This case study focuses on the requirements for a system that I have called the Mentcare system, which is a real system (although that is not its real name) which was used in a number of UK hospitals, including hospitals in Scotland. The system is designed for use in clinics attended by patients suffering from mental health problems and records details of their consultations and conditions. It is separate from a more general patient records system as more detailed information has to be maintained and the system has to be set up to generate letters and reports of different types and to help ensure that the laws pertaining to mental health are maintained by staff treating patients.
This is a secondary safety-critical system as system failure can lead to decisions that compromise the safety of the patient or the medical staff caring for the patient. There are also significant security and privacy considerations that have to be taken into account in the Mentcare system.
Use of this case study in teaching
I use this case study to discuss general issues of around the requirements for information systems where the system dependability is important and security is a significant concern. It is particularly useful for highlighting requirements conflicts as there is a clear conflict between requirements for patient privacy and safety requirements for maintaining the safety of the patient and their carers.
The case study is also useful in any course on requirements engineering as a complete requirements document for the system is available. This illustrates how requirements documents may be organized and can be used as a basis for discussing the issues and problems in developing requirements documents.
This document is a ‘complete’ requirements document for the system that reflects what might be produced by a system procurer when issuing a request for a new system. As such, I have deliberately not corrected all of the omissions and inconsistencies in the document and I do not intend to do so. I have used this document in a requirements engineering course where I have set students the task of discovering conflicts in the document and proposing new requirements that resolve (wherever possible) these conflicts.
The following paper describes an approach to requirements engineering that was developed to take account of system-wide dependability and security requirements. This uses examples from the system from which the Mentcare requirements were defined. The presentation discusses the use of this approach in deriving requirements for the Mentcare system.
The general approach to requirements engineering based on viewpoints and concerns was further developed in the PreView method that is described in the following paper.