Blood Bank produces wrong Blood Unit E7 Contact Lab for Patient 's Blood Type produces wrong Blood Type E8 Exception is not thrown by Contact Lab for Patient 's Blood Type

Simplified Blood Transfusion Process Artifact Flow Patient ID Blood Type Blood Unit Patient ID Blood Typ e Patient ID Bl ood Type Handle Exception : Patient s Blood Type Unavailable Contact Lab for Patient s Blood Type produces wrong Blood Type

Fault Tree for Simplified Blood Transfusion Process E1 Blood Unit to Perform Transfusion is wrong E2 Blood Unit from Pick up Blood from Blood Bank is wrong E5 E3 Blood Type to Pick up Blood from Blood Bank is wrong Blood Type from Contact Lab for Patient 's Blood Type is wrong Blood Type from Test Patient 's Blood Type is wrong E6 E4 Input Blood Type is correct, but Pick up Blood from Blood Bank produces wrong Blood Unit E7 E11 Contact Lab for Patient 's Blood Type produces wrong Blood Type Patient ID to Blood Transfusion Process Is wrong E12 E8 Input patient ID is correct, but Contact Lab for Patient 's Blood Type produces wrong Blood Type Exception is not thrown by Contact Lab for Patient 's Blood Type

Fault Tree for Simplified Blood Transfusion Process E1 Blood Unit to Perform Transfusion is wrong E2 Blood Unit from Pick up Blood from Blood Bank is wrong E5 E3 Blood Type to Pick up Blood from Blood Bank is wrong Blood Type from Contact Lab for Patient 's Blood Type is wrong Blood Type from Test Patient 's Blood Type is wrong E6 E4 Input Blood Type is correct, but Pick up Blood from Blood Bank produces wrong Blood Unit E7 E11 Contact Lab for Patient 's Blood Type produces wrong Blood Type Patient ID to Blood Transfusion Process Is wrong E12 E8 Input patient ID is correct, but Contact Lab for Patient 's Blood Type produces wrong Blood Type Exception is not thrown by Contact Lab for Patient 's Blood Type E9 E11 Test Patient 's Blood Type produces wrong Blood Type Patient ID to Blood Transfusion Process is wrong E10 Input patient ID is correct, but Test Patient 's Blood Type produces wrong Blood Type E13 Exception is thrown by Contact Lab for Patient 's Blood Type

Analyze Fault Trees - Calculate Minimal Cut Sets (MCSs) Cut set - a set of basic events and/or undeveloped events whose occurrence ensures that the TOP event occurs MCS - a cut set that cannot be further reduced MCSs can be automatically calculated from a fault tree using Boolean algebra

Calculate MCSs E2 E1 Blood Unit to Perform Transfusion is wrong Blood Unit from Pick up Blood from Blood Bank is wrong 1 2 E5 E3 Blood Type to Pick up Blood from Blood Bank is wrong Blood Type from Contact Lab for Patient 's Blood Type is wrong Blood Type from Test Patient 's Blood Type is wrong 3 4 5 E6 E4 Input Blood Type is correct, but Pick up Blood from Blood Bank produces wrong Blood Unit E7 E11 Contact Lab for Patient 's Blood Type produces wrong Blood Type Patient ID to Blood Transfusion Process Is wrong 6 E12 E8 Input patient ID is correct, but Contact Lab for Patient 's Blood Type produces wrong Blood Type Exception is not thrown by Contact Lab for Patient 's Blood Type E9 E11 Test Patient 's Blood Type produces wrong Blood Type Patient ID to Blood Transfusion Process is wrong 7 E10 Input patient ID is correct, but Test Patient 's Blood Type produces wrong Blood Type E13 Exception is thrown by Contact Lab for Patient 's Blood Type Each gate corresponds to an equation

Calculate MCSs E2 E1 Blood Unit to Perform Transfusion is wrong Blood Unit from Pick up Blood from Blood Bank is wrong 1 2 E5 E3 Blood Type to Pick up Blood from Blood Bank is wrong Blood Type from Contact Lab for Patient 's Blood Type is wrong Blood Type from Test Patient 's Blood Type is wrong 3 4 5 E6 E4 Input Blood Type is correct, but Pick up Blood from Blood Bank produces wrong Blood Unit E7 E11 Contact Lab for Patient 's Blood Type produces wrong Blood Type Patient ID to Blood Transfusion Process Is wrong 6 E12 E8 Input patient ID is correct, but Contact Lab for Patient 's Blood Type produces wrong Blood Type Exception is not thrown by Contact Lab for Patient 's Blood Type E9 E11 Test Patient 's Blood Type produces wrong Blood Type Patient ID to Blood Transfusion Process is wrong 7 E10 Input patient ID is correct, but Test Patient 's Blood Type produces wrong Blood Type E13 Exception is thrown by Contact Lab for Patient 's Blood Type Each gate corresponds to an equation 1: E1 = E2

Calculate MCSs E2 E1 Blood Unit to Perform Transfusion is wrong Blood Unit from Pick up Blood from Blood Bank is wrong 1 2 E5 E3 Blood Type to Pick up Blood from Blood Bank is wrong Blood Type from Contact Lab for Patient 's Blood Type is wrong Blood Type from Test Patient 's Blood Type is wrong 3 4 5 E6 E4 Input Blood Type is correct, but Pick up Blood from Blood Bank produces wrong Blood Unit E7 E11 Contact Lab for Patient 's Blood Type produces wrong Blood Type Patient ID to Blood Transfusion Process Is wrong 6 E12 E8 Input patient ID is correct, but Contact Lab for Patient 's Blood Type produces wrong Blood Type Exception is not thrown by Contact Lab for Patient 's Blood Type E9 E11 Test Patient 's Blood Type produces wrong Blood Type Patient ID to Blood Transfusion Process is wrong 7 E10 Input patient ID is correct, but Test Patient 's Blood Type produces wrong Blood Type E13 Exception is thrown by Contact Lab for Patient 's Blood Type Each gate corresponds to an equation 1: E1 = E2 2: E2 = E3 + E4

Calculate MCSs E2 E1 Blood Unit to Perform Transfusion is wrong Blood Unit from Pick up Blood from Blood Bank is wrong 1 2 E5 E3 Blood Type to Pick up Blood from Blood Bank is wrong Blood Type from Contact Lab for Patient 's Blood Type is wrong Blood Type from Test Patient 's Blood Type is wrong 3 4 5 E6 E4 Input Blood Type is correct, but Pick up Blood from Blood Bank produces wrong Blood Unit E7 E11 Contact Lab for Patient 's Blood Type produces wrong Blood Type Patient ID to Blood Transfusion Process Is wrong 6 E12 E8 Input patient ID is correct, but Contact Lab for Patient 's Blood Type produces wrong Blood Type Exception is not thrown by Contact Lab for Patient 's Blood Type E9 E11 Test Patient 's Blood Type produces wrong Blood Type Patient ID to Blood Transfusion Process is wrong 7 E10 Input patient ID is correct, but Test Patient 's Blood Type produces wrong Blood Type E13 Exception is thrown by Contact Lab for Patient 's Blood Type Each gate corresponds to an equation 1: E1 = E2 2: E2 = E3 + E4 3: E3 = E5 + E6 4: E5 = E7 E8 5: E6 = E9 E13 6: E7 = E11 + E12 7: E9 = E11 + E10

Calculate MCSs E2 E1 Blood Unit to Perform Transfusion is wrong Blood Unit from Pick up Blood from Blood Bank is wrong 1 2 E5 E3 Blood Type to Pick up Blood from Blood Bank is wrong Blood Type from Contact Lab for Patient 's Blood Type is wrong Blood Type from Test Patient 's Blood Type is wrong 3 4 5 E6 E4 Input Blood Type is correct, but Pick up Blood from Blood Bank produces wrong Blood Unit E7 E11 Contact Lab for Patient 's Blood Type produces wrong Blood Type Patient ID to Blood Transfusion Process Is wrong 6 E12 E8 Input patient ID is correct, but Contact Lab for Patient 's Blood Type produces wrong Blood Type Exception is not thrown by Contact Lab for Patient 's Blood Type E9 E11 Test Patient 's Blood Type produces wrong Blood Type Patient ID to Blood Transfusion Process is wrong 7 E10 Input patient ID is correct, but Test Patient 's Blood Type produces wrong Blood Type E13 Exception is thrown by Contact Lab for Patient 's Blood Type Derive an equation for E1 by eliminating and substituting the other intermediate events: E1 = ( E4 ) + ( E11 ) + ( E12 E8 ) + ( E10 E13 )

Analyze FTs Calculate MCSs (cont d) E1 = ( E4 ) + ( E11 ) + ( E12 E8 ) + ( E10 E13) MCSs: { E4 } { E11 } { E12, E8 } { E10, E13 }

Analyze FTs Calculate MCSs (cont d) E1 = ( E4 ) + ( E11 ) + ( E12 E8 ) + ( E10 E13) MCSs: { E4 } { E11 } { E12, E8 } { E10, E13 } Single points of failure!!!

Analyze FTs Calculate MCSs (cont d) E1 = ( E4 ) + ( E11 ) + ( E12 E8 ) + ( E10 E13) MCSs: { E4 } { E11 } { E12, E8 } { E10, E13 } The hazard will definitely occur if Pick up Blood from Blood Bank produces wrong Blood Unit (E4) Patient ID to Blood Transfusion Process is wrong (E11)

Improve Simplified Blood Transfusion Process Handle Exception : Blood Product Verification Fails Patient ID Blood Type Blood Unit Pa tien t ID Blo od Typ e Blood Type Patient ID Handle Exception : Patient s Blood Type Unavailable

On Alternative to Improve Simplified Blood Transfusion Process Handle Exception : Blood Product Verification Fails Patient ID Blood Type Blood Unit Pa tien t ID Blo od Typ e Blood Type Patient ID Handle Exception : Patient s Blood Type Unavailable Add a consistency check step

On Alternative to Improve Simplified Blood Transfusion Process Handle Exception : Blood Product Verification Fails Patient ID Blood Type Blood Unit Pa tien t ID Blo od Typ e Blood Type Patient ID Handle Exception : Patient s Blood Type Unavailable Add a consistency check step

New Fault Tree E 1 Blood Unit to Perform Transfusion is wrong E 5 E 3 Blood Type to Pick up Blood from Blood Bank is wrong Blood Unit from Pick up Blood from Blood Bank is wrong Blood Type from Contact Lab for Patient 's Blood Type is wrong Blood Type from Test Patient 's Blood Type is wrong E6 E 2 E4 Input Blood Type is correct, but Pick up Blood from Blood Bank produces wrong Blood Unit E14 Exception is not thrown by Blood Product Verification E 7 E 11 Contact Lab for Patient 's Blood Type produces wrong Blood Type Patient ID to Blood Transfusion Process Is wrong E12 E8 Input patient ID is correct, but Contact Lab for Patient 's Blood Type produces wrong Blood Type Exception is not thrown by Contact Lab for Patient 's Blood Type E9 E 11 Test Patient 's Blood Type produces wrong Blood Type Patient ID to Blood Transfusion Process is wrong E10 Input patient ID is correct, but Test Patient 's Blood Type produces wrong Blood Type E13 Exception is thrown by Contact Lab for Patient 's Blood Type

New MCSs { E14, E4 } { E14, E11 } { E14, E12, E8 } { E14, E10, E13 } No single point of failure now

New MCSs { E14, E4 } { E14, E11 } { E14, E12, E8 } { E14, E10, E13 } No single point of failure now E14 appears in every MCS, which means Blood Product Verification is important for the new process Thus further improvement could be focused on Blood Product Verification

Case Study: Real-World Blood Transfusion Process The real-world blood transfusion process used at Baystate Medical Center, Massachusetts The Little-JIL definition of this blood transfusion process contains 112 steps

Blood Transfusion Process

Blood Transfusion Process

Blood Transfusion Process

The Hazard Blood Unit is Wrong!!! Blood Unit to Administer Unit of Blood Product is wrong

The Fault Tree Generated

Minimal Cut Sets { Prepare Documentation for Blood Pick up produces wrong Document, Product Verification fails to throw exception FailedProductCheck given wrong Blood Unit } { Release Blood from Blood Bank produces wrong Blood Unit, Product Verification fails to throw exception FailedProductCheck given wrong Blood Unit } { Patient s Armband to In Patient Blood Transfusion Process is wrong, Product Verification fails to throw exception FailedProductCheck given wrong Blood Unit }

Display How a MCS Leads to the Hazard Support two ways to show how events in a MCS cause the hazard to occur Display the sub-tree Display an execution trace of the process

Display How a MCS Leads to the Hazard Support two ways to show how events in a MCS cause the hazard to occur Display the sub-tree Display an execution trace of the process

Display Trace for a MCS Example: { Prepare Documentation for Blood Pick up produces wrong Document, } Product Verification fails to throw exception FailedProductCheck given wrong Blood Unit

Trace for a MCS MCS "Prepare Documentation for Blood Pick up" produces wrong Document "Product Verification" fails to throw exception FailedProductCheck given wrong Blood Unit Parameters Physician Order Patient Record Patient Armband Patient State In-Patient Blood Transfusion Process is started Artifacts: Physician Order is right Patient Record is right Patient Armband is right Patient is right

Trace for a MCS MCS "Prepare Documentation for Blood Pick up" produces wrong Document "Product Verification" fails to throw exception FailedProductCheck given wrong Blood Unit Parameters Physician Order Patient Record Patient Armband Patient State Carry Out Physician Order for Transfusion is started Artifacts: Physician Order is right Patient Record is right Patient Armband is right Patient is right

Trace for a MCS MCS "Prepare Documentation for Blood Pick up" produces wrong Document "Product Verification" fails to throw exception FailedProductCheck given wrong Blood Unit Parameters Patient Record Patient Armband Patient Blood Type & Screen State Check for Existence of Type and Screen is started Artifacts: Physician Order is right Patient Record is right Patient Armband is right Patient is right

Trace for a MCS MCS "Prepare Documentation for Blood Pick up" produces wrong Document "Product Verification" fails to throw exception FailedProductCheck given wrong Blood Unit Parameters Patient Record Patient Armband Patient Blood Type & Screen State Check for Existence of Type and Screen produces right Blood Type & Screen Artifacts: Physician Order is right Patient Record is right Blood Type & Screen is right Patient Armband is right Patient is right

Trace for a MCS MCS "Prepare Documentation for Blood Pick up" produces wrong Document "Product Verification" fails to throw exception FailedProductCheck given wrong Blood Unit Parameters Patient Record Patient Armband Physician Order Blood Type & Screen Document State Prepare Document for Blood Pick-up is started Artifacts: Physician Order is right Patient Record is right Blood Type & Screen is right Patient Armband is right Patient is right

Trace for a MCS MCS "Prepare Documentation for Blood Pick up" produces wrong Document "Product Verification" fails to throw exception FailedProductCheck given wrong Blood Unit Parameters Patient Record Patient Armband Physician Order Blood Type & Screen Document State Prepare Document for Blood Pick-up produces wrong Document Artifacts: Physician Order is right Patient Record is right Blood Type & Screen is right Patient Armband is right Patient is right Document is wrong

Trace for a MCS MCS "Prepare Documentation for Blood Pick up" produces wrong Document "Product Verification" fails to throw exception FailedProductCheck given wrong Blood Unit Parameters Document Blood Unit State Pick up Blood from Blood Bank is started Artifacts: Physician Order is right Patient Record is right Document is wrong Patient Armband is right Patient is right

Trace for a MCS MCS "Prepare Documentation for Blood Pick up" produces wrong Document "Product Verification" fails to throw exception FailedProductCheck given wrong Blood Unit Parameters Document Blood Unit State Pick up Blood from Blood Bank is completed and produces wrong Blood Unit Artifacts: Physician Order is right Patient Record is right Document is wrong Patient Armband is right Patient is right Blood Unit is wrong

Trace for a MCS MCS "Prepare Documentation for Blood Pick up" produces wrong Document "Product Verification" fails to throw exception FailedProductCheck given wrong Blood Unit Parameters Patient Record Patient Armband Patient Blood Unit State Perform Transfusion is started Artifacts: Physician Order is right Patient Record is right Blood Unit is wrong Patient Armband is right Patient is right

Trace for a MCS MCS "Prepare Documentation for Blood Pick up" produces wrong Document "Product Verification" fails to throw exception FailedProductCheck given wrong Blood Unit Parameters Patient Record Patient Armband Patient Blood Unit State Single-Unit Transfusion Process is started Artifacts: Physician Order is right Patient Record is right Blood Unit is wrong Patient Armband is right Patient is right

Trace for a MCS MCS "Prepare Documentation for Blood Pick up" produces wrong Document "Product Verification" fails to throw exception FailedProductCheck given wrong Blood Unit Parameters Patient Record Patient Armband Patient Blood Unit State Bedside Checks is started Artifacts: Physician Order is right Patient Armband is right Patient is right Patient Record is right Blood Unit is wrong

Trace for a MCS MCS "Prepare Documentation for Blood Pick up" produces wrong Document "Product Verification" fails to throw exception FailedProductCheck given wrong Blood Unit Parameters Patient Armband Patient State Verify Patient Identification is started Artifacts: Physician Order is right Patient Record is right Blood Unit is wrong Patient Armband is right Patient is right

Trace for a MCS MCS "Prepare Documentation for Blood Pick up" produces wrong Document "Product Verification" fails to throw exception FailedProductCheck given wrong Blood Unit Parameters Patient Armband Patient State Verify Patient Identification is completed Artifacts: Physician Order is right Patient Record is right Blood Unit is wrong Patient Armband is right Patient is right

Trace for a MCS MCS "Prepare Documentation for Blood Pick up" produces wrong Document "Product Verification" fails to throw exception FailedProductCheck given wrong Blood Unit Parameters Patient Record Patient Armband Patient Blood Unit State Product Verification is started Artifacts: Physician Order is right Patient Armband is right Patient is right Patient Record is right Blood Unit is wrong

Trace for a MCS MCS "Prepare Documentation for Blood Pick up" produces wrong Document "Product Verification" fails to throw exception FailedProductCheck given wrong Blood Unit Parameters Patient Record Patient Armband Patient Blood Unit State Product Verification fails to throw exception FailProductCheck given the wrong Blood Unit Artifacts: Physician Order is right Patient Record is right Blood Unit is wrong Patient Armband is right Patient is right

Trace for a MCS MCS "Prepare Documentation for Blood Pick up" produces wrong Document "Product Verification" fails to throw exception FailedProductCheck given wrong Blood Unit Parameters Blood Tube Blood Vial Catheter Labels State Gather Infusion Equipment is started Artifacts: Physician Order is right Patient Record is right Blood Unit is wrong Patient Armband is right Patient is right

Trace for a MCS MCS "Prepare Documentation for Blood Pick up" produces wrong Document "Product Verification" fails to throw exception FailedProductCheck given wrong Blood Unit Parameters Blood Tube Blood Vial Catheter Labels State Gather Infusion Equipment is completed Artifacts: Physician Order is right Patient Record is right Blood Unit is wrong Patient Armband is right Patient is right

Trace for a MCS MCS "Prepare Documentation for Blood Pick up" produces wrong Document "Product Verification" fails to throw exception FailedProductCheck given wrong Blood Unit Parameters Patient Blood Unit Blood Tube Blood Vial Catheter Labels Blood Unit is Wrong!!! State Administer Unit of Blood Product is started Artifacts: Physician Order is right Patient Record is right Blood Unit is wrong Patient Armband is right Patient is right

Limitations The completeness and correctness of a derived fault tree depends on the completeness and correctness of the process definition The derived fault tree could contain superfluous subtrees if leaf steps do not satisfy the assumption that any OUT parameter depends on all its IN parameters and resources

Related Work Cha, Leveson, and Shimeall proposed a partially automated technique that derives fault trees from Ada programs based on templates Ratan, Partridge, Reese, and Leveson proposed a fully automatic technique deriving fault trees from the Requirements State Machine Language (RSML) specifications The approach by Pai and Dugan automatically derives fault trees from UML models McKelvin, Eirea, Pinello, Kanajan, and Sangiovanni- Vincentelli designed an algorithm that derives fault trees from Fault Tolerant Data Flow (FTDF) models Liggesmeyer, and Rothfelder use model checking to generate fault trees

Conclusions Demonstrated that FTA can help process improvement Developed an automated fault tree derivation algorithm based upon process definitions Applied the algorithm to analyze a realworld process

Future Work Automatically provide recommendations for process improvement based on analysis results of FTA Combine FTA with Finite-State Verification Combine FTA with the other Hazard Analysis techniques (e.g. FMEA)

Thank You

2024 © healthdocbox.com Privacy Policy | Terms of Service | Feedback