Approach for Medication Administration Processes Re-engineering
Leandro Paulo Bogoni
, Ganna Frankova
, Cristina Matteotti
, Fabio Casati
, Duncan Dubugras
and Giampaolo Armellin
Department of Information Engineering and Computer Science, University of Trento,
Via Sommarive, 14, 38123 Povo, TN, Italy
R&D Department, GPI S.p.A., Via Ragazzi del ’99, 13, 38123 Trento, Italy
Faculty of Informatics, Pontifical Catholic University of RS, Av. Ipiranga 6681, Porto Alegre, RS, Brazil
Business process, Risk management, Healthcare, Medication administration.
Medication administration in healthcare institutions is one of the critical processes that need to be carefully
considered from the risk management point of view. Medical administration errors are costly from several
perspectives as they lead to injuries, illness or even death and finally, significantly increase hospital expense.
In this article, we argue that efficient risk management approaches for medication administration business
processes are needed. Risks should be identified and mitigated well before critical error occurs.
The presented work describes issues of healthcare business process risk individuation and propose a method-
ology for business process re-engineering to mitigate the identified risks. To show the potential impact of
the approach, we illustrate the functioning of the methodology on the scenario derived from the application
domain of the Nursy Rolly
industrial R&D project.
Medication administration in healthcare institutions
is a critical process that requires accuracy, timeli-
ness and traceability. Medication administration er-
rors have serious direct and indirect effects and are
usually the consequence of a breakdown in a very
complex system (Foote and Coleman, 2008) that in-
cludes both medical devices, healthcare organization
and working practices. Errors can lead to injuries, ill-
ness or even death and increase significantly hospital
costs. According to (The Joint Commission, 2011),
medication error sentinel events resulting in death or
permanent loss of function are 319 from 2004 till
September 30th, 2011.
Risks of errors can be spread in any part of Med-
ication Administration Business Process (MABP).
Reasons of risks arising are usually due to bad design
or bad execution of MABP. On one hand, an insuffi-
cient quantity of controls may leave the process liable
of wrong interpretation and execution. On the other
hand, a process with excessive controls may lead the
operator to skip them in order to ease/speed activities.
An analysis of near miss
reports, as it is done
in aviation, nuclear power technology, petrochemical
processing, steel production, military operations and
air transportation, can highlight risky situations and
enable preventive actions (Barach and Small, 2000).
Preventive actions, by introduction of IT Systems, if
not planned carefully, can not be always effective in
risk reduction or can introduce new risks. The ques-
tion of potential risks early identification and intro-
duction of preventive actions without creating new
sources of risk in medication administration business
process arise. The main challenges are in foreseeing
and considering the necessary specificities for obtain-
ing safe MABPs.
The goal of this work is to provide a solution to
identify in advance the risks and enable risk managers
and business process designers to mitigate the errors
and improve medication administration business pro-
cess. To achieve this, we adapt the Tropos frame-
work (Castro et al., 2002; Bresciani et al., 2004) to
A near miss is an unplanned event that did not result
in injury, illness, or damage, but had the potential to do
so (Kohn et al., 2000).
Paulo Bogoni L., Frankova G., Matteotti C., Casati F., Dubugras Ruiz D. and Armellin G..
DOI: 10.5220/0003874602920298
In Proceedings of the International Conference on Health Informatics (HEALTHINF-2012), pages 292-298
ISBN: 978-989-8425-88-1
2012 SCITEPRESS (Science and Technology Publications, Lda.)
our scenario. We employ the approach of Asnar et
al. (Asnar et al., 2010) which is originally devised
for analysing risks during the software requirements
analysis phase. Our contribution is an approach that
uses a goal-risk model as main artifact and a method-
ology that starts from operational goals extraction,
goes to risk events identification, through problem
analysis and to solution design.
The rest of the paper is organized as follows. Sec-
tion 2 describes medication administration business
process and the application of technologies to assist
the nurse in performing the medication administra-
tion. In Section 3, we present the issues related to
identifying the risky situations during MABP execu-
tion. A methodology to identify and treat risks on
the process is proposed in Section 4. In Section 5
we apply the proposed methodology to the MABP.
Section 6 is devoted to the proposed approach and re-
lated work discussion. Concluding remarks and fu-
ture work are summarized in Section 7.
For this work, we take into account only the MABP
running inside a hospital ward as illustrated in Fig-
ure 1. It is based in a real scenario modelled by a het-
erogeneous group of IT and healthcare professionals.
The main actors involved in this MABP are: (i) Nurse,
responsible for reading the physician order entries ad-
ministering medicines to patients and (ii) Patient, who
can decide whether to take or refuse a medicine. An-
other actor involved is the Physician, who is respon-
sible for prescribing medicines to patients, however,
we assume the prescription of medicines is done be-
fore the administration begins and we do not tackle its
issues on this work;
The medication administration is performed dur-
ing predetermined timeslots, e.g., at 8 a.m. and at 11
a.m. The nurse
assures she collected all medicines
required to cover the patients needs and makes the
rounds. Calculation of the required quantity of
medicine for each round is performed by analysing
the therapies prescribed to the patients the nurse is re-
sponsible for. If the nurse uses of a medication cart,
she must load the medicines in the cart before starting
the first round of the shift. The refill is usually done
In this paper we only nominate the nurse as the re-
sponsible for performing MABP, even though we know that
there are situations where other healthcare professionals as-
sume this role.
every shift when enough medicine for a whole shift is
loaded. While in case of running out of a medicine,
the refill of that specific medicine can be done at any
There are three possible ways of the medication
administration operation conclusion: (i) the patient
wants to take the medicine and the nurse adminis-
ters it; (ii) the nurse decides not to administer the
medicine, e.g., the medicine is used to lower the blood
pressure, and the patients blood pressure is very low,
and the medicine is not administered because of the
nurse decision; (iii) the patient decides to refuse the
medicine by some reasons, e.g., the patient believes
that the drug makes she feel sick.
In order to show the effects of introducing IT sys-
tems to the medication administration process, we
present below the Nursy Rolly
2.1 Nursy Rolly
- Smart Medication
The main outcome of the Nursy Rolly
project is
a system composed by a smart medication cart and
several software applications and systems, to assist
nurses during the medication administration process.
The access to the cart is controlled by smart-card
identification that grant even traceability. The cart
includes a therapy system where physicians can pre-
scribe a therapy, and where the nurses read the physi-
cian order entries. Accessing the therapy system
from the cart, the nurse can be guided to administer
medicines to the patients she is responsible for.
Several verifications are done during medication
administration to assure the Six rights
of medica-
tion use (Pape et al., 2005). Every time a medicine
is picked up from the medication cart and planned to
be administrated, it has to be through barcode
ing. When barcode is read, all information about
that specific medicine package is retrieved and con-
trolled, i.e., such as, expiration date, equivalence. Ev-
ery time a non equivalent medicine is selected in-
stead of the medicine prescribed by the physician or
expired medicine is checked, a near miss report is
automatically generated. Just before administering
the medicines to the patients, the nurse has to verify
if the patient is exactly the person she prepared the
medicines to. To do this, the patient bracelet has to be
GPI S.p.A., “Nursy-Rolly
- the Smart E-Trolley”
project number 10535.
Six rights: right medication, right dose, right route,
right patient, right time and right documentation.
In several countries, e.g., Italy, a double barcode has
been implemented. One represents the Medicine and the
other one represents the single box of medicine.
Administration Processes Re-engineering
Medication Cart
Ask for Diagnosys
Get Medicines
Administer Medicines
Instances of the MABP
Risk Manager
Risk Analysis
Risk Analysis
Risk Manager
Assess Risks
Risk Assessment
Risk Assessment
Figure 1: Scenario of the Medication Administration Business Process.
scanned. If the patient is not the supposed one, a near
miss report is triggered, otherwise the administration
of all the medicines prepared is done and the event is
The healthcare agencies encourage the adoption of
technologies to assist the nurse. The scope of such
technologies and tools is to avoid or mitigate risky
situations during medication administration.
Design choices made during the development of
new technologies and tools may not cover all the is-
sues that are raised when the technology is in use. The
reason is that specificities of the environment where
technologies and tools are to be used is only learned
during the actual introduction of the novelty to real
working scenario.
The main challenges are in foreseeing and con-
sidering the features necessary for obtaining a safe
MABP after the introduction of new technologies and
tools. Healthcare business processes are very com-
plex and highly dynamic. The possibility of providing
system risk analysis based on requirements obtained
just from parts of the business process, but not from
the whole process is challenging. At this point, one
has to consider the fact that the organizations differ
from hospital to hospital and from department to de-
Given a business process MABP implementing
technologies such as therapy software, and controls
such as barcode reader to confirm the patient iden-
tify and right medicine. A set of problems P identi-
fied during risk analysis, e.g., process deviations, pro-
cess violations, stock mismatch. This naturally leads
to posing the question of “How to identify the speci-
ficities for new redesigned medication administration
business process MABP
to cover the issues raised and
to mitigate the risks?”.
Below, we discuss some of the problems that
might appear during the medication administration,
even after the implementation of new technologies.
New controls implemented could introduce new
risks to the process. Besides the new technology can
even not cover all the risky aspects in the administra-
tion process. We would like to discover these aspects
inspecting the software features with our methodol-
ogy. The need of scanning every patient’s bracelet ev-
ery time a medicine administration is done, may lead
the nurse to skip if she is in a hurry. These deviations
from the original business process model may lead to
Example 1. Nurse Maria is in a hurry, she admin-
isters the medicines to all her patients (including pa-
tient Katrin) without using the bracelet scanning to
check their identities. After an hour, the patient Ka-
trin dies. The autopsy reveals an insulin intoxication,
however the therapy plan for patient Katrin does not
contain insulin prescribed.
The fact that it was possible to skip (disable) the
identity checking, enabled the risk of error in switch-
ing patients therapy plans.
Example 2. According to Pietro’s therapy plan,
nurse Maria should administer the medicine X to him.
However, the medicine X is not available in the de-
HEALTHINF 2012 - International Conference on Health Informatics
partment. The head nurse has required the correct
medicine but the hospital store has sent an equivalent
one. The nurse administers the equivalent medicine
but cannot record the administration because it has a
different code.
The features designed and implemented by the
technology may not avoid violations of a correct busi-
ness process.
Example 3. Maria reads on Carlo’s therapy plan and
administers 600 mg of medicine Y to him. After half
an hour the patient feel sick because of an overdose.
The physician prescribed an incorrect dose but the
nurse couldn’t notice it because the previous dose was
administered by the nurse of the previous shift.
Example 4. Maria administers a medicine to patient
Roberto and a few minutes later, the patient dies. The
physician and the nurse did not read the allergies re-
port or the physician did not check allergies before
inserting the order entry.
Even though a physical audit in the cart content
is not done, a mismatch between physical stock of
medicine and logical stock registered in the medica-
tion cart system can be discovered. Two situations of
mismatch can happen, with different causes and im-
plications: (i) more drugs in the logical than in the
physical stock, (ii) more drugs in the physical than in
the logical stock.
More Drugs in the Logical than in the Physical
Stock. The fact that a medicine is missing, can be due
to the fact that it was forget to register a case of fallen
or spilt of a medicine, or due to the fact that some
medicine was administrated without being the event
Example 5. Nurse Maria is preparing the medicines
for the Patient Carlo and by mistake, drops a pill.
She takes another pill from the package and contin-
uous the administration without registering the event
of discarding the medicine was dropped. The logical
and physical stocks are not equivalent any more.
More Drugs in the Physical than in the Logi-
cal Stock. An excessive number of medicine in the
medication cart, other than it is supposed to be, based
on the logical stock can represent the case where the
nurse has put the medicines in the cart without loading
them with the software procedure because they were
patient medicines.
Example 6. Maria is about to load the medicine Z
for patient Carlo in the cart and she realizes that the
department does not have that specific medicine in the
stock. However, she knows that Carlo brought his own
medicine when he was admitted to the hospital. She
puts the drug box into the cart without registering the
event in the software, because the box does not have
the barcode label anymore.
The possible points of failure in the business pro-
cess design can be related to corner cases as it is in
the software verification/test community. Situations
where a patient needs a medication immediately may
achieve a level of emergency where there is no sense
of following all the controls.
Example 7. Patient Pietro faints. Maria measures
his blood pressure and calls the physician. The physi-
cian orally prescribes a medicine and Maria adminis-
ters it to Pietro. As it was an emergency, nothing was
recorded on the software at that moment.
To assist the business process designer on the task of
re-modelling medication administration business pro-
cess to mitigate risks identified by the risk manager,
we propose a methodology based on the work of As-
nar et al. (Asnar et al., 2010). Although their approach
is originally devised for analysing risks during soft-
ware requirements analysis phase, it suits well to our
need of careful analysis to find risk not managed yet.
The proposed methodology uses a Goal-Risk
(GR) model defined in (Asnar et al., 2010), which
consists of three layers representing asset, events and
treatment. The GR model has to be designed follow-
ing the proposed methodology, which consists of 4
main steps illustrated in Figure 2: (1) Operational
Goals Extraction, (2) Risk Events Identification, (3)
Problem Analysis and (4) Solution Design.
Operational Goals
Risk Events
Problem Analysis
Solution Design
Figure 2: Proposed Methodology.
4.1 Operational Goals Extraction
The first step of the proposed methodology is devised
to extract the operational goals from MABP and mod-
elling them into the Asset layer. Every operation iden-
tified in the business process is translated to a goal. To
have a higher detailed model of operational goals, the
goals can be refined to subgoals using an AND/OR
decomposition. For example, a goal “Correct Ad-
ministration” could be refined to subgoals such as
Administration Processes Re-engineering
“Confirm Patient Identity” and “Confirm the Right
Goals can have also relationship among each other
in order to contribute positively or negatively to their
fulfilment. These relationships can be modelled using
a contribution relation. The contribution relation em-
ploys the concepts of Satisfy/Deny and the quantifiers
‘-‘, ‘–‘, ‘+‘ and ‘++‘. For example, the goal Allow
Patient to Refuse Medicine” can contribute negatively
to the goal “Correct Administration”.
4.2 Risk Events Identification
After operational goals individuation, we can start to
identify risk events. Making use of a goal-risk ap-
proach, it is possible to find risk events by analysing
the relation between goals. When two different goals
have a negative impact to each other, it automatically
takes to a risky situation where Satisfying a goal may
imply to Denying the other. For example, the goal
Allow barcode reader disabling” contributes nega-
tively to the goal “Confirm Patient Identity”, a risk
event of “Wrong Patient” can be detected.
After identified, events have to be modelled in the
event layer, as it is shown in Figure 3. The events
are characterized with two properties: likelihood and
severity. Likelihood is modelled as a property of an
event, i.e., satisfy or deny, and severity is denoted as
the sign negative or positive of an impact relation. In
this way it is possible to model the impact each event
has on fulfilling operational goals.
Allow patient to
refuse medicine
Display warnings
for risk of overdose
Trace barcode
reader disabling
̶ ̶
̶ ̶
̶ ̶ S
̶ S
Patient Identity
Confirm Right
Allow barcode
reader disabling
+ D
+ D
̶ S
Figure 3: Goal-risk model.
4.3 Problem Analysis
The next step of the suggested methodology is de-
voted to analyse the problem(s) found in the business
process MABP. With the layers asset and event mod-
elled and including operational goals, events and their
relationships, it is possible to compute the fulfilment
of the operational goals with help of the Tropos goal
risk framework (Asnar et al., 2010). In this way, it
allows us to understand the problem and see which
operational goals are not fulfilled because of the risk
events present in the business process.
4.4 Solution Design
After the problems are identified and analysed,
the last step of the proposed methodology is per-
formed. To design a solution for the problem,
we use the treatment layer in the GR model.
The treatment layer allows us to introduce treat-
ments/countermeasures/mitigations with the purpose
of tackling the issues identified in the previous steps.
Just like the goals in the asset layer, the treatment
elements can be decomposed using AND/OR rela-
tionship. A treatment can impact in a risk either by
reducing its likelihood or by attenuating its severity.
To reduce the likelihood, a treatment is modelled us-
ing a contribution relation. To attenuate the severity
of an event, the alleviation relations are used, with the
purpose of reducing the impact sign to a lesser value.
Every situation may have different requirements
for safety. Some specific hospitals or specific depart-
ments can demand a more intensive work on the treat-
ment layer to cover a higher number of risks than oth-
ers. The example illustrated in Figure 3 shows the
treatments inserted to mitigate the risk events identi-
We consider the medication administration business
process presented in Section 2 and apply the proposed
MABP Re-engineering methodology. The application
was done in collaboration with the Project Manager
and the Software Analyst (with healthcare expertise)
involved in the Nursy Rolly
We start from the first phase of the methodology,
when at the beginning operational goals are extracted
and then modelled in asset level, as it is done in Fig-
ure 4. The operational goals identified are listed as
follows: (i) Assure patient’s safety, (ii) Prescribe the
medicines correctly, (iii) Perform correct administra-
tion, (iv) Allow barcode reader disabling, (v) Allow
patient to refuse medicine, (vi) Perform the round on
time, (vii) Administer the right medicine, (viii) Ad-
minister to the right patient, (ix) Administer via the
right route, (x) Administer the right dose, (xi) Ad-
minister at the right time, (xii) Perform the right doc-
umentation after the administration.
HEALTHINF 2012 - International Conference on Health Informatics
Perform the
Round on time
Assure Patient
Support Admin.
̶ ̶
̶ ̶
̶ ̶ S
̶ ̶ S
Right PatientRight Medicine
Forget to
register an
̶ ̶
̶ ̶
+ D
̶ ̶ S
̶ ̶
Admin. in
Right Route
Right TimeRight Dose
Display risk of
allergies and
̶ ̶
̶ ̶
̶ ̶
̶ ̶ S
̶ ̶ S
Allow patient to
refuse medicine
warnings for
risk of
̶ ̶ ̶ ̶
̶ ̶ S
Allow barcode
reader disabling
+ D
+ D
of external
̶ ̶ S
̶ S
̶ S
Figure 4: Goal-risk model for the Medication Administration Process.
Then we start second phase of the methodology
where we analyse the relation between goals, and
based on the negative impact one goal applies to an-
other, we identify the risk events. The risk events are
then modeled in event layer, as it is illustrated in Fig-
ure 4. From the identification of risk events, the fol-
lowing list is created: (i)Administration of an exter-
nal medicine (patients brings her own medicine), (ii)
Administer medicine in case of emergency, (iii) Ad-
minister an equivalent medicine, (iv) Select a wrong
medicine, (v) Select a wrong patient, (vi) The barcode
reader breaks, (vii) Overdose, (viii) Forget to register
an event, (ix) Allergic Reaction.
In the third phase of the methodology, we perform
the problem analysis. We take into account the opera-
tional goals that have their satisfaction compromised
by the occurrence of risk events. We also individuate
the risk events that causes direct impact on the opera-
tional goals satisfaction.
In the last phase of the methodology, we design
the solution to mitigate the risks. The solution is con-
centrated in the creation of treatments to minimize
the likelihood of a risk event happening. The treat-
ments created are: (i) Support administration of ex-
ternal medicines (patients brings her own medicine),
(ii) Support equivalent medicines, (iii) Support Ad-
ministration without barcode reading, (iv) Trace bar-
code reader disabling (register the situation when the
barcode is disabled), (v) Display warnings for risk of
overdose, (vi) Display risk of allergies and medicine
We have followed the idea of using a Goal-Risk
model to identify and mitigate risk of errors during
medication administration process. We have adapted
the Tropos goal risk framework (Asnar et al., 2010),
which was originally proposed for analysing risks
during requirements analysis phase of software engi-
neering. They work analyse risks along with stake-
holder interests, and identify countermeasures, to be
introduced as part of information system’s require-
Other work related to risk management in health
care scenario is a platform called ReMINE (Arici
et al., 2010). They consider vulnerabilities in hos-
pital processes that may result in adverse events caus-
ing harm to patients. The authors propose risk control
rules to enable real time control of clinical processes.
Yet in the healthcare scenario, there is the
work (Rebuge and Ferreira, 2012). It considers
healthcare processes including medical treatment pro-
cesses and generic organizational processes. The au-
thors apply process mining techniques that leads to
detection of regular behaviour, process variants, and
exceptional medical cases.
Despite it is from a different community of re-
search, we also consider the work of (Pape, 2003) as
related to ours, because it aim at reducing errors dur-
ing medication administration process. They focus
on human factors and work redesign to create safer
procedures. They apply airline safety practices to in-
crease the level of attention the professional has to at-
tend when performing the most critical steps of med-
ication administration process.
Administration Processes Re-engineering
One of the most thought challenging issues in risk
management is that of risks investigation and manage-
ment in healthcare business processes. The research
on complex business processes risk management is
well under way. While the existing approaches ad-
dress the issue of risk management of the already run-
ning business process and try to correct the errors oc-
curred during the execution. We consider that risks
should be identified and mitigated well before critical
error occurs.
The main contribution of the paper is to consider
issues of medication administration process risk in-
dividuation and propose a methodology for business
process re-engineering to mitigate the risks identified.
With the application of our methodology, it is pos-
sible to detect the risks present in the medication ad-
ministration business process. Knowing the risks, the
treatments necessary to avoid or mitigate them can be
properly planned. Furthermore, when treatments are
introduced, any additional risk that might appear can
be considered and treated as well.
The research presented in this work is still in
progress. This work prods for more investigation
of medication administration and of the medication
administration processes management. In the next
future, we plan to dive into the details of a frame-
work implementing the proposed business process re-
engineering approach and then to experiment in a real
hospital ward in Bassano, Italy. Furthermore, as fu-
ture work, we would like to extend the methodology
by introducing the management of metrics and indi-
cators of risk, and a suitable visualization for the in-
formation collected.
The authors thank Yudistira Asnar, Dario Betti, An-
namaria Chiasera for fruitful discussion and Marco
Aiello for comments on a previous version of this
paper. Leandro Paulo Bogoni thanks the Pontifical
Catholic University of RS, Brazil for hosting him
while part of the presented research was performed.
This work has been partly supported by the “Nursy-
- the Smart E-Trolley” project number 10535,
GPI S.p.A.
Arici, S., Bertele, P., and Trucco, P. (2010). Integrat-
ing Clinical Information for Real Time Patient Safety
Management: the ReMINE Platform. In Proceedings
of the XVI Congress of International Federation of
Health Records Organizations (IFHRO 2010), Milan,
Asnar, Y., Giorgini, P., and Mylopoulos, J. (2010). Goal-
driven Risk Assessment in Requirements Engineer-
ing. Requirements Engineering, 16(2):101–116.
Barach, P. and Small, S. D. (2000). Reporting and Pre-
venting Medical Mishaps: Lessons from Non-medical
Near Miss Reporting Systems. BMJ, 320(7237):759–
Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., and
Mylopoulos, J. (2004). TROPOS: An Agent-Oriented
Software Development Methodology. Journal of Au-
tonomous Agents and Multi-Agent Systems, 8(3):203–
Castro, J., Kolp, M., and Mylopoulos, J. (2002). To-
wards Requirements-Driven Information Systems En-
gineering: The Tropos Project. Information Systems,
Foote, S. O. and Coleman, J. R. (2008). Medication Admin-
istration: The Implementation Process of Bar-coding
for Medication Administration to Enhance Medica-
tion Safety. Nursing Economic, 26(3):207–210.
Kohn, L. J., Corrigan, J. M., and S., D. M., editors (2000).
To Err Is Human: Building a Safer Health System.
National Academy Press, Washington DC, 1 edition.
Pape, M. (2003). Applying Airline Safety Practices to Med-
ication Administration. Medsurg Nursing, 12(2):77–
Pape, T. M., Guerra, D. M., Muzquiz, M., Bryant, J. B., In-
gram, M., Schranner, B., Alcala, A., Sharp, J., Bishop,
D., Carreno, E., and Welker, J. (2005). Innovative ap-
proaches to reducing nurses’ distractions during med-
ication administration. Journal of continuing educa-
tion in nursing, 36(3):108–16; quiz 141–2.
Rebuge, A. and Ferreira, D. R. (2012). Business Process
Analysis in Healthcare Environments: A Methodol-
ogy Based on Process Mining. Information Systems,
The Joint Commission (2011). Sentinel Events Data Sum-
mary, October.
HEALTHINF 2012 - International Conference on Health Informatics