The medical images, described by Dr. Stettin, are the contents of databases. They are retrieved by queries, as the output of technical systems. The images are used for diagnosis, therapy, and training. If they are utilised for diagnosis and therapy, they have some influence on the patient. Because of this, the medical databases have to fulfil the risk management standards, required by the Medical Device Directives. There are certain risk strategies or rules of standardisation that you have follow when you design a system. We already have a series of harmonised European standards available and there will be international standards as well.
Currently, risk strategies are collected in a standard, called EN 1441, dealing with risk assessment. Another standard, EN 60601, is dealing with electrical medical equipment, and specifically, with the risk of sofware systems in the extended EN 60601-1-4 version. Currently, there is also a proposal for a new international standard, the EN ISO/IEC 14971 for database design, that will be valid from September 2000 on. In the future, we will have to look at the technical design of our databases, finding out what might happen, and then estimate the risk for every hazard which we have identified, according to Dr. Stettin.
Each manufacturer or provider of a database will have to supply a risk graph which is known from other areas, such as air plane manufacturers who have to take into account the severe risk figures, given by law. In the health care industry, these figures do not exist. Instead, the medical risk graph consists of two axes, namely severity and likelihood. The severity axe integrates four categories, ranging from negligible, marginal and critical to catastrophic. The categories are defined by the individual manufacturer. The severity level can be different for each database. The likelihood axe contains six levels, ranging from incredible, improbable, remote, occasional and probable to frequent.
As a result, three regions can be defined. The intolerable area specifies risks which cannot be accepted. A catastrophic event which happens frequently is intolerable. This is given by law. The second area is called ALARP, meaning "As Low As Reasonably Practicable" thus demonstrating the need to reduce the risk through additional safety and performance measures. If this is too costly, you may decide either to live with this fact or not to run the database. The third area forms the broadly acceptable region. An incredible likelihood that a pain occurs in the patient due to some misuse of diagnostic images can be accepted by law.
There are various tools available. In the risk analysis, you can estimate the hazard. After defining the risk measurement figure, you can perform a risk control, trying to reduce the risk. You can implement an additional software which controls the design, for instance, or add a second computer to control the first one. The newly proposed standard EN ISO/IEC 14971 is now in the end phase and will be applicable from September 2000, after the MediMedia project is finished. In conclusion, Dr. Stettin confirms that this standard for database design will also be implemented in the United States within a few years.