Risk Identification Ontology (RIO): An ontology for specification and identification of perioperative risks Alexandr Uciteli1,*, Juliane Neumann2,*, Kais Tahar1, Kutaiba Saleh3,*, Stephan Stu- cke4, Sebastian Faulbrück-Röhr4, André Kaeding4, Martin Specht3, Tobias Schmidt3, Thomas Neumuth2, Andreas Besting5, Frank Portheine5 and Heinrich Herre1,* 1 Institute for Medical Informatics, Statistics and Epidemiology (IMISE), University of Leipzig, Germany 2 Innovation Center Computer Assisted Surgery (ICCAS), University of Leipzig, Germany 3 Jena University Hospital, Germany 4 GMC Systems mbH, Germany 5 SurgiTAIX AG, Germany ABSTRACT Since the publication of “To Err Is Human”, risk management and Medical personnel in hospitals often works under great physical patient safety has consistently remained a topic of interest for scien- and mental strain. In medical decision making, errors can never tific studies as well as for suggestions of goals for improvements be completely ruled out. Studies exposed that between 50 and 60 (Bunting et al. 2016). Critical situations arise especially during in- percent of adverse events could have been avoided through bet- terdisciplinary collaboration and the use of complex medical tech- ter organization, more attention or more effective security proce- nology, for example during surgical interventions and in periopera- tive settings. Especially the oversight of medically relevant treat- dures. Critical situations especially arise during interdisciplinary ment data or an incomplete medical history may cause an incorrect collaboration and the use of complex medical technology, for ex- treatment (“Aus Fehlern Lernen” 2008). ample during surgical interventions and in perioperative settings. We present an ontology and a conception for an ontology-based In this paper we present an ontology and an ontology-based soft- software tool which can identify and analyze risks across medical ware system which can identify risks across medical processes processes. Furthermore, the tool supports the avoidance of errors in and which supports the avoidance of errors in the perioperative the perioperative setting. The results of the risk analysis are trans- setting in particular. mitted to the medical personnel in form of context sensitive hints * Contact: auciteli@imise.uni-leipzig.de and alerts. The software architecture is designed to respond not only juliane.neumann@medizin.uni-leipzig.de to risks within a single treatment step, but it also takes into account kutaiba.saleh@med.uni-jena.de the patient’s entire stay in the hospital. For a practical implementa- heinrich.herre@imise.uni-leipzig.de tion in the clinical environment, the cochlear implantation (CI) has been selected as a surgical use case at Jena University Hospital. Here, medical and technical treatment risks were analyzed, and med- 1 INTRODUCTION ical guidelines and standards were taken into account. In addition, Patient safety is a quality target and an important factor of the data and information sources have been defined on the basis of an quality of treatment in hospitals in general (“Empfehlung Zur anonymized CI patient record. Further sources of critical events Einführung von CIRS Im Krankenhaus” 2007). Prevention of med- were collected by undertaking of qualitative interviews with tech- ical errors and risks is a significant method to improve patient safety. nical, nursing and medical personnel participating in a CI. On this Medical personnel often works under great physical and mental basis, risk situations were defined and integrated into ontological strain. In medical decision making, errors can never be completely models. This work is a part of the BMBF-supported project On- ruled out (Mahajan 2010). In 2000, the report "To Err is Human" toMedRisk (“OntoMedRisk” 2016). (Kohn 2008) was published by the Institute of Medicine of the US National Academy of Sciences (IOM). This attracted great interna- 2 METHODS tional attention and moved the topics of medical risks, errors and patient safety into the focus of the scientific interest. The IOM con- 2.1 Introduction in General Formal Ontology (GFO) cluded in the report that from 2.9 to 3.7 percent of all patients ad- mitted to hospitals in the USA suffer an adverse event. In 70 percent The development of the intended ontologies and of the needed on- of these cases, the patient retains no or only minor damage, 7 percent tological analyses are carried out within the top-level ontology GFO lead to permanent damage and 14 percent cause the patient's death. (Herre 2010; Herre et al. 2006). In GFO the entities of the world are The study also exposed that between 50 and 60 percent of these ad- classified into categories and individuals. Categories can be instan- verse events could have been avoided through better organization, tiated, individuals are not instantiable. GFO allows for categories of more attention or more effective security procedures. Even for Ger- higher order, i.e., there are categories whose instances are them- many, analyses show that the number of medical errors is not negli- selves categories, for example the category “species”. Spatio-tem- gible. According to a report by the Robert Koch Institute (Hansis et poral individuals are classified along of two axes, the first one ex- al. 2007), the incidence of suspected medical errors is approximately plicates the individuals’ relation to time and space, and the second 40,000 cases across Germany per year. The error recognition rate of one describes the individuals’ degree of existential independence. about 30%, corresponds well to approximately 12,000 recognized Spatio-temporal individuals are classified into continuants, pre- medical errors. sentials and processes. Continuants persist through time and have a lifetime; they correspond to ordinary objects, as cars, balls, trees etc. 1 A. Uciteli et al The lifetime of a continuant is presented by a time interval of non- zero duration; such time intervals are called chronoids in GFO (Bau- mann et al. 2014). Continuants are individuals which may change, for example, an individual cat C crossing the street. Then, at every time point t of crossing C exhibits a snapshot C(t); these snapshots differ with respect to their properties. Further, the cat C may lose parts while crossing, though, remaining the same entity. The entities C(t) are individuals of their own, called presentials; they are wholly present at a particular time point, being a time boundary. Presentials cannot change, because any change needs an extended time interval or two coinciding time boundaries. Processes are temporally extended entities that happen in time, for example a run; they can never be wholly present at a time point. Fig. 1. Definition of the risk notion (the white arrows represent the is-a relation) Processes have temporal parts, being themselves processes. If a pro- cess P is temporally restricted to a time point then it yields a presen- 1. What can happen, i.e., what can go wrong? (scenario) tial M, which is called a process boundary of P. Hence, presentials 2. How likely is it that that will happen? (probability of the sce- have two different origins, they may be snapshots of continuants or nario) process boundaries. There is a duality between processes and pre- sentials, the latter are wholly present at a time point whereas this is 3. If it does happen, what are the consequences? (consequence never true for processes. The corresponding classes/sets of individ- of the scenario) uals, denoted by the predicates Cont(x), Pres(x), and Proc(x), are A risk, then, is a triple which consists of a scenario, the probability assumed to be pair-wise disjoint. Processes present the most im- of that scenario, and consequence of that scenario. Furthermore, portant kind of entity, whereas presentials and continuants are de- there are several standards investigating the notion of risk. The rived from them. There are several basic relations which canonically ISO/IEC 27005 (“Information Technology -- Security Techniques - connect processes, presentials, and continuants (Herre 2010; Herre - Information Security Risk Management” 2008) defines the notion et al. 2006). of risk as “a potential that a given treat will exploit vulnerabilities of Spatio-temporal individuals, according to the second axis, are an asset or group of assets and thereby cause harm to the organiza- classified with respect to their complexity and their degree of exis- tions.”; the OHSAS 18001 (“OHSAS 18001 (Occupation Health and tential independency. Attributives depend on bearers which can be Safety Assessment Series)” 2007) - as a “combination of the likeli- objects (continuants, presentials) and processes. Situations are parts hood of an occurrence of a hazardous event or exposure(s) and the of reality which can be comprehended as a coherent whole (Barwise severity of injury or ill health that can be caused by the event or et al. 1983). They are complex presentials and boundaries of sit- exposure(s)”; and the ISO 31000 (Risk management) (Purdy 2010) uoids, being processes which satisfy certain principles of coherence, - as an “effect of uncertainty on objectives”. The common ground of comprehensibility, and continuity. A surgical intervention is an ex- all these definitions is that all of them consider a risk as a possibility ample of a process or a situoid. A snapshot of this situoid at a certain for the occurrence of a particular event or situation. Most of these time point is a surgical situation, which has spatial location and in- definitions consider such events as adverse ones, whereas in the cludes various entities such that a coherent whole is established. standard ISO 31000 both adverse and positive events are admitted. There is a variety of types of attributives, among them, qualities, The ontological analysis of risk is carried out within the frame- roles, functions, dispositions, and structural features. Categories the work of GFO and takes into account the available definitions of risk. instances of which are attributives are called properties throughout The analysis is built upon the ontology of situations and situation this paper. According to the different types of attributives (relational types, which partly uses ideas presented in (Barwise et al. 1983; roles, qualities, structural features, individual functions, disposi- Stalnaker 1986). Situations which contain adverse events, being re- tions, factual, etc.) we distinguish quality properties (or intrinsic lated to a risk, are called adverse situations. In this paper we use the properties) and role properties (extrinsic properties), and the role notion of adverse event/situation not only in the sense of “Any unto- properties are classified into relational role properties (abr. relational ward occurrence that may present during treatment with a pharma- properties) as well as social role properties (social properties). ceutical product but which does not necessarily have a causal rela- tion to the treatment” (Edwards et al. 2000), but we also include 2.2 Ontological Definition of the Risk Notion events/situations that are not related to medical interventions. A sit- The solution of all philosophical problems, related to the notion uation S is said to be a risk situation if it satisfies certain conditions of risk, is out of scope of this paper. Instead, we focus on a practica- which imply that one of the possible succeeding situations of S is an ble definition of the risk notion, which can be easily understood by adverse situation. the medical staff and is usable for the software tools. Based on this The notion of possible situation is established within the frame- definition, it should be possible for the medical staff to specify the work of a particular actualist representationism, which postulates relevant risk types, and for the software to identify and to analyze that possible objects are abstract entities, the existence of which is the risk in a particular treatment situation. consistent with the currently available knowledge about the actual There are various definitions of the notion of risk. One of the most world. This view is partly influenced by (Adams 1974; Roper 1982; known/popular definitions is that by (Kaplan et al. 1981). These au- Zalta 1993). thors divide the notion of risk into three components which are as- We hold that a risk exists in a situation, that it depends on it, and, sociated to the following questions: hence, that it can be considered as a situation’s property. We distin- guish between single (in sense of gfo:Property (Herre 2010)) and 2 Risk Identification Ontology (RIO): An ontology for specification and identification of perioperative risks 3 RESULTS 3.1 Risk Identification Ontology (RIO) We developed a risk identification ontology (RIO, Fig. 2) which is built upon the ontological model of the notion of risk. This ontol- ogy is used for the specification and the identification of periopera- tive risks. The ontology RIO is embedded into the GFO. As starting point we consider the treatment process, which may possess various treatment phases (gfo:has_part). The complete treatment as well as the phases are complex processes (gfo:Situoid). The treatment has a particular temporal extension, called the treatment time (gfo:Chro- noid). According to GFO processes are projected (gfo:projects_to) onto its time intervals. For every time point (gfo:Time_boundary) of the treatment exists (gfo:exists_at) exactly one treatment situation (gfo:Situation). A treatment time point is according to GFO a bound- ary of the treatment time (gfo:boundary_of), whereas the corre- sponding treatment situation is a boundary of the treatment itself. For each treatment phase particular time points, called risk detec- tion time points (RDTP), can be defined. The treatment situations, existing at these time points, are analyzed with respect to the exist- Fig. 2. Risk Identification Ontology (RIO) ence of risks. Such situations are called potential risk situations composite properties, the latter being composed of single ones and (PRS), because they do not necessarily contain risks. Situations and which can be disassembled by the relation gfo:has_part. in particular treatment situations possess various properties Definition 1. A composite property CP is a property that has as (gfo:Property). These properties may belong to the situation, but parts several single properties SP1, ..., SPn. also to the participants, as, for example physicians (doctors), medi- Definition 2. A risk for an adverse situation of type AST is a com- cal instruments, and, most important, to the patients. We consider posite property CP such that every situation S possessing the prop- these properties also as properties of the current treatment situation erty CP has a possible succeeding situation of type AST which can (gfo:has_property). Properties of the potential risk situations that are be realized with a certain probability. relevant for the estimation of the risk are called in this paper KPIs Definition 3. A risk is a composite property CP for which there (Key Performance Indicators). According to Definitions 1-4 a par- exists an adverse situation AST such that CP is a risk for the adverse ticular combination of a subset of the KPIs of a PRS (for example, situation AST (as defined by 2). age of patient = 3 months, menginitis vaccination = false) represents Definition 4. A risk situation is a situation having at least one risk a risk if the PRS may lead to a later time point to an adverse situation (Fig. 1). (rio:possible_succeeding_situation). Example 1. The risk of a bacterial infection during cochlear im- A PRS may contain various risks, and risks of the same type may plantation in infants depends on various parameters, such as the in- occur in distinct PRS and may lead to distinct adverse situations fants’ age, the corresponding bone thickness of the skull and the in- (rio:risk_for_adverse_situation). Each KPI is associated with poten- ner ear structure. If the child is younger than 5 months, the bone tial risk situations, whereas the risk situations additionally possess thickness mostly remains below 2 mm. Thus, the risk of penetrating the composite risk properties. Furthermore, the risks can be related the skull and injuring the dura mater during surgery increases so that to those treatment phases for which they are relevant the bacterial dura mater infection risk (meningitis) increases as well. (rio:risk_in_phase). Adverse situations may exhibit various degrees The ground-truth probability for the adverse event of dura mater in- of severity and risks may possess various probabilities for the occur- fection during CI is about 5-9% (Reefhuis et al. 2003). For menin- rence of adverse situations. gitis prevention the patient has to be vaccinated against pneumococ- With help of the RIO the risks in a current potential risk situation cus, meningococcus and haemophilus influenzae type b several are identified by the software component OntoRiDe, and, hence the weeks before the surgery (indication phase). In addition, an antibi- situation can be classified either as a risk or as a non-risk situation. otic prevention should be performed right before the surgery. Ac- cording to our definition an increased risk for acquiring meningitis 3.2 Risk Specification can be represented as a composite property, consisting of three sin- gle properties, namely, the young age (< 5 month), the absence of a 3.2.1 Perioperative risk assessment meningitis vaccination, as well as of an antibiotic prevention. This For the development of a perioperative risk identification ontol- example is used in this paper for further explanations. ogy the recognition and assessment of potential medical, technical, organizational and human risk factors are an essential prerequisite. Therefore, an extensive risk assessment has been performed for an otorhinolaryngological use case. The insertion of cochlear implants (CI) was chosen in order to demonstrate the features and benefits of the ontology-based risk identification system. The perioperative medical and technical risk factors, procedure related complications Fig. 3. Treatment phases and their complication rates as well as prevention strategies were 3 A. Uciteli et al Fig. 5. Risk conditions 5), c4: Vaccination_status == “no”, Fig. 4, Example 1). The KPI data type values could be for instance a Boolean value, text, date or number. A combination of these conditional expressions is formal- Fig. 4. Risk specification ized as a risk specification rule. If the risk specification rule becomes true, due to the values of their conditions and KPIs, there is a high extracted from peer-reviewed publications and evidence-based best- occurrence probability of adverse situations, which have to be also practice guidelines of the German Society of Oto-Rhino-Laryngol- specified for each risk. In addition, for each adverse situation an oc- ogy, Head and Neck Surgery (Lenarz et al. 2012). In addition, en- currence probability and a severity (on a separate sheet) have been tries of the Critical Incident Reporting System (CIRS) of the Uni- defined. In the risk specification, the KPIs were described along with versity Hospital Jena (Germany) and an example of an anonymized their possible acquisition sources. Therefore, the risk specification patient record have been analyzed for organization and human- defines both the required measurement phases and the measurement related risk assessment. The derived risk characteristics, potential sources, like patient-related data and sensor data, e.g. data from the following adverse situations and their causes were used to describe digital patient record, the hospital information system, checklists or relevant perioperative and cross-process risks factors. situations in actual process execution. In Fig. 4 a risk specification based on Example 1 is presented. 3.2.2 Perioperative process modeling The tool RIOGen, developed within the project, generates onto- The information of risk factors and of potentially adverse events logical entities from the risk specification and inserts it into RIO. has to be provided to the responsible medical personnel in the right For every risk condition, for example, a subclass of the correspond- time by offering appropriate context-sensitive hints and alerts. ing KPI is inserted. Here the class names are automatically gener- Therefore, the medical and organizational processes have to be taken ated according to certain rules. For every condition class an anony- into account. The general perioperative workflow of the CI treat- mous equivalent class is created as property restriction, based on the ment was modeled and visualized in a process diagram, as event- property has_data_value (Fig. 5). Then, for the risk a subclass of driven process chain (EPC). In the following, both generalized and rio:Risk is defined, which is named as the risk. For the risk subclass use-case specific treatment phases have been defined in the formal also an equivalent anonymous class is defined which is based on the process model. The generalized treatment phases are depicted in Fig. has_part property and on the corresponding condition classes; this 3. Besides the CI treatment process, the defined phases are suitable anonymous class represents the risk specification rule (Fig. 6). Fur- for representing various elective surgeries and interventions. thermore the treatment phases are created and connected with those The treatment process was modeled by representing the sequence KPIs and risks which are relevant for them. Finally, we define the of clinical activities, treatment decisions, parallel processes and pos- connection between risks and those adverse situations, which possi- sible events, the involved persons as well as resources, like data and bly evolve from them (incl. probability and severity as data property documents, medical devices or IT systems. In addition, the identi- restrictions). fied risk factors, complications and prevention activities were inte- grated in the process model. 3.3 Ontology-based Risk Detector (OntoRiDe) By mapping the identified risk factors to the dedicated activities and treatment phases, the process model has then been used subse- We developed an ontology-based software module, called Ontol- quently for further risk assessment and perioperative risk modeling. ogy-based Risk Detector (OntoRiDe), which allows the identifica- This enabled over 120 potential perioperative risks to be identified tion of the ontologically specified risks. This tool receives the KPIs and also mapped to their related process step in the process model. of the current potential risk situation as input parameter, and carries out the risk specification rule, which is contained in the ontology; 3.2.3 Perioperative risks modeling then it classifies the current situation as risk or non-risk situation and In the next step the identified potential risk factors, adverse situa- returns the results. If the current KPIs satisfy one of the rules (i.e., tions and critical incidents, which are related to cochlear implanta- at least one risk is recognized) then the considered situation is a risk tion interventions, were examined in an extensive risk analysis. situation, otherwise it is a non-risk situation. Thereof, a risk classification for formal risk specification was de- Further information, which the tool returns to the user, includes rived. The identified risk factors were subsequently classified into the description of the existing risks, the treatment phases, in which different categories of medical, organizational, technical or human- the risks are relevant, but also the adverse situations which may related risks. Thus, the treatment phases were categorized into risk evolve from them (with probability of occurrence and degree of se- detection phases, in which the corresponding risk is relevant and verity). A particular position is the possibility to recognize the risks, could potentially lead to an adverse situation. Additionally, there is but, furthermore, to determine and provide for every recognized risk a category for cross-process risks, which could lead anytime to an all possible combinations of current KPIs which are responsible for adverse situation, e.g. the risk of dizziness and falls or the high every recognized risk. Using this information the user is able to bleeding risk during surgery due to anticoagulant medication. eliminate all of the risks‘ causes. For each treatment phase different KPIs have been defined, which In the following we briefly sketch the functionalities of the Onto- allow the identification of specific perioperative risks. The KPIs are RiDe. For every risk class the corresponding risk specification rule, linked with operators and a certain data type value to a conditional which is specified as an anonymous equivalent class (Fig. 6), is in- expression of a possible risk factor (e.g., c1: Age_in_months IN [0, 4 Risk Identification Ontology (RIO): An ontology for specification and identification of perioperative risks Fig. 6. Risk specification rule terpreted and transformed into a disjunctive normal form (by step- wise execution of the de Morgan rules and of the law of distributiv- ity). Any of the conjunctions presents a possible explanation for the risk (e.g., c1 AND c4 AND c6, Fig. 4). Then, the single conditions (Fig. 5) are checked, i.e., it is determined whether the current KPI value is included in the specified value range. If all conditions of the conjunction are satisfied, then the corresponding KPIs and further information are provided for the user as explanation. We decided not to use a standard reasoner. Firstly, we want to apply rules of types which cannot be easily interpreted by standard reasoners, especially rules which contain mathematical expressions or predefined constants. Such special types of rules are implemented Fig. 7. Architecture of the agent system by the OntoRiDe. Secondly, standard reasoners carry out various (JADE), which embodies a framework, a platform and the middle- tasks (checking consistency, classification, and realization), not all ware for a FIPA-standardized development of multiagent systems of them are relevant for risk identification, but which reduce the ef- (MAS). The main functions of a JADE-based agent system can be ficiency of the overall system. Finally, OntoRiDe must provide the categorized into agent behavior and agent communication. The user with all possible explanations about the existence of a risk in agents communicate in an asynchronous, message-based fashion, the current situation in an understandable way. The problem of de- using the Agent Communication Language (ACL) (“Jade: Java tection and exploration of all possible explanations and justifications Agent DEvelopment Framework” 2016; “The Foundation for Intel- of an entailment is a well-known task, for the solution of which there ligent Physical Agents” 2016). The architecture of the agent system exists several methods and tools, (Kalyanpur et al. 2007; Horridge consists of the OntoRiDe, a Blackboard, a Risk Analysis Unit and et al. 2012; Riguzzi et al. 2013). Furthermore, there are various in- various agents. The functionality of the agent system can be sepa- vestigations about the cognitive complexity and the understanding rated into data acquisition and risk communication (Fig. 7). The in- of the considered justifications (Horridge et al. 2013; Horridge et al. ternal data storage of the agent system is based upon the HL7-FHIR- 2011). In this context a justification of an entailment is understood Spezification. Therefore, the data is represented as FHIR-Resources to be “the minimal set of axioms sufficient to produce an entailment“ (“FHIR: Fast Healthcare Interoperability Resources” 2016). (Kalyanpur et al. 2007). In the case of RIO and OntoRiDe the solu- tion is rather simple. The OntoRiDe translates the risk specification rules into a disjunctive normal form and checks all conditions of the 4 RELATED WORK respective conjunctions. By this procedure all KPI-combinations, Several approaches towards the formal representation of risks and verified by the rule as true, and the corresponding conditions (value adverse events through ontologies are described in the literature. We ranges), can be provided for the user in form of understandable ex- analyzed these existing ontologies for their potential to detect peri- planations (e.g., age < 5 month and vaccination = “no” and antibiotic operative risks in hospitals, but we concluded that none of these on- prevention = false). tologies and tools could be applied to our project. Bouamrane et al. (Bouamrane et al. 2010; Bouamrane et al. 3.4 Agent System 2009a; Bouamrane et al. 2009b) report on the development of an An agent system was developed to get access to the distributed ontology-based system to support clinical decision making. The sup- data in various systems in hospital needed to derive elementary in- port is provided in a two-step process. First, the developed system formation for the risk detection. The KPIs mainly determine the data calculates risk scores using numerical formulas. In this step, the sys- which has to be captured by the agent system, respectively the pa- tem does not use the developed ontology but computes numeric val- rameters which have to be monitored. Throughout the entire periop- ues using an open-source Java-based rule engine (JBoss Rules). Af- erative treatment process the agent-based system retrieves risk-rele- ter calculating the relevant risk scores, the DL reasoner (Pellet) clas- vant data from different data sources and provides these data for fur- sifies the patient into a number of predefined categories for risks, ther risk analyses in a centralized fashion. The results of such an recommended tests and precaution protocols, using the OWL-DL analysis will be transferred to medical experts as context-sensitive representation of the patient medical history profile and the decision hints and alerts. In doing so, continuous patient-specific risk moni- support ontology. The decision support ontology is divided into toring is facilitated for each treatment phase of the perioperative three domains: a risk assessment ontology, a recommended test on- treatment process. The OntoRiDe is an important component of the tology and a precaution protocol ontology. The aim of the risk as- agent system, because it determines the KPIs which have to be mon- sessment ontology is to detect potential risks of intra-operative and itored and it identifies the risks which have to be analyzed. This re- post-operative complications in a given formal representation of a duces the risk of adverse situations and complications through early patient medical profile. and adequate interventions. The software-based agent system has Similar to the Bouamrane system, our approach also provides two been implemented using the Java Agent Development Framework components of decision support namely OntoRiDe and Risk Analy- sis Unit (Fig. 7). They can perform similar tasks as those of 5 A. Uciteli et al Bouamrane’s system. In addition, OntoRiDe will also use the self- restrict ourselves to risks that are causally and exclusively related to developed RIO for risk identification similarly to the usage of the medical interventions. Contrary to OAE, our approach also consid- risk assessment ontology. However, there are also important differ- ers other risk types such as technical and organizational risks. More- ences between the two ontologies and systems. The risk assessment over, we use the term “adverse situation” in order to avoid excluding ontology focuses only on the patients risk related to intra-operative situations that are not related to medical interventions. and post-operative complications such as cardio-vascular and respir- None of the presented approaches can answer competency ques- atory risks, whereas RIO covers various risk types such as special tions such as “Which treatment situation could be a potential risk and general treatment risks, technical risks, organizational risks etc. situation?”, “Which properties or KPIs are responsible for an actual The second significant difference is that our approach integrates the risk situation?” and “Which risk situation belongs to which treat- treatment process, its steps and situations in the risk conceptualiza- ment phase?”. The aim of RIO and OntoRiDe is to solve this issue. tion. In this way, it is possible to analyze and identify cross process risks or risk situations so that errors especially in the perioperative 5 CONCLUSION AND FUTURE WORK field could be avoided. In (Third et al. 2015) the authors describe a model for representing We elaborated an ontological foundation of the notion of risk, scientific knowledge of risk factors in medicine. This model enables upon which we developed a risk identification ontology (RIO). With the clinical experts to encode the risk associations between biologi- help of RIO perioperative risks can be specified, whereas OntoRiDe cal, demographic, lifestyle and environmental elements and clinical can be used to identify risks in a current treatment situation. This outcomes in accordance with evidence from the clinical literature. allows the recognition of risk situations and supports the avoidance The major advantage of our approach in comparison with the model of possible adverse situations. Furthermore, we conceptualized an developed by Third is the formal representation of cross process agent system which is currently implemented. This agent system risks that can lead to potential adverse situations during different gathers during the whole perioperative treatment process risk-rele- treatment phases. Another added value of our approach is that it can vant data from various sources and provides it for the risk identifi- also cover risks related to human and environmental factors such as cation resp. the risk analysis in a centralized fashion. The results of technical or organizational risks. These types of risks are not con- such an analysis are transmitted to the medical personnel in form of sidered in Third’s model. context sensitive hints and alerts. (Sigwarth et al. 2015) present an ontology of the Open Process We are currently working on the specification of risks. About 20 Task Model (OPT-Model). This ontology is primary intended as a risks relating to cochlear implantation have already been specified, generic knowledge base, which implements the various influences and on this basis the functionality of RIO, RIOGen and OntoRiDe of processes and their relations in medical environments, for a pro- successfully tested. spective risk analysis. The advantage of RIO over the OPT-model- Future work includes the conception of mathematical evaluation ontology is that it provides an accurate risk analysis. By using RIO, methods and algorithms for the assignment of a risk to the current OntoRiDe is able to perform risks classification according to the risk process status and determination of the probability of occurrence. occurrence time. This process allows us to identify the time point The agent system will include risk communication features. In par- and treatment phase on which a risk arise. Another further benefit of ticular, a Risk Analysis Unit for risk assessment (based on probabil- RIO is the implicitly embedded risk specification, which meets the ity and severity) and Cockpit component should be developed. spirit of evidence-based medicine. This implicit domain knowledge These components implement a role-based visualization of risk in- is encoded in OWL rules and can be inferred automatically using formation and of context-sensitive hints for the medical experts. In ontological reasoning to assess current perioperative risk situations. the further development, this visualization should also be displayed (Bau et al. 2014) report a clinical decision support system (CDSS) role-based on mobile devices. Furthermore, it is intended to expand for undergoing surgery based on domain ontology and rules reason- and to optimize the application of this agent system to other use ing in the setting of hospitalized diabetic patients. Similar to our ap- cases. proach this system uses logical rules to complement the domain knowledge with implicitly embedded risk specification and clinical ACKNOWLEDGEMENT domain knowledge. The important upside of our approach is that it does not make restrictions based on certain diseases such as diabetes This work was supported by the BMBF sponsored project OntoMe- mellitus, whereas CDSD focuses only on glycemic management of dRisk (FK: 01IS14022). diabetic patients undergoing surgery. The Ontology of Adverse Events (OAE) (He et al. 2014) and the REFERENCES Ontology of Vaccine Adverse Events (OVAE) (Marcos et al. 2013) Adams, R. M. (1974). “Theories of Actuality.” Noûs 8 (3): 211–31. (Marcos, Zhao, and He 2013), which was developed based on OAE, “Aus Fehlern Lernen.” (2008). Aktionsbündnis Patientensicherheit describe data relating to adverse events. The OAE was designed to e.V. http://www.aps-ev.de/filead- standardize and integrate data relating to adverse events that occur min/fuerRedakteur/PDFs/Broschueren/Aus_Fehlern_ler- after medical intervention. The OVAE is used for representing and nen_0.pdf. analyzing adverse events associated with US-licensed human vac- Barwise, J., and Perry, J. (1983). Situations and Attitudes. Cam- cines. In OAE the notion adverse event is defined as a pathological bridge Mass.: MIT Press. bodily process that occurs after a medical intervention (e.g., follow- Bau, C.-T., Chen, R.-C., and Huang, C.-Y. (2014). “Construction of ing a vaccination), while a risk is represented by a factor associated a Clinical Decision Support System for Undergoing Surgery with the occurrence of an adverse event. The work presented here Based on Domain Ontology and Rules Reasoning.” Telemedicine focuses instead on the risk situations and proposes a generic model Journal and E-Health: The Official Journal of the American Tel- for the risk specification in the perioperative area. Thus, we don’t emedicine Association 20 (5): 460–72. 6 Risk Identification Ontology (RIO): An ontology for specification and identification of perioperative risks Baumann, R., Loebe, F., and Herre, H. (2014). “Axiomatic Theories 99. Lecture Notes in Computer Science 7650. Springer Berlin of the Ontology of Time in GFO.” Appl. Ontology 9 (3-4): 171– Heidelberg. 215. “Information Technology -- Security Techniques -- Information Se- Bouamrane, M.-M., Rector, A., and Hurrell, M. (2009a). “Develop- curity Risk Management.” (2008). http://www.pqm- ment of an Ontology for a Preoperative Risk Assessment Clinical online.com/assets/files/lib/std/iso_iec_27005-2008.pdf. Decision Support System.” In 22nd IEEE International Sympo- “Jade: Java Agent DEvelopment Framework.” (2016). sium on Computer-Based Medical Systems, 2009. CBMS 2009, 1– http://jade.tilab.com/. 6. Albuquerque, NM: IEEE. Kalyanpur, A., Parsia, B., Horridge, M., and Sirin, E. (2007). “Find- Bouamrane, M.-M., Rector, A., and Hurrell, M. (2009b). “A Hybrid ing All Justifications of OWL DL Entailments.” In The Semantic Architecture for a Preoperative Decision Support System Using a Web, edited by Aberer, K., Choi, K.-S., Noy, N., Allemang, D., Rule Engine and a Reasoner on a Clinical Ontology.” In Web Rea- Lee, K.-I., Nixon, L., Golbeck, J., et al., 267–80. Lecture Notes in soning and Rule Systems, edited by Polleres, A. and Swift, T., Computer Science 4825. Springer Berlin Heidelberg. 242–53. Lecture Notes in Computer Science 5837. Springer Ber- Kaplan, S., and Garrick, B. J. (1981). “On The Quantitative Defini- lin Heidelberg. tion of Risk.” Risk Analysis 1 (1): 11–27. Bouamrane, M.-M., Rector, A., and Hurrell, M. (2010). “Using Kohn, L. T., ed. (2008). To Err Is Human: Building a Safer Health OWL Ontologies for Adaptive Patient Information Modelling and System. 7. print. Washington, DC: National Acad. Press. Preoperative Clinical Decision Support.” Knowledge and Infor- Lenarz, T., and Laszig, R. (2012). “Cochlea-Implantat-Versorgung mation Systems 29 (2): 405–18. Und Zentral-Auditorische Implantate.” Clinical Practice Guide- Bunting, R. F., and Groszkruger, D. P. (2016). “From To Err Is Hu- line. Bonn: German Society of Oto-Rhino-Laryngology, Head man to Improving Diagnosis in Health Care: The Risk Manage- and Neck Surgery. ment Perspective.” Journal of Healthcare Risk Management 35 Mahajan, R. P. (2010). “Critical Incident Reporting and Learning.” (3): 10–23. British Journal of Anaesthesia 105 (1): 69–75. Edwards, I. R., and Aronson, J. K. (2000). “Adverse Drug Reac- Marcos, E., Zhao, B., and He, Y. (2013). “The Ontology of Vaccine tions: Definitions, Diagnosis, and Management.” The Lancet 356 Adverse Events (OVAE) and Its Usage in Representing and Ana- (9237): 1255–59. lyzing Adverse Events Associated with US-Licensed Human “Empfehlung Zur Einführung von CIRS Im Krankenhaus.” (2007). Vaccines.” Journal of Biomedical Semantics 4 (1): 40. Aktionsbündnis Patientensicherheit e.V. http://www.aps- “OHSAS 18001 (Occupation Health and Safety Assessment Se- ev.de/fileadmin/fuerRedakteur/PDFs/AGs/07-07-25-CIRS- ries).” (2007). Handlungsempfehlung.pdf. http://www.ircaglobal.com/EBMS_Demo_Published/OHSAS18 “FHIR: Fast Healthcare Interoperability Resources.” (2016). 001_View/SE___18001_Terms_Definitions.htm. http://hl7.org/implement/standards/fhir/index.html. “OntoMedRisk.” (2016). http://www.ontomedrisk.de/. Hansis, M. L., and Hart, D. (2007). Medizinische Behandlungsfehler Purdy, G. (2010). “ISO 31000:2009--Setting a New Standard for in Deutschland. unveränd. Nachdr. Gesundheitsberichterstattung Risk Management.” Risk Analysis: An Official Publication of the des Bundes, H. 2007,05. Berlin: Robert-Koch-Inst. Society for Risk Analysis 30 (6): 881–86. Herre, H. (2010). “General Formal Ontology (GFO): A Founda- Reefhuis, J., Honein, M. A., Whitney, C. G., Chamany, S., Mann, E. tional Ontology for Conceptual Modelling.” In Theory and Appli- A., Biernath, K. R., Broder, K., et al. (2003). “Risk of Bacterial cations of Ontology: Computer Applications, edited by Poli, R., Meningitis in Children with Cochlear Implants.” New England Healy, M., and Kameas, A., 297–345. Netherlands: Springer. Journal of Medicine 349 (5): 435–45. Herre, H., Heller, B., Burek, P., Hoehndorf, R., Loebe, F., and Riguzzi, F., Bellodi, E., Lamma, E., and Zese, R. (2013). “Compu- Michalek, H. (2006). “General Formal Ontology (GFO): A Foun- ting Instantiated Explanations in OWL DL.” In AI*IA 2013: Ad- dational Ontology Integrating Objects and Processes. Part I: Basic vances in Artificial Intelligence, edited by Baldoni, M., Baroglio, Principles (Version 1.0).” Onto-Med Report 8. Research Group C., Boella, G., and Micalizio, R., 397–408. Lecture Notes in Com- Ontologies in Medicine (Onto-Med), University of Leipzig. puter Science 8249. Springer International Publishing. He, Y., Sarntivijai, S., Lin, Y., Xiang, Z., Guo, A., Zhang, S., Jag- Roper, A. (1982). “Towards an Eliminative Reduction of Possible annathan, D., Toldo, L., Tao, C., and Smith, B. (2014). “OAE: Worlds.” Philosophical Quarterly 32 (126): 45–59. The Ontology of Adverse Events.” Journal of Biomedical Seman- Sigwarth, T., Loewe, K., Beck, E., Pelchen, L., and Schrader, T. tics 5 (1): 29. (2015). “Conceptual Ontology of Prospective Risk Analysis in Horridge, M., Bail, S., Parsia, B., and Sattler, U. (2011). “The Cog- Medical Environments - the OPT-Model-Ontology.” In 2015 nitive Complexity of OWL Justifications.” In The Semantic Web IEEE Seventh International Conference on Intelligent Computing – ISWC 2011, edited by Aroyo, L., Welty, C., Alani, H., Taylor, and Information Systems (ICICIS), 88–93. Cairo: IEEE. J., Bernstein, A., Kagal, L., Noy, N., and Blomqvist, E., 241–56. Stalnaker, R. (1986). “Possible Worlds and Situations.” Journal of Lecture Notes in Computer Science 7031. Springer Berlin Heidel- Philosophical Logic 15 (1): 109–23. berg. “The Foundation for Intelligent Physical Agents.” (2016). Horridge, M., Bail, S., Parsia, B., and Sattler, U. (2013). “Toward http://www.fipa.org/. Cognitive Support for OWL Justifications.” Knowledge-Based Third, A., Kaldoudi, E., Gkotsis, G., Roumeliotis, S., Pafili, K., and Systems 53 (November): 66–79. Domingue, J. (2015). “Capturing Scientific Knowledge on Medi- Horridge, M., Parsia, B., and Sattler, U. (2012). “Extracting Justifi- cal Risk Factors.” In . Palisades, NY, USA. cations from BioPortal Ontologies.” In The Semantic Web – ISWC Zalta, E. N. (1993). “Twenty-Five Basic Theorems in Situation and 2012, edited by Cudré-Mauroux, P., Heflin, J., Sirin, E., Tudor- World Theory.” Journal of Philosophical Logic 22 (4): 385–428. ache, T., Euzenat, J., Hauswirth, M., Parreira, J. X., et al., 287– 7