Risk analysis of a patient monitoring system using Bayesian Network modeling.

In a modern technological environment where information systems are characterized by complexity, situations of non-effective operation should be anticipated. Often system failures are a result of insufficient planning or equipment malfunction, indicating that it is essential to develop techniques for predicting and addressing a system failure. Particularly for safety-critical applications such as the healthcare information systems, which are dealing with human health, risk analysis should be considered a necessity. This paper presents a new method for performing a risk analysis study of health information systems. Specifically, the CCTA Risk Analysis and Management Methodology (CRAMM) has been utilized for identifying and valuating the assets, threats, and vulnerabilities of the information system, followed by a graphical modeling of their interrelationships using Bayesian Networks. The proposed method exploits the results of the CRAMM-based risk analysis for developing a Bayesian Network model, which presents concisely all the interactions of the undesirable events for the system. Based on "what-if" studies of system operation, the Bayesian Network model identifies and prioritizes the most critical events. The proposed risk analysis framework has been applied to a vital signs monitoring information system for homecare telemedicine, namely the VITAL-Home System, developed and maintained for a private medical center (Medical Diagnosis and Treatment S.A.).