Automated Risk Control in Medical Imaging Equipment Management Using Cloud Application

Medical imaging equipment (MIE) is the baseline of providing patient diagnosis in healthcare facilities. However, that type of equipment poses high risk for patients, operators, and environment in terms of technology and application. Considering risk management in MIE management is rarely covered in literature. The study proposes a methodology that controls risks associated with MIE management. The methodology is based on proposing a set of key performance indicators (KPIs) that lead to identify a set of undesired events (UDEs), and through a risk matrix, a risk level is evaluated. By using cloud computing software, risks could be controlled to be manageable. The methodology was verified by using a data set of 204 pieces of MIE along 104 hospitals, which belong to Egyptian Ministry of Health. Results point to appropriateness of proposed KPIs and UDEs in risk evaluation and control. Thus, the study reveals that optimizing risks taking into account the costs has an impact on risk control of MIE management.


Introduction
Risk management becomes an essential concept to ensure safety, reliability, competence, and compliance with standards in healthcare facilities. As medical equipment poses risks to patients, users, and environment, e Joint Commission (TJC) integrates elements related to risk management into its standards. In 2004, TJC issued risk management standards that require hospitals to adhere that " e organization manages medical equipment risks" and "Medical equipment is maintained, tested, and inspected" [1].
Risk management process starts with identifying potential hazards and then assessing the likelihood of occurrence and severity of each hazard. In order to evaluate risks associated with each hazard, a risk number (RN) is calculated, and then based on this number, risks are ranked to be controlled [2][3][4]. In fact, to recognize a hazard or an undesired event (UDE), a set of key performance indicators (KPIs) should be identified to monitor and measure associated risks for any process [5,6].
In this context, several researches have been conducted to study risk management for medical equipment. For instance, Dumbrique discussed risk management in medical equipment manufacturing process [7]. Another aspect was presented in [3], concerning risk management in software industry. Another approach has been proposed by Tawfik, Ouda, and Abd El Samad to classify risk levels of medical equipment taking into account the operational and environmental conditions [8].
Although medical imaging equipment (MIE) is the front line of the basic diagnosis in healthcare services, no doubt that it is considered as a source of high risk in terms of technology and application. Almost, if not all, studies that have been presented in MIE for risk management regarded the radiation safety, overdose control, and electrical hazards [9][10][11]. Yet, controlling risks associated with poor management of MIE especially for developing countries is rarely considered in literature. In addition, optimization of the balance between risks and costs is an essential requirement [12]. e goal of this study is to manage and control risks associated with MIE due to poor management and low utilization rate. is is achieved by identifying a worthy KPI set for MIE management that leads to recognize UDEs of the management process. Consequently, risk management process takes place as described before. Due to no specific KPIs for medical equipment management, the challenge of this study is to suggest a set of KPIs and UDEs for risks associated with MIE management. e rest of the article is organized as follows: the methodologies and procedures to identify KPIs and UDEs for MIE management are described and discussed in Section 2. A case study for validation with results and analysis is adopted and explained in Section 3. Finally, conclusions and future work are presented in Section 4.

Materials and Methods
In this study, the rules of risk management are conducted for MIE management. Identification of a set of UDEs is adopted, which implies specifying a set of KPIs by setting threshold values of these KPIs. Once UDEs are identified, risk control is carried out by calculating risk number for each UDE that leads to ranking risks and follows appropriate control action. Considering automation approach, a software program is followed for implementation. e interpretation of each step is explained in detail in next sections.

Key Performance Indicators.
Key performance indicators are used to measure the performance of individuals and processes. To the best of our knowledge, there are not specific KPIs for medical equipment management. To overcome this problem, the authors decided to take the approach of expert's opinions as well as utilizing the guidelines and the standards of medical equipment maintenance to conclude these KPIs. Such standards are related to International Organization for Standardization (ISO), Food and Drug Administration (FDA), World Health Organization (WHO), and TJC.
According to [5], the KPIs are classified into three classes: purpose (P) such as standard compliance, effect (E) such as plant availability, and cause (C) such as work completion.
Regarding the preventive maintenance (PM) and corrective maintenance (CM) of medical equipment, the KPIs are proposed as shown in Table 1.
As illustrated in Table 1, CMV stands for corrective maintenance visit and PMV stands for preventive maintenance visit. e KPIs from 1 to 6 are frequency of occurrence of measurable elements. e KPI 7 "mean response time" is the mean elapsed time between raising a complaint and first response visit, whereas the KPI 8 "mean repair time" is the mean elapsed time between the first repair visit and last visit in which the device is turned as before malfunctioning.
KPI 9 and KPI 10 measure "mean time between PM visits per MIE" and "mean time between PMV and CMV per MIE," respectively. Percentage errors due to data entry are calculated in KPI 11, while missed data percentage is reported for KPI 12. All the KPIs are calculated and reported annually as presented in Table 1.

Undesired Events.
For any process, undesired event is an expression about a source of hazard if an activity within a process exceeds its permitted limits. Accordingly, in order to specify UDEs of MIE management, a set of thresholds must be suggested. e KPIs are considered as the platform of UDEs. In this study, 11 UDEs with their thresholds are proposed as shown in Table 2. resholds are set for MIE based on experience, personnel judgment, and literature review.

Risk Calculation.
Risk management involves evaluating potential hazards consequences and their likelihood of occurrence to determine risk level. Risk control is a process through which a decision is made based on risk level to mitigate risks to a certain level or to eliminate risks as possible or even tolerate it. Further, a risk matrix is a graphical representation tool used to assess risks visually [4,14].
In risk matrix, the probability of occurrence (P) is presented across the rows, while the consequence or severity (S) is presented across the columns. Each cell within the matrix is the product number of P and S that points to a risk number and consequently a risk level. In addition, the matrix is divided into 3 zones: generally acceptable risk (zone 1), conditionally acceptable risk (zone 2), and generally unacceptable risk (zone 3) [15]. Each zone is indicated by a separate color to be visually distinguished.
Using these concepts, the risk matrix is established as illustrated in Figure 1. It is a square matrix (4 × 4) in which the probability of occurrence is classified into very low, low, medium, and high, whereas the severity is categorized as minor, moderate, critical, and catastrophic. e color code is used as follows: green (G) and yellow (Y) cells belong zone 1, orange (O) cells relates to zone 2, and red (R) cells for zone 3.
Because the research concerns MIE management risks, the severity is estimated with respect to MIE total costs including purchase price, running cost, and hidden cost. Hence, the severity of each UDE should be calculated in monetary value. Taking into account each UDE, a risk matrix should be established for each one. e UDE severity (S) is determined using the following calculations as in (1). In assumption, the annual working days are supposed to be 300 days, and the expected lifetime is 10 years as well as the hidden cost factor is assumed to be 10.
where D is the downtime (days) in which MIE is out of service, MDC is the machine daily cost, MDDC is the machine daily direct cost, H is the hidden cost factor, ADDC is the all daily direct cost, L is the expected life time in years, and W is the working days per year.

Probability of Occurrence.
e probability of occurrence (P) is expressed for each UDE as shown in Table 2 SaaS hosts software as a service provided to all users, while IaaS is used for computing control and storage. PaaS acts as an integrated solution over the clouds [16,17]. Unlike IaaS, which provides only infrastructure, SaaS is more appropriate for our application because it provides a tailor-made application based on customer requirements. In addition, the service is provided to all users across the network without requiring installation and running of the application on their computers [17,18].

Results and Discussion
e methodology verification was carried out employing a data set of medical imaging equipment consisting of 204 pieces of MIE along 104 Egyptian hospitals across 25 governorates managed by Directorate General Radiology (DGR) as an authorized entity of Egyptian Ministry of Health (MOH). e data set belongs to different types of MIE including conventional X-ray, computed tomography (CT), ultrasound, C-Arm, and automated film processors. e investigated period is 6.25 years through which a data set was collected.
e period was starting from January 2008 until March 2014. It is worthy to mention that before January 2011, the equipment was managed manually using paper-based management system. Starting from that date, the MIE set is managed using open-source SaaS cloud computing software called open Medical Equipment and Devices Information System (OpenMEDIS). erefore, the data set is divided into 2 groups: before openMEDIS along 3 years and after openMEDIS along 3.25 years.
us, openMEDIS acts as a control barrier by which risks can be mitigated.

Journal of Healthcare Engineering
In application, by utilizing the KPIs set for MIE management and by employing the data set for MIE, results are presented in Table 3. Considering all the proposed KPIs with their occurrence as shown in Table 1, each KPI is determined. For instance, KPI 1, number of MIE with complaints, is equal to 129 before, i.e., 43 per year, and 159 after, i.e., 49 per year. It is noticed that number of complaints is increasing after OpenMEDIS utilization, which is logical because equipment becomes older.
Comparing the proposed KPIs with data set, it is found that the main KPIs that play a significant role in risk control and summarize maintenance status are six KPIs. e KPIs are number of CMVs, number of PMVs, total response time, total repair time, mean time between PMVs, and mean time between PMV and CMV. e other ones are significant in performance evaluation.
A statistical analysis was carried out on main six KPIs including median, minimum, maximum, and standard deviations before and after OpenMEDIS as shown in Table 4. e box and whisker plot of these KPIs is depicted in Figures 2 and 3 as frequency-dependent and time-dependent, respectively. Each figure consists of 2 panels: before and after to illustrate the impact of the control barrier. Figure 2 shows CMV and PMV, whereas the other KPIs are presented in Figure 3. Obviously, as shown in Figure 2, CMV and PMV are improved after OpenMEDIS. Like frequency-dependent KPIs, time-dependent KPIs are improved as presented in Figure 3 except PMVT. e risk level for each UDE is calculated and demonstrated in Figure 4. e risk number is presented before and after the control barrier. Visually as shown in Figure 4, some risk levels are transferred from unacceptable risk level (red)  there are 28 pieces that have the probability of occurrence of 0.2169 before using the control barrier, and after using it, the number of equipment becomes 8, which means the probability changed to be 0.0482. According to the proposed scale of probability of occurrence as shown in Figure 5, the probability of the event changed from high to low. e severity is calculated as described in (1). By substituting with the total cost of all equipment 100,454,662 L.E. (75,529,145 L.E. for purchasing price, 20,304,553 L.E. for running costs, and 4,620,964 L.E. for hidden costs), the ADDC equals 4,848,876 L.E. Taking into account that the total number of equipment is 204 pieces, the MDDC is 23769 and MDC is 237690. Due to the history of MIE, the downtime was 6 days; hence, by using (1), the severity equals 1,426,140 L.E. Although the severity is in a catastrophic level before and after using the barrier, changing the probability leads to changing the risk level from unacceptable risk to conditionally acceptable risk as shown in Figure 5. e same procedure is carried out for other UDEs to calculate the risk numbers and consequently the risk levels before and after the control barrier. As a result of this matrix, 36% of UDEs risk levels have been changed from unacceptable risk to conditionally acceptable risk, whereas 18% of UDEs risk level changed from conditionally acceptable to unacceptable that implies more analyses are required for significant control. Nevertheless, the risk level of others (46%) remains as the same before the barrier despite the probabilities of occurrence of some of them have been improved such as UDE10.

Conclusion
e study concerns risk analysis and risk control of medical imaging equipment management. Despite there is not a list of KPIs related to medical equipment management, a set of KPIs is proposed based on the maintenance standards to demonstrate risks associated with maintenance process. By using a control barrier, some risks are controlled to be mitigated, although others remain without changes, which reflect more features and deep analysis are required for risk control. For automation, the authors suggested cloud computing software as a control barrier.
is study highlights some criteria that pose risks if they are not well controlled such as preventive maintenance frequency, registration of complaints, and mean repair time.

Journal of Healthcare Engineering
Moreover, measuring the severity of UDEs in a monetary value is more tangible and significant especially for developing countries due to their limited resources. us, optimizing risks with respect to costs seems influential in risk control.
Managing medical equipment based on a computerized management system is more appropriate because it facilitates equipment tracking by employing the registered data.
Hence, risk management process becomes easier to be performed.
us, full details of equipment history should be regarded in the inventory; otherwise, the proposed methodology will be limited during application. Moreover, a World Wide Web connection is an essential utility for implementation. e proposed KPIs and UDEs could be expanded by adding more criteria to be implemented for other equipment in other departments and for other management processes such as acquisition. In addition, performance indicators are crucial elements in management process because it can measure the performance of individuals, equipment, and processes. e indicators act as proactive barriers that lead to risk reduction.