-risk analysis of an information system (SI) in the galenic preparations service
2 Hospital Informatization Service, Hôpitaux Universitaires de Strasbourg, France
The computerization of hospitals generates risks while contributing to their control. Risk management in healthcare facilities must be implemented in accordance with ISO 31000 standard, the analysis of these risks is also included in the ISO 9001 v2014 standard. The galenic preparations service was certified in 2013 and plans to purchase a new preparation software.
Identify, assess and prioritize the risks associated with the establishment of the Information System (IS) in the preparations sector and define an action plan to reduce risks to an acceptable level.
Material and method
The method of Needs Requirements and Identification of the Safety Objectives (EBIOS) allows the detailed description of potential risks and the HArmonized MEthod of analysis of RIsks (MEHARI) fixes the occurrence of gross risks. Impacts are defined using an internal scale. The analysis was conducted in 3 phases: definition of the dreaded events, list of threats (internal incidents in 2015 and staff participation), and mapping of the gross, net and residual risks (with the envisaged improvement measures).
35 hazards were assessed, allowing a complete analysis of the preparations circuit, from prescription to delivery through mapping analysis. The final results were presented in the form of a treatment plan and risk sheets.
The institutional method provides a global vision, with an a priori approach comprehensible by all participants. However, it is impossible to guarantee the completeness or objectivity of the analysis and it is necessary to update it periodically.
This work allowed a better knowledge of the IS and related risks. Results were communicated to the staff and led to an audit of the proper use of the IS.