Digitalization of Healthcare Processes Through BPMN for Clinical

Risk Monitoring and Management

Vincenzo Cartelli

, Leonardo Longo

, Orazio Tomarchio

and Natalia Trapani

Allincloud s.r.l, Catania, Italy

Department of Electrical Electronic and Computer Engineering, University of Catania, Italy

Keywords: Digitalization, Healthcare, Business, Process, Management, Risk, BPMN.

Abstract: Several recent studies have provided alarming data regarding the occurrence of errors in healthcare in all

OECD (Organization for Economic Co-operation and Development) countries, including, to a significant

extent, also Italy. Many of these errors seem to be largely due to failure to comply with company operating

procedures, which are typically based on ministerial directives and international standards. In this context, the

paper describes the work carried out in an Italian research project where a more structured approach to the

healthcare sector has been proposed, focusing on clinical risk management. Clinical processes have been

modelled by using BPMN (Business Process Modelling and Notation) standard notation and then interfaced

with the hospital information system to monitor and manage clinical risks. Digitalization of operating

procedures also allowed the definition and computation of several KPIs (Key Performance Indicators) for

long-term monitoring. The work carried out in the experimental phase of the project, through the developed

system, highlighted the areas most affected by operational non-conformities, to address actions aimed at

safeguarding the patient's health and, indirectly, providing considerable economic savings.

1 INTRODUCTION

The rapid technological progress of recent years,

accompanied by the growing use of information

systems suitable for supporting their implementation

in complex business and organizational contexts, has

favoured the adoption of increasingly structured, safe,

and standardized approaches for modern production

processes, making them also more efficient and

monitorable. Latest trends in business automation and

digitalization, and the transformation of production

contexts enabled by Industry 4.0, have also

accelerated the adaptation process to new

organizational requirements to cope with the global

market, which requires products of ever-increasing

quality, in a short timeframe and suited to the needs

of the customer. In such a context any non-conformity

translates into an enormous cost, both from an

economic and image point of view. This need was not

confined to the industrial production sector, but also

has extended to the services market and operations,

thanks above all to the ever-increasing diffusion of

https://orcid.org/0000-0003-4653-0480

https://orcid.org/0000-0001-6221-5355

the IoT and cloud computing, which make it possible

to overcome the old infrastructural barriers that

represented an obstacle to the high level of

customization, scalability and resilience required by

the clients.

The concept of Smart Hospital also fits into this

promising context, thanks to the advent of modern

technologies and IT infrastructures, a different

approach in healthcare, guaranteeing more accurate

results, the reduction of errors, as well as greater

efficiency, speed, and agility of all medical

procedures, necessary above all for clinical risk

management. This also indirectly translates into a

reduction of costs related to compensation for damage

caused to patients who are victims of medical errors

or medical malpractice, resulting in a higher quality

of produced output, and therefore in greater patient

trust.

This work was carried out within the Italian

project “Mo.Ri.San Monitoring and management of

clinical risk in the social and health care sector”,

whose main objective was to provide useful tools for

Cartelli, V., Longo, L., Tomarchio, O. and Trapani, N.

Digitalization of Healthcare Processes Through BPMN for Clinical Risk Monitoring and Management.

DOI: 10.5220/0011850300003476

In Proceedings of the 9th International Conference on Information and Communication Technologies for Ageing Well and e-Health (ICT4AWE 2023), pages 151-158

ISBN: 978-989-758-645-3; ISSN: 2184-4984

 2023 by SCITEPRESS – Science and Technology Publications, Lda. Under CC license (CC BY-NC-ND 4.0)

151

the reduction of clinical risk and risk management,

using Information Technology and process

management as enablers to guarantee patient safety

and, indirectly, economic savings in the long term.

To reach these objectives a structured approach to

a healthcare context was applied, which is strongly

characterized by operations and human interactions,

really difficult to control and standardize by their

nature, with the aim of monitoring operational non-

conformities within their processes.

Within the project, the basic approach was to

adopt the Business Process Management

methodology to build executable models of the care

pathways provided within some healthcare facilities.

More specifically the standard notation BPMN 2.0

was used to model structured and repeatable

processes (OMG (2013)).

The results and the evaluations carried out in our

study will be used by the private clinics partners of

the project, concerned with implementing operations’

restrictions or constraints within the software used,

thus guaranteeing the adherence of the work of

physicians and nurses to the medical and

organizational operating procedures, according to the

current legislative framework and the standards of

reference.

The rest of the paper is organized as follows.

Related work is reported in Section 2. In Section 3 the

process modelling phase is described together with

some details on a specific process. Then Section 4

reports the risk analysis performed, while system

integration with the existing hospital information

system is described in Section 5. Section 6 describes

the experimental phase and discusses about the

obtained results. Finally, we conclude the work in

Section 7.

2 RELATED WORK

Clinical risk management, which is a requirement of

current legislation in the healthcare sector, represents

an important factor in modern healthcare systems.

According to research conducted by Kohn et al.

(2000), of the IOM - Institute of Medicine, clinical

risk can be defined as the "probability that a patient

is victim of an adverse event, that is, suffers any

damage or discomfort attributable, even if

involuntarily, to treatment provided during the period

of hospitalization, a worsening of health conditions

or fatality"; its inadequate management represents

one of the main causes of legal actions against health

structures in OECD countries, as well as, according

to the Institute for Healthcare Improvement, has

become the third leading cause of death in the United

States.

The ever greater technological, regulatory, and

organizational changes in the healthcare sector have

therefore required the adoption of increasingly in-

depth analysis, aimed at identifying the causes of

adverse events, and intervening even before they can

occur. In this regard, Cagliano et al. (2011)

demonstrated the advantages deriving from the

application of a structured and systemic approach in

identifying risks for the patient, by the Reason theory,

within health contexts characterized, by their nature,

by a strong variability linked to human decision-

making processes.

Wingate (2003) highlighted the possible impact

of computerized systems within healthcare and

pharmaceutical companies, to support daily

operations, evaluating regulatory compliance through

IT validation systems.

In Crotti Junior et al. (2020) an Access Risk

Knowledge (ARK) platform has been presented and

used in clinical risk management. The ARK platform

uses Semantic Web technologies to model, integrate,

and classify risk and socio-technical system analysis

information from both qualitative and quantitative

data sources into a unified risk graph. A clinical

safety management taxonomy to annotate qualitative

risk data has been developed, in order to support

automated analysis.

Furthermore, several recent studies have

proposed the implementation of Business Process

Management in the healthcare sector. Among these,

Emanuele and Koetter (2007) analyzed a case study

of integration between BPM (Business Process

Management) and corporate information systems

within a healthcare facility, highlighting the

advantages related to the support it can give to

processes.

A further study by Reichert (2011) analyzed the

possibility of adopting PAIS (Process Aware

Information Systems), which have healthcare

business processes implemented within them,

highlighting the need of flexibly to adapt them to the

variability that characterizes the healthcare pathways,

through all the decision-making processes of which

they are composed.

Gomes et al. (2018) proposed a case of integration

between models of healthcare processes, created

using the BPMN 2.0 standard, and the electronic

medical record.

However, it should be highlighted that, since

modern health systems are highly interconnected and

dependent on the large amount of data they generate,

patient safety relies not only on the adoption of the

ICT4AWE 2023 - 9th International Conference on Information and Communication Technologies for Ageing Well and e-Health

152

best medical practices and on the healthcare

pathways, which are as standardized as possible and

established by current and regional regulations but

also from the correct treatment of personal data,

which can guarantee privacy both during

hospitalization phases and in subsequent periods.

In this regard, in recent years new frameworks

mainly focused on ensuring patient cybersecurity

have emerged, such as, for example, the CUREX

conceptual model (Kougka et al., 2021), which offers

a platform-independent integrated environment to

execute cybersecurity and risk assessments, to verify

the security and robustness of information systems

containing sensitive data, as well as providing a

useful tool for the correct exchange of patients’

information between different healthcare facilities,

through the adoption of technologies such as the

blockchain and IoT (Internet of Things) devices.

Although the safety and privacy of patients have

been strongly considered in the context of the

proposed study, through the anonymization of the

data provided and processed by the developed model,

it is mainly focused on the analysis and monitoring of

the critical issues related to the adoption of incorrect

medical practices, which could lead to serious

physical harms to patients.

From the preliminary research executed, therefore

emerges the lack of a real-time monitoring system of

the risks that may occur during healthcare pathways

within health facilities, based on a structured and

standardized approach, as proposed by the OMG

Healthcare Domain Taskforce (2020), which is the

scope of the study.

As anticipated, the modern context, strongly

influenced by digital transformation, together with

the greater awareness and attention of the institutions

towards the clinical risk, have provided the main

input and the possibility of developing the project,

thanks to the tools they make available, as well as the

cultural changes taking place.

3 PROCESS MODELLING

Through the process models, the study aimed to

create a digital representation of the healthcare

procedures, which could be performed in

background, through the recordings reported on

Healthcare ERP software, with which they exchange

data and information, allow to instantiate a new

process, complete a certain task, or exchange

messages necessary for their execution.

Through this approach, it was possible to trace

daily operations performance, evaluating the

operational differences, also with respect to the

procedures established by the companies, by a status

code returned by the system.

To model the processes the Signavio platform was

used. This tool allows you to create business process

models using the BPMN 2.0 standard and allows

different users to collaborate on the same process

modeling in real time. By using this platform, it was

possible to highlight all the decision-making

processes, the involved actors, the documents, and

information exchanged within the identified

processes.

The built models can be traced back to Petri nets,

in which a transition of the state associated with the

system occurs upon predetermined conditions.

For the preliminary study phase, the operating

procedures in use at the clinics involved were used,

thanks to which it was possible to identify three main

processes for the subsequent modeling and analysis

phases:

- Laboratory analysis processes;

- Surgical room processes;

- Drug management and administration processes.

After the preliminary study phase and the

collection of essential information and operating

procedures by the healthcare facilities, a first version

of the process models was created as closely as

possible to the operations carried out by healthcare

personnel within the companies.

For the surgical room processes, the following

sub-processes were identified and built:

− Hospitalization phase, execution of the pre-

operative medical examinations and planning of

the surgical intervention.

− Pre-surgical phase, concerning the preparation of

the patient and his transport and access to the

surgical block, verification of the completeness

of the documentation supplied with the patient.

− Surgical phase, including the records relating to

the surgical and anaesthetic medical practices

adopted.

− Post-surgical phase, concerning the recordings

made on Healthcare ERP software concerning

the monitoring of the patient's vital parameters in

the phase immediately following the surgical

operation.

The modelling of laboratory analysis processes

involved the following sub-processes:

− Pre-analytical phase, which begins with the

request for laboratory analysis by the physician,

continuing with the preparation of the patient and

the collection of the sample by the nursing staff,

Digitalization of Healthcare Processes Through BPMN for Clinical Risk Monitoring and Management

153

and with the subsequent sorting of the samples,

identified and labelled, to the analysis laboratory.

− Analytical phase, in which the actual analysis of

the samples provided by the department takes

place, according to different paths for the

examinations that can be performed with

instrumentation interfaced with healthcare ERP

software and those that can be performed

manually or with non-interfaced instrumentation.

− Post-analytical phase, which concerns the

communication of the results to the department

and their reporting.

The models of drug management and administration

processes have been divided into the following sub-

processes:

− Phase of medical examination, during which the

patient's condition is re-evaluated, then the

therapy is prescribed or updated. In the case of

first access, pharmacological recognition is also

carried out, as well as the patient's anamnesis, to

identify the therapies already in act, allergies,

and pathologies of the patient that must be taken

into consideration for subsequent prescriptions

and administrations.

− Phase of preparation and administration of the

drug, in which the nursing staff proceeds to the

correct identification of the patient, preparation

of the drug, and subsequent administration.

− Monitoring phase, in which any abnormalities or

adverse reactions in patients due to

administration are recorded.

− Pharmacological reconciliation, at the time of

discharge, in which the medical staff delivers the

SUT (Single Therapy Card) to the patient,

providing him/her with the necessary

information regarding the therapy to be followed

after discharge.

The adherence of these models (as-is configuration)

to the standards identified in the preliminary study

phase and to the current legislation was considered, to

evaluate a possible redesign and a to-be

configuration.

As an example, the workflow concerning the

patient's hospitalization booking sub-process is

shown in Figure 1. In it, many of the elements that the

BPMN 2.0 standard makes available for modelling

have been used.

Figure 1: A simple process model representing the patient

hospitalization booking.

The elements of the workflow represented

through circles represent start events, intermediate

events or end events, while the tasks, i.e. the

elementary operations which compose the model, are

represented through rectangles.

As shown in Listing 1, the initial start event,

which represents the receipt of a new booking, is

started as soon as the management software, through

the prepared REST (Representational State Transfer)

web-service, sends the JSON (Javascript Object

Notation), containing all the booking information, to

the appropriate endpoint.

Listing 1: JSON for the new-booking request.

The system, in turn, sends a response to the

management software, shown in Listing 2.

Listing 2: JSON for the new-booking response.

The JSON is addressed by the management

software on an endpoint of type / message / start,

which allows, upon receipt, to start a new instance of

the process.

The next manual task is automatically performed

by the process engine upon receiving the JSON

shown.

The next task, created by a script task, contains a

Groovy script which is executed by the process

engine when the task itself is instantiated. Through

this script, the execution variables of the “Sanitary

acceptance” process are set with the value received

through the JSON, while the “initiator”, i.e. the user

who started the process instance, is assigned to the

“evaluator” variable.

The next gateway, of the XOR type, allows the

flow to continue along only one of the outgoing

branches. If the condition

${SanitaryAcceptance ==

"hospitalization"}

is verified, meaning that the

patient's hospitalization has been arranged, then the

{

"key": "new-booking",

"businessKey": "<booking ID>",

"payload": {

"initiator": "<user ID>"

}

{

"key": "new-booking",

"businessKey": "<booking ID>",

"correlation": object,

"payload": {

"started": [ {

"processId": string,

"businessKey": "<booking ID>",

"initiator": "<user ID>"

} ]

"errors": [string]

}

ICT4AWE 2023 - 9th International Conference on Information and Communication Technologies for Ageing Well and e-Health

154

flow will continue towards the subsequent tasks,

while it will be directed to an end event otherwise.

The flow will therefore await the receipt of the

JSON corresponding to the subsequent user

registration on the management software, containing

the "key" field: "assignment-id-shelter", and a

structure like the JSON previously illustrated. In each

of the JSONs, there is the “businessKey” field,

having the reservation ID as a unique value, through

which it is possible to correlate all subsequent

requests to the correct process instance.

The next script task, containing the Groovy script

shown in Listing 3, is started and executed

immediately upon receipt of the hospitalization ID

assignment message.

Listing 3: Example of a script task.

Through the previous script, key, businessKey and

payload variables are defined, within which the

values of the previously illustrated process variables

are entered, such as HospitalizationId and initiator.

Through the method

messageService.createMessage(), to which the

previously defined variables are passed as

parameters, a message is created addressed to the

subprocess shown below, allowing to start a new

instance.

The message sent by the previous script task

allows to start the start event of the hospitalization

sub-process (shown in Figure 2), followed by a script

task, with which the variable containing the

information of the initiator of the process is set.

Figure 2 Start hospitalization subprocess.

The next human task is performed upon receipt,

by the management software, of the respective JSON,

in which the "key" field: "compilation-file-

anamnesis" allows you to refer it to the correct task,

while the "businessKey" field allows you to correlate

it the process instance of the patient for which

registration on the software is being carried out. In

this case, a / task / complete web-service REST was

used to interface the two systems.

Downstream of the human task, the period of stay

of the patient inside the structure was modelled

through the use of a subprocess, through an AND

gateway, which allows the process instance to

continue on the three outgoing branches, for each of

which a collapsed subprocess has been inserted,

which refers to the relative models created for the

processes of drug administration, surgery, and

laboratory analysis.

The boundary event of receipt of the

communication message is instantiated upon

registration on the management software of the

patient's discharge from the facility, entered by the

physician or nurse, which corresponds to the sending

of a JSON containing the "key":"Discharge", and

with a structure like those previously illustrated.

Upon receipt of the discharge message, the relative

process instance is closed.

4 RISK ANALYSIS

After the modeling phase, a risk analysis was

conducted with the H-FMEA methodology

(Healthcare Failure Mode and Effect Analysis),

reaching for each of them the identification of the

risks and the calculation of the relative RPN (Risk

Priority Number), the identification of possible

consequential damages and the adopted prevention

measures. To determine the RPN, the following

parameters were used:

− S = Severity of the injury or damage that the

patient may suffer.

− L = Likelihood or probability that the event

happens.

− D = Detection, the ease and difficulty of

detecting the error before it causes damage.

The calculated RPN made it possible to

hypothesize an order of priority of intervention for the

various risk factors, as well as to build statistics on

the phases most affected by errors within the same

process, also allowing the identification of causes and

containment factors.

Based on the results of the H-FMEA analysis and

the Ministerial evidence, a set of indicators was built

referring to the processes that were modelled in the

previous phases and suitably integrated with other

indicators already in use in nursing homes.

def key = "sanitary acceptance";

def businessKey =

HospitalizationIdAssignment.get("HospitalizationId");

def payload = commonService.payloadBuilder().put

("initiator",execution.getVariable("evaluator")).build

();

def message = messageService.createMessage(key,

businessKey, null, payload);

messageService.start(message);

Digitalization of Healthcare Processes Through BPMN for Clinical Risk Monitoring and Management

155

This set has the purpose of monitoring the

progress of the processes, the correct execution of the

various phases, and avoiding errors related to the

deviation from the company procedures established

for the execution of the same. To do this, the

indicators have been designed to be measured over

different time horizons.

A subset of them, once implemented in respective

digital dashboards, will provide constantly updated

information, to promptly identify any anomalies with

respect to what is established by the work plans or by

the evaluation criteria, thus representing a tool

capable of reducing the incidence or severity of the

risk factors found within the processes in the previous

stages.

The remaining part of the indicators has been

designed to constitute medium to long-term

monitoring, measuring and certifying the effective

reduction of clinical risk resulting from the

implementation of the project itself, which can be

found in the reduction of significant events.

This set of indicators was used to create a new

software module, made available to clinics, which

allows you to extract its value based on the data

contained in the respective databases, then evaluate

its temporal trend, as well as any abnormal variation.

5 SYSTEM INTEGRATION

To interface the models created within the project to

the management software in use at the facilities, as

anticipated, three different types of REST web-

services were used (as shown in

Figure

3):

• Message/start, when received by the engine

corresponds to the start of an instance of a

specific process.

• Message/send, through which data is

exchanged between the engine and

management software.

• Task/complete, the receipt of which by the

engine corresponds to the completion of a

specific instance of a thread.

Figure 3: System integration.

The exchange of information between the process

engine, which is responsible for executing the models

of the developed processes, and the Healthcare ERP

software the operators are interfaced with, allows to

complete of certain tasks (elementary actions)

belonging to the model created, therefore to be able

to continue their execution, monitoring their status in

real time, by triggering the specific task and instance

connected to the sent message, elaborated by the Web

Services (integrated layer) component of the Process

Engine.

The implementation and interfacing with the

process models have been designed in such a way as

to operate in the background, resulting in minimal

impact compared to the normal working conditions of

the medical and nursing staff, and carried out in such

a way as not to return alerts or error messages,

ensuring the normal functioning of the software used

by companies.

These implementations involved not only the

development, digitalization and execution of the

process models but also the revision of the software

code used by the structures, in such a way as to

provide for interfacing with the previously indicated

cloud process engine.

Through the execution in the process engine,

based on the messages exchanged with the ERP

software, it was possible to collect information about

the most critical processes with respect to the

operating procedures established by the management

of the structures involved, as well as to keep track of

the major process non-conformities, whenever a

different task than the one scheduled in the developed

models has been performed, which could represent a

risk for the patient during his stay in the clinics.

This execution information has been stored in a

process execution Database.

The objective of the subsequent test phase was to

ensure the correct functioning of the developed

system, both limited to the workflows implemented,

and as regards their interfacing with existing systems,

as well as ensuring their stability over time and

effective maintenance conditions of any overload of

data transferred and communications exchanged.

After having validated the correct functioning and

interfacing between the software and the developed

processes and after having tested the reliability and

stability of the updated system, the test environment

was replicated within the servers of the two clinics,

by updating the pre-existing software version within

them and the installation and configuration of a new

server exclusively dedicated to the BPMS (Business

Process Management Suite) system.

ICT4AWE 2023 - 9th International Conference on Information and Communication Technologies for Ageing Well and e-Health

156

6 EXPERIMENTAL PHASE AND

RESULTS

After training the personnel involved, the last project

phase concerned the final experimentation, which had

the aim of collecting data on the actual functionality

in the field of the new system interfaced with the

process engine, operationally evaluating the

adherence of the assistance activities provided within

the clinics with the operating procedures and with the

ministerial standards and directives, identifying any

bottlenecks or discrepancies in their execution, which

could represent a risk for the patient.

The experimental phase was then conducted on

the job for all the processes and sub-processes

identified, analyzed, and modelled in the previous

phases of the project, through the normal registration

operations on software by the medical and nursing

staff of the clinics.

Downstream of the experimental phase, it was

possible to extract the data stored in the appropriate

process execution database, which recorded, for each

process instance executed, a code relating to the state

of completion of the same, as well as any error codes,

which identify differences in execution with respect

to the models prepared.

The distribution of the return codes for the

process instances have been collected in the

histogram shown in Figure 4, where code 0 represents

a communication error between software and the

BPMS server, code 1 represents the correct execution

of the single process instance, while code 100

represents discrepancies with respect to the operating

procedures established by the companies.

Figure 4: Status code distribution.

Figure 5: Status code distribution in different tasks.

This histogram was also replicated with reference

to the individual sub-processes of each of the three

main identified ones, of which, by way of example,

the data relating to the administration of drugs within

the departments are reported in Figure 5.

The histogram in Figure 6, on the other hand,

shows the distribution of status code 100, which

therefore represents an operational difference, with

respect to the different phases of the drug

administration process, taken as an example.

Figure 6: Distribution of status code 100.

This graph made it possible to focus attention on

the sub-processes most affected by procedural errors,

therefore potentially having the greatest impact on the

success of the care pathways and the safety of the

patient during the period of stay in the facility.

However, as shown in Figure 7, it is necessary to

consider the percentage distribution of the onset of

the status code 100 between the different phases, to

have a clearer idea about the possible containment

measures and the constraints that could be

implemented in the future within the management

software.

Figure 7: Status code “100” distribution in different tasks.

7 CONCLUSIONS

The use of a structured approach within a context

strongly characterized by human work, therefore also

by the decisions that the healthcare worker is called

to make, has allowed to highlight all the discrepancies

and anomalies that may emerge in the normal

carrying out the daily activities that characterize it.

BPM technology, and in this specific case the

BPMN 2.0 notation, proved to be a valid choice to

guarantee and monitor the compliance of processes

with current legislation and international standards.

Digitalization of Healthcare Processes Through BPMN for Clinical Risk Monitoring and Management

157

In particular, the integrated system developed

appeared to be able to monitor all deviations from the

operating procedures established at the company

level, and based in turn on ministerial standards and

recommendations, which may represent a risk factor

for the patient, which could result in serious damage

to the image and economic for the structure, as well

as physical damage for the patient. The tool to

calculate KPIs is also useful especially for medium

and long-term monitoring, to evaluate any

improvements following future implementation of

constraints and alerts within the management

software, which can instantly report the operational

differences to the operator, in the same registration

phase on the software in use.

Future development of the study could involve the

introduction of constraints within the software, based

on the structure of the process model in execution,

which prevents the operator from completing the

tasks for which the foreseen operations have not been

performed upstream, or that return error messages in

case of discrepancies with the operating procedures.

The modelling could also be extended to other

fields of operational procedures, not directly

reproducible digitally through the BPMN 2.0

standard, due to their unstructured nature, such as

complex decision-making operations or unstructured

procedures. The latter could be modelled using other

Business Process Management tools, such as the Case

Management Model and Notation (CMMN) for

unstructured processes, and Decision Model and

Notation (DMN) for decision-making processes.

Finally, once the effects of the proposed

implementations have been assessed, should they

prove useful for the objective of safeguarding the

safety of the patient and the work of the healthcare

personnel, it could be useful to extend this approach

to all other healthcare processes that have not been

subject of the present study. This would also make it

possible to classify the latter based on their need for a

more or less structured approach, adapting the models

and systems developed to the cases analysed from

time to time.

Furthermore, this approach would follow the

latest trends and propensities of Industry 4.0, oriented

towards the introduction of automated processes and

innovative technologies, to improve working

conditions in terms of productivity and safety.

ACKNOWLEDGEMENTS

This work has been partially financially supported by

the funding programme PO FESR Sicilia 2014/2020,

research project Mo.Ri.San.: Monitoring and

management of clinical risk in the social and health

care sector.

REFERENCES

Joint Commission International. (2007) – “Guidelines for

the implementation of the STANDARDS for the

Management of Clinical Risk in the health structures of

the Sicilian Region Standards for" HOSPITALS”.

Kohn LT, Corrigan JM, Donaldson MS (Institute of

Medicine) (2000). "To err is human: building a safer

health system". Washington, DC: National Academy

Press.

Cagliano AC, Grimaldi S, Rafele C (2011) A systemic

methodology for risk management in healthcare sector.

Safety Sci 49 (5): 695–708.

Wingate G, (2003). Computer Systems Validation: Quality

Assurance, Risk Management, and Regulatory

Compliance for Pharmaceutical and Healthcare

Companies (1st ed.). CRC Press.

Emanuele J, Koetter LE. (2007) "Workflow opportunities

and challenges in healthcare". BPM & Workflow

Handbook 1: 157.

Reichert M. (2011) What BPM Technology Can Do for

Healthcare Process Support. In: Peleg M., Lavrač N.,

Combi C. (eds) Artificial Intelligence in Medicine.

AIME 2011. Lecture Notes in Computer Science, vol

6747. Springer, Berlin, Heidelberg. https://doi.org/

10.1007/978-3-642-22218-4_2

João Gomes, Filipe Portela, Manuel Filipe Santos, (2018).

“Introduction to BPM approach in Healthcare and

Case Study of End User Interaction with EHR

Interface” Procedia Computer Science, 141: 519-524.

Kougka, Georgia, Gounaris A, Papadopoulos A, Vakali A,

Navarro Llobet D, Dumortier J, Veroni E, Xenakis C,

and Gonzalez-Granadillo G. "A Conceptual Model for

Assessing Security and Privacy Risks in Healthcare

Information Infrastructures: The CUREX

Approach.". Knowledge Modelling and Big Data

Analytics in Healthcare: Advances and Applications:

(2021) 285-297.

Nifakos, Sokratis, Chandramouli K, Nikolaou CK,

Papachristou P, Koch S, Panaousis E, and Bonacina S.

"Influence of human factors on cyber security within

healthcare organisations: A systematic review."

Sensors 21, no. 15 (2021): 5119.

Crotti Junior A, Basereh M., Abgaz Y, Liang J, Duda N,

McDonald N. and Brennan R (2020) The ARK

platform: enabling risk management through semantic

web technologies. In: 11th International Conference on

Biomedical Ontologies (ICBO 2020), 17 Sept 2020,

Bolzano, Italy (Online).

OMG Healthcare Domain Taskforce (2020). “Field Guide

to Shareable Clinical Pathways. BPM + in

Healthcare”, Version 2.0

Object Management Group (2013): “Business Process

Model and Notation (BPMN)”, version 2.0.2.

ICT4AWE 2023 - 9th International Conference on Information and Communication Technologies for Ageing Well and e-Health

158