HEALTHCARE BUSINESS PROCESSES RISKS IDENTIFICATION

AND MANAGEMENT

Approach for Medication Administration Processes Re-engineering

Leandro Paulo Bogoni

, Ganna Frankova

, Cristina Matteotti

, Fabio Casati

, Duncan Dubugras

Ruiz

and Giampaolo Armellin

Department of Information Engineering and Computer Science, University of Trento,

Via Sommarive, 14, 38123 Povo, TN, Italy

R&D Department, GPI S.p.A., Via Ragazzi del ’99, 13, 38123 Trento, Italy

Faculty of Informatics, Pontiﬁcal Catholic University of RS, Av. Ipiranga 6681, Porto Alegre, RS, Brazil

Keywords:

Business process, Risk management, Healthcare, Medication administration.

Abstract:

Medication administration in healthcare institutions is one of the critical processes that need to be carefully

considered from the risk management point of view. Medical administration errors are costly from several

perspectives as they lead to injuries, illness or even death and ﬁnally, signiﬁcantly increase hospital expense.

In this article, we argue that efﬁcient risk management approaches for medication administration business

processes are needed. Risks should be identiﬁed and mitigated well before critical error occurs.

The presented work describes issues of healthcare business process risk individuation and propose a method-

ology for business process re-engineering to mitigate the identiﬁed risks. To show the potential impact of

the approach, we illustrate the functioning of the methodology on the scenario derived from the application

domain of the Nursy Rolly

industrial R&D project.

1 INTRODUCTION

Medication administration in healthcare institutions

is a critical process that requires accuracy, timeli-

ness and traceability. Medication administration er-

rors have serious direct and indirect effects and are

usually the consequence of a breakdown in a very

complex system (Foote and Coleman, 2008) that in-

cludes both medical devices, healthcare organization

and working practices. Errors can lead to injuries, ill-

ness or even death and increase signiﬁcantly hospital

costs. According to (The Joint Commission, 2011),

medication error sentinel events resulting in death or

permanent loss of function are 319 from 2004 till

September 30th, 2011.

Risks of errors can be spread in any part of Med-

ication Administration Business Process (MABP).

Reasons of risks arising are usually due to bad design

or bad execution of MABP. On one hand, an insufﬁ-

cient quantity of controls may leave the process liable

of wrong interpretation and execution. On the other

hand, a process with excessive controls may lead the

operator to skip them in order to ease/speed activities.

An analysis of near miss

reports, as it is done

in aviation, nuclear power technology, petrochemical

processing, steel production, military operations and

air transportation, can highlight risky situations and

enable preventive actions (Barach and Small, 2000).

Preventive actions, by introduction of IT Systems, if

not planned carefully, can not be always effective in

risk reduction or can introduce new risks. The ques-

tion of potential risks early identiﬁcation and intro-

duction of preventive actions without creating new

sources of risk in medication administration business

process arise. The main challenges are in foreseeing

and considering the necessary speciﬁcities for obtain-

ing safe MABPs.

The goal of this work is to provide a solution to

identify in advance the risks and enable risk managers

and business process designers to mitigate the errors

and improve medication administration business pro-

cess. To achieve this, we adapt the Tropos frame-

work (Castro et al., 2002; Bresciani et al., 2004) to

A near miss is an unplanned event that did not result

in injury, illness, or damage, but had the potential to do

so (Kohn et al., 2000).

292

Paulo Bogoni L., Frankova G., Matteotti C., Casati F., Dubugras Ruiz D. and Armellin G..

HEALTHCARE BUSINESS PROCESSES RISKS IDENTIFICATION AND MANAGEMENT - Approach for Medication Administration Processes

Re-engineering.

DOI: 10.5220/0003874602920298

In Proceedings of the International Conference on Health Informatics (HEALTHINF-2012), pages 292-298

ISBN: 978-989-8425-88-1

 2012 SCITEPRESS (Science and Technology Publications, Lda.)

our scenario. We employ the approach of Asnar et

al. (Asnar et al., 2010) which is originally devised

for analysing risks during the software requirements

analysis phase. Our contribution is an approach that

uses a goal-risk model as main artifact and a method-

ology that starts from operational goals extraction,

goes to risk events identiﬁcation, through problem

analysis and to solution design.

The rest of the paper is organized as follows. Sec-

tion 2 describes medication administration business

process and the application of technologies to assist

the nurse in performing the medication administra-

tion. In Section 3, we present the issues related to

identifying the risky situations during MABP execu-

tion. A methodology to identify and treat risks on

the process is proposed in Section 4. In Section 5

we apply the proposed methodology to the MABP.

Section 6 is devoted to the proposed approach and re-

lated work discussion. Concluding remarks and fu-

ture work are summarized in Section 7.

2 MEDICATION

ADMINISTRATION BUSINESS

PROCESS (MABP)

For this work, we take into account only the MABP

running inside a hospital ward as illustrated in Fig-

ure 1. It is based in a real scenario modelled by a het-

erogeneous group of IT and healthcare professionals.

The main actors involved in this MABP are: (i) Nurse,

responsible for reading the physician order entries ad-

ministering medicines to patients and (ii) Patient, who

can decide whether to take or refuse a medicine. An-

other actor involved is the Physician, who is respon-

sible for prescribing medicines to patients, however,

we assume the prescription of medicines is done be-

fore the administration begins and we do not tackle its

issues on this work;

The medication administration is performed dur-

ing predetermined timeslots, e.g., at 8 a.m. and at 11

a.m. The nurse

assures she collected all medicines

required to cover the patients needs and makes the

rounds. Calculation of the required quantity of

medicine for each round is performed by analysing

the therapies prescribed to the patients the nurse is re-

sponsible for. If the nurse uses of a medication cart,

she must load the medicines in the cart before starting

the ﬁrst round of the shift. The reﬁll is usually done

In this paper we only nominate the nurse as the re-

sponsible for performing MABP, even though we know that

there are situations where other healthcare professionals as-

sume this role.

every shift when enough medicine for a whole shift is

loaded. While in case of running out of a medicine,

the reﬁll of that speciﬁc medicine can be done at any

time.

There are three possible ways of the medication

administration operation conclusion: (i) the patient

wants to take the medicine and the nurse adminis-

ters it; (ii) the nurse decides not to administer the

medicine, e.g., the medicine is used to lower the blood

pressure, and the patients blood pressure is very low,

and the medicine is not administered because of the

nurse decision; (iii) the patient decides to refuse the

medicine by some reasons, e.g., the patient believes

that the drug makes she feel sick.

In order to show the effects of introducing IT sys-

tems to the medication administration process, we

present below the Nursy Rolly

project

2.1 Nursy Rolly

- Smart Medication

Cart

The main outcome of the Nursy Rolly

project is

a system composed by a smart medication cart and

several software applications and systems, to assist

nurses during the medication administration process.

The access to the cart is controlled by smart-card

identiﬁcation that grant even traceability. The cart

includes a therapy system where physicians can pre-

scribe a therapy, and where the nurses read the physi-

cian order entries. Accessing the therapy system

from the cart, the nurse can be guided to administer

medicines to the patients she is responsible for.

Several veriﬁcations are done during medication

administration to assure the Six rights

of medica-

tion use (Pape et al., 2005). Every time a medicine

is picked up from the medication cart and planned to

be administrated, it has to be through barcode

read-

ing. When barcode is read, all information about

that speciﬁc medicine package is retrieved and con-

trolled, i.e., such as, expiration date, equivalence. Ev-

ery time a non equivalent medicine is selected in-

stead of the medicine prescribed by the physician or

expired medicine is checked, a near miss report is

automatically generated. Just before administering

the medicines to the patients, the nurse has to verify

if the patient is exactly the person she prepared the

medicines to. To do this, the patient bracelet has to be

GPI S.p.A., “Nursy-Rolly

- the Smart E-Trolley”

project number 10535.

Six rights: right medication, right dose, right route,

right patient, right time and right documentation.

In several countries, e.g., Italy, a double barcode has

been implemented. One represents the Medicine and the

other one represents the single box of medicine.

HEALTHCARE BUSINESS PROCESSES RISKS IDENTIFICATION AND MANAGEMENT - Approach for Medication

Administration Processes Re-engineering

293

Hospital

Ward

Nurse

Physician

Prescriptions

Prescribes

Collect

Prescriptions

Pharmacy

Medication Cart

Collect

Medicines

Replenish

Patients

Ask for Diagnosys

Get Medicines

Administer Medicines

Instances of the MABP

Risk Manager

Designer

Risk Analysis

Reads

Process

Model

Process

Model

Models

Risk Manager

Assess Risks

Risk Assessment

Figure 1: Scenario of the Medication Administration Business Process.

scanned. If the patient is not the supposed one, a near

miss report is triggered, otherwise the administration

of all the medicines prepared is done and the event is

recorded.

3 MABP RISKS IDENTIFICATION

ISSUES

The healthcare agencies encourage the adoption of

technologies to assist the nurse. The scope of such

technologies and tools is to avoid or mitigate risky

situations during medication administration.

Design choices made during the development of

new technologies and tools may not cover all the is-

sues that are raised when the technology is in use. The

reason is that speciﬁcities of the environment where

technologies and tools are to be used is only learned

during the actual introduction of the novelty to real

working scenario.

The main challenges are in foreseeing and con-

sidering the features necessary for obtaining a safe

MABP after the introduction of new technologies and

tools. Healthcare business processes are very com-

plex and highly dynamic. The possibility of providing

system risk analysis based on requirements obtained

just from parts of the business process, but not from

the whole process is challenging. At this point, one

has to consider the fact that the organizations differ

from hospital to hospital and from department to de-

partment.

Given a business process MABP implementing

technologies such as therapy software, and controls

such as barcode reader to conﬁrm the patient iden-

tify and right medicine. A set of problems P identi-

ﬁed during risk analysis, e.g., process deviations, pro-

cess violations, stock mismatch. This naturally leads

to posing the question of “How to identify the speci-

ﬁcities for new redesigned medication administration

business process MABP

to cover the issues raised and

to mitigate the risks?”.

Below, we discuss some of the problems that

might appear during the medication administration,

even after the implementation of new technologies.

New controls implemented could introduce new

risks to the process. Besides the new technology can

even not cover all the risky aspects in the administra-

tion process. We would like to discover these aspects

inspecting the software features with our methodol-

ogy. The need of scanning every patient’s bracelet ev-

ery time a medicine administration is done, may lead

the nurse to skip if she is in a hurry. These deviations

from the original business process model may lead to

errors.

Example 1. Nurse Maria is in a hurry, she admin-

isters the medicines to all her patients (including pa-

tient Katrin) without using the bracelet scanning to

check their identities. After an hour, the patient Ka-

trin dies. The autopsy reveals an insulin intoxication,

however the therapy plan for patient Katrin does not

contain insulin prescribed.

The fact that it was possible to skip (disable) the

identity checking, enabled the risk of error in switch-

ing patients therapy plans.

Example 2. According to Pietro’s therapy plan,

nurse Maria should administer the medicine X to him.

However, the medicine X is not available in the de-

HEALTHINF 2012 - International Conference on Health Informatics

294

partment. The head nurse has required the correct

medicine but the hospital store has sent an equivalent

one. The nurse administers the equivalent medicine

but cannot record the administration because it has a

different code.

The features designed and implemented by the

technology may not avoid violations of a correct busi-

ness process.

Example 3. Maria reads on Carlo’s therapy plan and

administers 600 mg of medicine Y to him. After half

an hour the patient feel sick because of an overdose.

The physician prescribed an incorrect dose but the

nurse couldn’t notice it because the previous dose was

administered by the nurse of the previous shift.

Example 4. Maria administers a medicine to patient

Roberto and a few minutes later, the patient dies. The

physician and the nurse did not read the allergies re-

port or the physician did not check allergies before

inserting the order entry.

Even though a physical audit in the cart content

is not done, a mismatch between physical stock of

medicine and logical stock registered in the medica-

tion cart system can be discovered. Two situations of

mismatch can happen, with different causes and im-

plications: (i) more drugs in the logical than in the

physical stock, (ii) more drugs in the physical than in

the logical stock.

More Drugs in the Logical than in the Physical

Stock. The fact that a medicine is missing, can be due

to the fact that it was forget to register a case of fallen

or spilt of a medicine, or due to the fact that some

medicine was administrated without being the event

registered.

Example 5. Nurse Maria is preparing the medicines

for the Patient Carlo and by mistake, drops a pill.

She takes another pill from the package and contin-

uous the administration without registering the event

of discarding the medicine was dropped. The logical

and physical stocks are not equivalent any more.

More Drugs in the Physical than in the Logi-

cal Stock. An excessive number of medicine in the

medication cart, other than it is supposed to be, based

on the logical stock can represent the case where the

nurse has put the medicines in the cart without loading

them with the software procedure because they were

patient medicines.

Example 6. Maria is about to load the medicine Z

for patient Carlo in the cart and she realizes that the

department does not have that speciﬁc medicine in the

stock. However, she knows that Carlo brought his own

medicine when he was admitted to the hospital. She

puts the drug box into the cart without registering the

event in the software, because the box does not have

the barcode label anymore.

The possible points of failure in the business pro-

cess design can be related to corner cases as it is in

the software veriﬁcation/test community. Situations

where a patient needs a medication immediately may

achieve a level of emergency where there is no sense

of following all the controls.

Example 7. Patient Pietro faints. Maria measures

his blood pressure and calls the physician. The physi-

cian orally prescribes a medicine and Maria adminis-

ters it to Pietro. As it was an emergency, nothing was

recorded on the software at that moment.

4 MABP RE-ENGINEERING

APPROACH

To assist the business process designer on the task of

re-modelling medication administration business pro-

cess to mitigate risks identiﬁed by the risk manager,

we propose a methodology based on the work of As-

nar et al. (Asnar et al., 2010). Although their approach

is originally devised for analysing risks during soft-

ware requirements analysis phase, it suits well to our

need of careful analysis to ﬁnd risk not managed yet.

The proposed methodology uses a Goal-Risk

(GR) model deﬁned in (Asnar et al., 2010), which

consists of three layers representing asset, events and

treatment. The GR model has to be designed follow-

ing the proposed methodology, which consists of 4

main steps illustrated in Figure 2: (1) Operational

Goals Extraction, (2) Risk Events Identiﬁcation, (3)

Problem Analysis and (4) Solution Design.

Operational Goals

Extraction

Risk Events

Identification

Problem Analysis

Solution Design

Figure 2: Proposed Methodology.

4.1 Operational Goals Extraction

The ﬁrst step of the proposed methodology is devised

to extract the operational goals from MABP and mod-

elling them into the Asset layer. Every operation iden-

tiﬁed in the business process is translated to a goal. To

have a higher detailed model of operational goals, the

goals can be reﬁned to subgoals using an AND/OR

decomposition. For example, a goal “Correct Ad-

ministration” could be reﬁned to subgoals such as

HEALTHCARE BUSINESS PROCESSES RISKS IDENTIFICATION AND MANAGEMENT - Approach for Medication

Administration Processes Re-engineering

295

“Conﬁrm Patient Identity” and “Conﬁrm the Right

Medicine”.

Goals can have also relationship among each other

in order to contribute positively or negatively to their

fulﬁlment. These relationships can be modelled using

a contribution relation. The contribution relation em-

ploys the concepts of Satisfy/Deny and the quantiﬁers

‘-‘, ‘–‘, ‘+‘ and ‘++‘. For example, the goal “Allow

Patient to Refuse Medicine” can contribute negatively

to the goal “Correct Administration”.

4.2 Risk Events Identiﬁcation

After operational goals individuation, we can start to

identify risk events. Making use of a goal-risk ap-

proach, it is possible to ﬁnd risk events by analysing

the relation between goals. When two different goals

have a negative impact to each other, it automatically

takes to a risky situation where Satisfying a goal may

imply to Denying the other. For example, the goal

“Allow barcode reader disabling” contributes nega-

tively to the goal “Conﬁrm Patient Identity”, a risk

event of “Wrong Patient” can be detected.

After identiﬁed, events have to be modelled in the

event layer, as it is shown in Figure 3. The events

are characterized with two properties: likelihood and

severity. Likelihood is modelled as a property of an

event, i.e., satisfy or deny, and severity is denoted as

the sign negative or positive of an impact relation. In

this way it is possible to model the impact each event

has on fulﬁlling operational goals.

Correct

Administration

Allow patient to

refuse medicine

Wrong

medicine

Wrong

patient

Overdose

Display warnings

for risk of overdose

Trace barcode

reader disabling

̶ ̶

̶ ̶ S

̶ S

Confirm

Patient Identity

Confirm Right

Medicine

AND

Allow barcode

reader disabling

Asset

Layer

Event

Layer

Treatment

Layer

+ D

̶ S

Figure 3: Goal-risk model.

4.3 Problem Analysis

The next step of the suggested methodology is de-

voted to analyse the problem(s) found in the business

process MABP. With the layers asset and event mod-

elled and including operational goals, events and their

relationships, it is possible to compute the fulﬁlment

of the operational goals with help of the Tropos goal

risk framework (Asnar et al., 2010). In this way, it

allows us to understand the problem and see which

operational goals are not fulﬁlled because of the risk

events present in the business process.

4.4 Solution Design

After the problems are identiﬁed and analysed,

the last step of the proposed methodology is per-

formed. To design a solution for the problem,

we use the treatment layer in the GR model.

The treatment layer allows us to introduce treat-

ments/countermeasures/mitigations with the purpose

of tackling the issues identiﬁed in the previous steps.

Just like the goals in the asset layer, the treatment

elements can be decomposed using AND/OR rela-

tionship. A treatment can impact in a risk either by

reducing its likelihood or by attenuating its severity.

To reduce the likelihood, a treatment is modelled us-

ing a contribution relation. To attenuate the severity

of an event, the alleviation relations are used, with the

purpose of reducing the impact sign to a lesser value.

Every situation may have different requirements

for safety. Some speciﬁc hospitals or speciﬁc depart-

ments can demand a more intensive work on the treat-

ment layer to cover a higher number of risks than oth-

ers. The example illustrated in Figure 3 shows the

treatments inserted to mitigate the risk events identi-

ﬁed.

5 METHODOLOGY

APPLICATION

We consider the medication administration business

process presented in Section 2 and apply the proposed

MABP Re-engineering methodology. The application

was done in collaboration with the Project Manager

and the Software Analyst (with healthcare expertise)

involved in the Nursy Rolly

project.

We start from the ﬁrst phase of the methodology,

when at the beginning operational goals are extracted

and then modelled in asset level, as it is done in Fig-

ure 4. The operational goals identiﬁed are listed as

follows: (i) Assure patient’s safety, (ii) Prescribe the

medicines correctly, (iii) Perform correct administra-

tion, (iv) Allow barcode reader disabling, (v) Allow

patient to refuse medicine, (vi) Perform the round on

time, (vii) Administer the right medicine, (viii) Ad-

minister to the right patient, (ix) Administer via the

right route, (x) Administer the right dose, (xi) Ad-

minister at the right time, (xii) Perform the right doc-

umentation after the administration.

HEALTHINF 2012 - International Conference on Health Informatics

296

Perform the

Round on time

Assure Patient

Safety

Support Admin.

Without

barcode

reading

Support

Equivalent

medicines

̶ ̶

̶ ̶ S

Right PatientRight Medicine

AND

Correct

Administration

Prescribe

Correctly

AND

Forget to

event

Equivalent

medicine

̶ ̶

+ D

̶ ̶ S

̶ ̶

Admin. in

Emergency

Barcode

reader

broken

Right Route

Right

Documentation

Right TimeRight Dose

Overdose

Display risk of

allergies and

medicine

Interactions

Allergic

Reaction

̶ ̶

̶ ̶ S

Allow patient to

refuse medicine

Wrong

medicine

Wrong

patient

Display

warnings for

risk of

overdose

Trace

barcode

reader

disabling

̶ ̶ ̶ ̶

̶ ̶ S

Allow barcode

reader disabling

+ D

External

medicine

(patient’s

medicine)

Treatment

Layer

Event

Layer

Asset

Layer

Support

administration

of external

medicines

̶ ̶ S

̶ S

Figure 4: Goal-risk model for the Medication Administration Process.

Then we start second phase of the methodology

where we analyse the relation between goals, and

based on the negative impact one goal applies to an-

other, we identify the risk events. The risk events are

then modeled in event layer, as it is illustrated in Fig-

ure 4. From the identiﬁcation of risk events, the fol-

lowing list is created: (i)Administration of an exter-

nal medicine (patients brings her own medicine), (ii)

Administer medicine in case of emergency, (iii) Ad-

minister an equivalent medicine, (iv) Select a wrong

medicine, (v) Select a wrong patient, (vi) The barcode

reader breaks, (vii) Overdose, (viii) Forget to register

an event, (ix) Allergic Reaction.

In the third phase of the methodology, we perform

the problem analysis. We take into account the opera-

tional goals that have their satisfaction compromised

by the occurrence of risk events. We also individuate

the risk events that causes direct impact on the opera-

tional goals satisfaction.

In the last phase of the methodology, we design

the solution to mitigate the risks. The solution is con-

centrated in the creation of treatments to minimize

the likelihood of a risk event happening. The treat-

ments created are: (i) Support administration of ex-

ternal medicines (patients brings her own medicine),

(ii) Support equivalent medicines, (iii) Support Ad-

ministration without barcode reading, (iv) Trace bar-

code reader disabling (register the situation when the

barcode is disabled), (v) Display warnings for risk of

overdose, (vi) Display risk of allergies and medicine

interaction.

6 RELATED WORK

We have followed the idea of using a Goal-Risk

model to identify and mitigate risk of errors during

medication administration process. We have adapted

the Tropos goal risk framework (Asnar et al., 2010),

which was originally proposed for analysing risks

during requirements analysis phase of software engi-

neering. They work analyse risks along with stake-

holder interests, and identify countermeasures, to be

introduced as part of information system’s require-

ments.

Other work related to risk management in health

care scenario is a platform called ReMINE (Arici

et al., 2010). They consider vulnerabilities in hos-

pital processes that may result in adverse events caus-

ing harm to patients. The authors propose risk control

rules to enable real time control of clinical processes.

Yet in the healthcare scenario, there is the

work (Rebuge and Ferreira, 2012). It considers

healthcare processes including medical treatment pro-

cesses and generic organizational processes. The au-

thors apply process mining techniques that leads to

detection of regular behaviour, process variants, and

exceptional medical cases.

Despite it is from a different community of re-

search, we also consider the work of (Pape, 2003) as

related to ours, because it aim at reducing errors dur-

ing medication administration process. They focus

on human factors and work redesign to create safer

procedures. They apply airline safety practices to in-

crease the level of attention the professional has to at-

tend when performing the most critical steps of med-

ication administration process.

HEALTHCARE BUSINESS PROCESSES RISKS IDENTIFICATION AND MANAGEMENT - Approach for Medication

Administration Processes Re-engineering

297

7 CONCLUDING REMARKS

One of the most thought challenging issues in risk

management is that of risks investigation and manage-

ment in healthcare business processes. The research

on complex business processes risk management is

well under way. While the existing approaches ad-

dress the issue of risk management of the already run-

ning business process and try to correct the errors oc-

curred during the execution. We consider that risks

should be identiﬁed and mitigated well before critical

error occurs.

The main contribution of the paper is to consider

issues of medication administration process risk in-

dividuation and propose a methodology for business

process re-engineering to mitigate the risks identiﬁed.

With the application of our methodology, it is pos-

sible to detect the risks present in the medication ad-

ministration business process. Knowing the risks, the

treatments necessary to avoid or mitigate them can be

properly planned. Furthermore, when treatments are

introduced, any additional risk that might appear can

be considered and treated as well.

The research presented in this work is still in

progress. This work prods for more investigation

of medication administration and of the medication

administration processes management. In the next

future, we plan to dive into the details of a frame-

work implementing the proposed business process re-

engineering approach and then to experiment in a real

hospital ward in Bassano, Italy. Furthermore, as fu-

ture work, we would like to extend the methodology

by introducing the management of metrics and indi-

cators of risk, and a suitable visualization for the in-

formation collected.

ACKNOWLEDGEMENTS

The authors thank Yudistira Asnar, Dario Betti, An-

namaria Chiasera for fruitful discussion and Marco

Aiello for comments on a previous version of this

paper. Leandro Paulo Bogoni thanks the Pontiﬁcal

Catholic University of RS, Brazil for hosting him

while part of the presented research was performed.

This work has been partly supported by the “Nursy-

Rolly

- the Smart E-Trolley” project number 10535,

GPI S.p.A.

REFERENCES

Arici, S., Bertele, P., and Trucco, P. (2010). Integrat-

ing Clinical Information for Real Time Patient Safety

Management: the ReMINE Platform. In Proceedings

of the XVI Congress of International Federation of

Health Records Organizations (IFHRO 2010), Milan,

Italy.

Asnar, Y., Giorgini, P., and Mylopoulos, J. (2010). Goal-

driven Risk Assessment in Requirements Engineer-

ing. Requirements Engineering, 16(2):101–116.

Barach, P. and Small, S. D. (2000). Reporting and Pre-

venting Medical Mishaps: Lessons from Non-medical

Near Miss Reporting Systems. BMJ, 320(7237):759–

763.

Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., and

Mylopoulos, J. (2004). TROPOS: An Agent-Oriented

Software Development Methodology. Journal of Au-

tonomous Agents and Multi-Agent Systems, 8(3):203–

236.

Castro, J., Kolp, M., and Mylopoulos, J. (2002). To-

wards Requirements-Driven Information Systems En-

gineering: The Tropos Project. Information Systems,

27(6):365–389.

Foote, S. O. and Coleman, J. R. (2008). Medication Admin-

istration: The Implementation Process of Bar-coding

for Medication Administration to Enhance Medica-

tion Safety. Nursing Economic, 26(3):207–210.

Kohn, L. J., Corrigan, J. M., and S., D. M., editors (2000).

To Err Is Human: Building a Safer Health System.

National Academy Press, Washington DC, 1 edition.

Pape, M. (2003). Applying Airline Safety Practices to Med-

ication Administration. Medsurg Nursing, 12(2):77–

93.

Pape, T. M., Guerra, D. M., Muzquiz, M., Bryant, J. B., In-

gram, M., Schranner, B., Alcala, A., Sharp, J., Bishop,

D., Carreno, E., and Welker, J. (2005). Innovative ap-

proaches to reducing nurses’ distractions during med-

ication administration. Journal of continuing educa-

tion in nursing, 36(3):108–16; quiz 141–2.

Rebuge, A. and Ferreira, D. R. (2012). Business Process

Analysis in Healthcare Environments: A Methodol-

ogy Based on Process Mining. Information Systems,

37(2):99–116.

The Joint Commission (2011). Sentinel Events Data Sum-

mary, October.

HEALTHINF 2012 - International Conference on Health Informatics

298