tag:blogger.com,1999:blog-1749920544238188262.post4221082553889453033..comments2023-09-16T04:29:33.343-04:00Comments on ITAC Health - Patient Management Software Licensing Working Group: Sources of Safety Risk in SoftwareITAC Healthhttp://www.blogger.com/profile/12500441071651127879noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-1749920544238188262.post-88991201638870677982010-11-16T16:02:11.924-05:002010-11-16T16:02:11.924-05:00Via email from Michael Whitt,
There is another as...Via email from Michael Whitt,<br /><br />There is another aspect within the Operations Risk arena, which I think of as a sort of migration/learning/implementation risk: the design and implementation of CPOE (and similar automation of evidence-based best-practice processes) by the end-user into an EMR. This sometimes takes place with no or next-to-no vendor involvement, and can involve very little internal IT resource, coming as it does under the auspice (generally) of "practice of medicine".<br />Stand by for "expert systems"…<br /><br />MichaelITAC Healthhttps://www.blogger.com/profile/12500441071651127879noreply@blogger.comtag:blogger.com,1999:blog-1749920544238188262.post-42902779237221681352010-11-16T13:17:47.274-05:002010-11-16T13:17:47.274-05:00Hi,
My name is Abhijit and I have been following ...Hi,<br /><br />My name is Abhijit and I have been following this blog closely. I believe the best standard so far for software process improvement is Capability Maturity Model Integration (CMMI) developed by Software Engineering Institute (SEI) at Carnegie Melon University. This standard has been accepted globally and addresses the specific needs of the software industry.<br /><br />I believe ISO 13485, ISO 9001 etc. are very manufacturing-specific and do not address the specific needs of the software industry that well. ISO has generated a number of guidelines to help software companies tailor these generic standards to the software industry, something I believe works at a high and superficial level. This is where CMMI beats ISO.<br /><br />CMMI is an organizational maturity model and not just a software process model. It has got five maturity levels:<br /><br />Level 1 - Basic (no planning)<br />Level 2 - Managed (some planning and management aspects involved)<br />Level 3 - Defined (practices defined at the org-level)<br />Level 4 - Quantitatively Managed (numerical analysis brought into day-to-day operations)<br />Level 5 - Optimizing (causal analysis and continual improvement)<br /><br />Most firms in North America choose to get certified at Level 3. Most firms in India get certified on Level 5 because it is more of a business mandate there. CMMI implementation is stringent, and once the certification is achieved, ISO models are more or less subsets of this standard.<br /><br />CMMI has a Risk Management process area which does not specifically address patient-health risks. This is where the ISO 14971 model should be used as a guideline.<br /><br />Also, the ISO 27001 model should be used for Information Security and Risk Management because it focusses on numerical assessment of various risks and security threats. It addresses aspects such as CIAL - Confidentiality, Integrity, Availability, and Legality, and also aspects such as Vulnerability, Threat and Probability.<br /><br />I believe CMMI, ISO 14971 and ISO 27001 used together would yield much better results and bring true value to Canadian software companies, and make them ready for expansion into other markets that demand these standards as prerequisites during the bidding process.<br /><br /><br />Thanks,<br />AbhijitAbhijit Ahirhttps://www.blogger.com/profile/04660885005633919604noreply@blogger.com