Prospective Hazard Analysis for Information System

Clinical Information Technology (CIT) literature expresses a wide variety of hazards and unintended consequences which these technologies manifest. Literature review, field study, sample survey and experimental simulation have all been applied in an effort to understand the nature of these hazards, however, systematic hazard analysis techniques of systems which implement these technologies have been sparsely reported. In this article, we report on a synthesis of such methodologies which have been derived from the Failure Modes and Effects Analysis (FMEA) method. The synthesis revealed three central weaknesses of the qualitative aspects of the techniques which compromise reproducibility: consistent analysis scoping, consistent process modeling, and model comprehensiveness. We address the consistency of scoping and modeling by suggesting a hybridization of the event-centric FMEA techniques with another prospective technique - Leveson's control loop centric system theoretic process analysis (STPA). We call this methodology Information Systems Hazard analysis (ISHA). We then address the weakness in comprehensiveness by suggesting the use of an information systems domain specific safety objectives taxonomy during the application of the hybridized technique.