Professional Documents
Culture Documents
(FMEA)
Training
FMEA Background
Practice
Recording results
Questions
• This risk demands a Proactive Risk Assessment (PRA) during refinement in order
to minimize and mitigate both design and development flaws that - if not prevented as early in the process
as possible - could be detrimental to our patients and clients.
• FMEA is an industry standard PRA method that is widespread both in healthcare and in
software development that has been demonstrated to prevent serious problems from being introduced
into released software. Early detection of such issues will prevent re-work (and expense); safer
software will improve the health of our patients and clients while escalating our profile as a high-quality
organization.
• Effects on patients will determine the assignment of Risk rankings for each failure. At this point
the SME will play an important role.
• The team shall assign a Severity score to each Failure Mode/effect per the Severity Rankings
table, which is mentioned in the next slide
0 No harm
1 Negligible harm
2 Minor harm
3 Major harm
4 Critical harm
• The best method to determine occurrence ranking is to use actual data, e.g. failure logs, history of failure
or even process capability data. If actual failure data is not available, the team must estimate based on
knowledge and expertise of the team members.
1 Theoretical
2 Remote/Occasional
3 Probable
4 Frequent/Always
• This ranking estimates how well the controls can detect the failure before the
customer is affected. The identification of detectability ranking is determined by current
controls that may detect the failure or effect of the failure. If there are no current controls, the ability to
detect the failure will be low and therefore the ranking can be high.
• Team shall determine (or assign detectability score to) each failure per the Detectability Rankings table,
which is mentioned in the next slide.
• Once occurrence ranking is identified, in this step, team identifies current process
control that can mitigate risk and/ or informs the user of the failure.
• Current controls can help in determining detectability ranking in the next step.
1 Obvious
2 Noticeable
3 Obscure
4 Undetectable
• RPN helps in prioritizing the Risks and also helps to figure out if mitigation is
required for the failure.
• Solutions manager
• Identify Severity in most cases
• Identify likelihood of process and workflow failures
• Identify Detectability from a user perspective
• Quality Assurance
• Provide general expertise in the likelihood of failures and Detectability
• Provide test cases to assure that the failure mode risks are mitigated
• Subject matter expert (may be the Solutions manager, Clinical Center of Excellence or
Business Center of Excellence team member or other “guest” as needed)
• Similar to Solutions manager role
Confidential–For Use By Authorized Employees Only. Do Not Distribute. 28
FMEA: Activities: Preparation
1. Early in refinement, the Requirements manager should address the topic of FMEA timing
with the team
1. Assess which milestones should trigger FMEA meeting(s)
2. Schedule meetings as soon as milestone dates are known
2. Prior to the FMEA meeting, the Requirements manager should prepare to present the
functionality in its most advanced state using the available artifacts. (This may include a
story map, wireframe, working software, etc..)
3. The Requirements manager should prepare the FMEA Worksheet spreadsheet with the
details needed for the meeting
1. The Requirements manager may pre-fill any failure modes they can think of prior to
the meeting if time allows
2. The team shall assign S, O and D scores for each failure mode (the RPN should auto-calculate)
3. User Acceptance Criteria that state how the system “should” function should be discussed and recorded
4. It is helpful to discuss Mitigations during the meeting, but commonly these discussions divert from the main
mission of identifying and evaluating the failure modes.
• If time allows the Mitigations may be discussed and recorded, but not at the risk of concentrating on
Failure Mode identification
2. The team should make certain that the mitigations are not merely
a ‘Band-Aid’, since ‘Band-Aids’ are often costly and do not
actually improve the quality of the product.
• This slide will outline process steps specific to each product, including:
• Where will artifacts (such as the FMEA worksheet) be stored
• What Jira steps will be involved to assure FMEA is done and the results are logged and traceable
• The spreadsheet will be created for each feature and attached to Epic in Jira.
• It might be created as a separate confluence page under RSD
• At least one test case should be created for each failure mode (as
informed by the user acceptance criteria): this assures that the loop will be
closed and provide tangible evidence that undesirable risk has not entered
the system
Display Error Incorrect data displays that may cause a Potential Patient Safety Issue.
E.g., 1) Physician approves lab results with comments, but subsequent view of these comments
in Orders module is truncated, 2) Data retrieval results in an incorrect display.
Implementation Error Incorrect feature implementation or product configuration resulting in a Potential Patient Safety
Issue.
E.g., Creation of templates displays incorrect “date of last” field in health maintenance.
Input Error Incorrect input by the user resulting in a Potential Patient Safety Issue.
E.g., UI allows data entry of free text as opposed to only numeric values.
Installation Error Incorrect installation on a users computer that may result in a Patient Safety Issue.
E.g., 1) Mismatch in setting metric vs. standard units of measure can lead to unexpected results,
2) Incorrect client network installation or configuration.
Labeling Hazard Incorrect output which provides clinically incorrect instructions that may result in a Potential
Patient Safety Issue.
E.g., Documentation providing incorrect instructions.
Storage Error Incorrect data storage that may result in a Potential Patient Safety Issue.
E.g., Partially executed database operation is not transactional and does not rollback on failure,
leaving data in a partially (corrupted) state.
Transport Error Incorrect data transportation from one system to other that may result in a Potential Patient
Safety Issue.
E.g., eRx transactions are not delivered and the provider is not notified.
* Training note: These examples are clinical in nature and can be adjusted per the trainee situation
The hazardous situation may occur from time to time but would
2 Remote/Occasional require the coincidence of unlikely events. Example: Network
failure impacting data storage.
The hazardous situation will likely occur at predictable frequencies
over the life of the product.
3 Probable Example: Data backup, impacting patient context information.
The hazardous situation will often or always occur over the life of
the product. If frequency cannot be estimated, assume this
4 Frequent/Always value. Example: When the user tries to select the “Clear
Consciousness” checkbox , the system automatically selects and
saves the “Clouded Consciousness” option.
By retaining or using this document, you represent that you are a Company employee who is authorized to use this document and
that you will use this document and the information it contains solely as and to the extent permitted by the Company. Any other use or
distribution of the contents of this document, as a whole or in any part, is prohibited.
Although we exercised great care in creating this publication, Company assumes no responsibility for errors or omissions that may
appear in this publication and reserves the right to change this publication at any time without notice.
The registered trademarks listed at www.nextgen.com/legal-notice are the registered trademarks of QSI Management, LLC.
All other names and marks are the property of their respective owners.