Safety Analysis Using Petri Nets
IEEE Transactions on Software Engineering
Safeware: system safety and computers
Safeware: system safety and computers
Software architecture: perspectives on an emerging discipline
Software architecture: perspectives on an emerging discipline
Software Testing and Analysis: Process, Principles and Techniques
Software Testing and Analysis: Process, Principles and Techniques
Safety and Software Intensive Systems: Challenges Old and New
FOSE '07 2007 Future of Software Engineering
CIS system hazards derived from literature using systems and human factors perspectives
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Hi-index | 0.00 |
In recent years an increasing number of computerized provider order entry (CPOE) systems have been developed. CPOE is widely regarded as a technology for reducing hospital medication errors. However, they may introduce specific safety hazards that should be identified and prevented. Despite this fact, these systems, based on large dynamic data structures, are poorly studied from the safety point of view. The paper presents a method for safety testing of CPOE systems. The method can complement the test plan used for providing evidence for the reliability of software, adding a specific part devoted to safety. It provides engineering guidance taking advantage from the typical software architecture of CPOE, usually based on a central database and a set of software components acting on the database. The method is based on the following steps: identification of critical events and related data structures; selection of functions that write, compute or output the values of the data structures; development of causal networks of not desired behaviours of the selected functions that may lead to wrong data states; testing for providing evidence that the behaviours are possible. The result is a body of evidences (a safety case) for supporting the safety evaluation of the software product. An application of the method to a CPOE in a hospital is presented and finally both limitations and scope are discussed.