To provide assurance of the safety of your decision support tool, you should work with key stakeholders to carry out a risk assessment which:

  • Examines each of the decision support tool’s functions and architecture and the possible ways in which functions could fail
  • Identifies the risks to patients if something went wrong with the software
  • Identifies existing controls to prevent those risks occurring or to mitigate their impact
  • Evaluates the current level of risk
  • If the level of risk is unacceptable, identifies and implements further controls

 

The results of this risk assessment and mitigation should be documented in a hazard log and report, using a structured template such as the Failure Modes and Effects Analysis template.

You should continue to update your hazard log when your decision support tool is live. New risks may emerge as the tool is upgraded and expanded, and as it gets increasing use in the real world.

It is helpful to get advice from colleagues who have previously undertaken risk assessment of health and care software. The Right Decision Service team can provide advice, and where appropriate will engage with InnoScot Health, which provides the manufacturer role for software classified as a medical device.

Annex 4 provides more information about applying the Medical Device Regulations to any DSS which meets the criteria for software as a medical device.

Information governance and information security issues are beyond the scope of this guide. You should follow your organisational policies to ensure compliance with the General Data Protection Regulations (GDPR) and information security standards.

The Right Decision Service provides a standard operating procedure to guide you through these aspects of risk management.