Software user interface - definition of hazards

[TomQA]

Hi,

I am working on the risk (hazard) analysis of a Software as Medical Device (SaMD). The SaMD is basically a webapp (website) where you planify therapy plans, give suggestion of therapy exercises depending on the patient's evolution etc.

Most of the hazards are therefore linked to the usability / user interface. For exemple, one of the risk identified was that "the therapist edits the wrong patient profile" due to a misuse / misunderstanding of user interface "not user friendly" which creates a modification in a patient's therapy plan (and therefore the patient does the wrong exercises).
My question is, what is the HAZARD for risks linked to usability of user interface ? Does it have to be something Generic ? The ISO14971:2019 (see below) gives examples of relationship between HAZARD -> Hazardous situation -> Harm, so in our case would the HASARD simply be "Misuse" ?

And finally, what could be a risk control ? Can we simply put for example : "User-friendly User interface" ? Does that make any sense ?
Thank you very much !

 

[Tidge]

I find it easiest to stick with HAZARDS as things that physically exist in the world that are recognized as a direct source of harm. "Direct" is not explicitly in the definition in 14971, but if it isn't direct then it means that something else is actually the source of harm.

"Misuse" does not exist in the physical world, misuse only has context in the circumstances for use.

 

[TomQA]

Hi, thank you for your response !
Yes but how would you therefore name the hazard for a software user interface?

 

[Tidge]

Perhaps I am revealing some personal attitudes: I think in the general situation you describe, the harms are coming from the physical therapist and not the software. The hazards, in my imagination, would be kinetic (or possibly potential, depending on the exercise) energy, such as comes from direct manipulation by the therapist or patient.

I'd also explore the risks of "delaying treatment" (by recommending incorrect PT) but that is more akin to the device being ineffective than introducing a new harm.

 

[ThatSinc]

For your risk controls, you'll want to explicitly state what part about the user interface will control the risk.
In the example you have given, the hazardous situation being the instruction to perform an inappropriate exercise (as a result of selecting the wrong patient profile).
Assuming that this is used by a professional and then sent to the user, including the patient name in a larger font and having a confirmation screen of all input data prior to sending to the patient as potential options to reduce the probability that they will get sent the instruction.
Including the patient name on the report that gets sent to them for instruction on exercises, to reduce the probability that they will perform the exercises.

That's potential options for reducing both P1 and P2 from the in-use error of selecting the wrong patient profile.

 

[Al_Z1]

I guess, IEC 62366-1 and 62366-2 would be useful in your case, cause these documents adress user interface requirtements and guidelines.

 

[kamalsolomon]

Specify any hazard that has possibility of Use error & perform Application FMEA to cater the errors.

 

[Tidge]

I guess, IEC 62366-1 and 62366-2 would be useful in your case, cause these documents adress user interface requirtements and guidelines.

I would also recommend AAMI HE75, as it has several chapters relevant to software implementations, and at least one chapter explicitly devoted to it.

One of the best (free) resources on the subject of Usability and Human Factors is the US Department of Energy's Handbook 1028 (especially volume 1, chapter 2). You have read that volume with the attitude that the knowledge within is applicable across multiple disciplines. I found that handbook to be the best source (for myself) to understand and appreciate many of the concepts that were (IMO, casually) referenced in the original version (single volume version) of 62366.... such as "Mental Models".

 

[Hi_Its_Matt]

@TomQA I don’t think you can talk about HAZARDS without first having agreement on what the HARM is. And it looks to me like you haven’t clearly articulated what the specific HARM is.

In situations like this, I very often find myself going back to the definitions of the relevant terms.

HARM – injury or damage to the health of people, or damage to property or the environment
HAZARD - potential source of harm
HAZAROUS SITUATION - circumstance in which people, property or the environment is/are exposed to one or more hazards

I also find it useful to ask “what is the initiating event?” and “what subsequent series of events has to take place for the hazardous situation to occur?”

Having said all that, my initial thought (after giving this ~5 minutes of thought, so… perhaps take it with a grain of salt) is:

• HARM is something like “Delayed patient recovery time.”
• HAZARD feels something like “Incorrect or incomplete information given to patient.”
• And HAZARDOUS SITUATION is something like “Therapist saves treatment plan to incorrect patient account."

I think it would probably be in a lower-level risk analysis document (such as a DFMEA or UFMEA), or in a "sequence of events" field, if you're using one, that the user-interface related cause of the HAZARDOUS SITUATION is described.

 

[Tidge]

Mmmm salt, nom nom...

Having said all that, my initial thought (after giving this ~5 minutes of thought, so… perhaps take it with a grain of salt) is:

• HARM is something like “Delayed patient recovery time.”
• HAZARD feels something like “Incorrect or incomplete information given to patient.”
• And HAZARDOUS SITUATION is something like “Therapist saves treatment plan to incorrect patient account."

I don't like the above suggestions for HARM or HAZARD. Re: harm... "Delay in treatment" is either (a) an ineffective medical procedure or (b) must be the cause of some sort of actual injury, i.e. "infection", "blood loss". Re: hazard... as I wrote above, if a thing cannot exist without context, I have trouble seeing it as a hazard. Humans are not directly injured by "information", no matter the correctness or completeness.