Pawlicki Todd, Samost Aubrey, Brown Derek W, Manger Ryan P, Kim Gwe-Ya, Leveson Nancy G
Department of Radiation Medicine and Applied Sciences, UC San Diego, 3385 Health Sciences Drive, La Jolla, California 92093.
Engineering Systems Division, Massachusetts Institute of Technology, 77 Massachusetts Avenue, Cambridge, Massachusetts 02142.
Med Phys. 2016 Mar;43(3):1514-30. doi: 10.1118/1.4942384.
Both humans and software are notoriously challenging to account for in traditional hazard analysis models. The purpose of this work is to investigate and demonstrate the application of a new, extended accident causality model, called systems theoretic accident model and processes (STAMP), to radiation oncology. Specifically, a hazard analysis technique based on STAMP, system-theoretic process analysis (STPA), is used to perform a hazard analysis.
The STPA procedure starts with the definition of high-level accidents for radiation oncology at the medical center and the hazards leading to those accidents. From there, the hierarchical safety control structure of the radiation oncology clinic is modeled, i.e., the controls that are used to prevent accidents and provide effective treatment. Using STPA, unsafe control actions (behaviors) are identified that can lead to the hazards as well as causal scenarios that can lead to the identified unsafe control. This information can be used to eliminate or mitigate potential hazards. The STPA procedure is demonstrated on a new online adaptive cranial radiosurgery procedure that omits the CT simulation step and uses CBCT for localization, planning, and surface imaging system during treatment.
The STPA procedure generated a comprehensive set of causal scenarios that are traced back to system hazards and accidents. Ten control loops were created for the new SRS procedure, which covered the areas of hospital and department management, treatment design and delivery, and vendor service. Eighty three unsafe control actions were identified as well as 472 causal scenarios that could lead to those unsafe control actions.
STPA provides a method for understanding the role of management decisions and hospital operations on system safety and generating process design requirements to prevent hazards and accidents. The interaction of people, hardware, and software is highlighted. The method of STPA produces results that can be used to improve safety and prevent accidents and warrants further investigation.
在传统的危害分析模型中,对人类和软件进行分析都极具挑战性。本研究的目的是探讨并展示一种新的、扩展的事故因果关系模型——系统理论事故模型及过程(STAMP)在放射肿瘤学中的应用。具体而言,基于STAMP的危害分析技术——系统理论过程分析(STPA)被用于进行危害分析。
STPA程序始于定义医疗中心放射肿瘤学的高层事故以及导致这些事故的危害。在此基础上,对放射肿瘤学诊所的分层安全控制结构进行建模,即用于预防事故和提供有效治疗的控制措施。使用STPA识别可能导致危害的不安全控制行动(行为)以及可能导致已识别不安全控制的因果场景。这些信息可用于消除或减轻潜在危害。STPA程序在一种新的在线自适应头颅放射外科手术中进行了演示,该手术省略了CT模拟步骤,并在治疗期间使用CBCT进行定位、规划和表面成像系统。
STPA程序生成了一组全面的因果场景,这些场景可追溯到系统危害和事故。为新的立体定向放射外科手术创建了10个控制回路,涵盖医院和科室管理、治疗设计与实施以及供应商服务等领域。识别出83个不安全控制行动以及472个可能导致这些不安全控制行动的因果场景。
STPA提供了一种方法,用于理解管理决策和医院运营对系统安全的作用,并生成过程设计要求以预防危害和事故。突出了人员、硬件和软件之间的相互作用。STPA方法产生的结果可用于提高安全性和预防事故,值得进一步研究。
