Risk Analysis (Expanded Draft)

Note: Structured, ID-based quality risk tracking is being maintained in Docs/Quality/RiskAnalysis.md with linkage to requirements/design/tests through Docs/Quality/TraceabilityMatrix.md. This document remains the broader risk narrative.

This document captures technical, clinical, operational, and regulatory risks derived from the 23 Jan 2026 protocol and the current project direction (OmniPod DASH + Dexcom G7 + BB algorithm integration). It will evolve with implementation details.

Clinical Safety Risks

Hypoglycemia in early pregnancy due to increased insulin sensitivity.
Postprandial hypoglycemia from increased meal bolus fraction (90%).
Hyperglycemia from under-dosing during late-pregnancy insulin resistance.
DKA/HHS risk if pump delivery fails or CGM data is missing.
Nausea/vomiting and unpredictable intake causing dosing mismatch.
Overly aggressive targets (90/100 mg/dL) increasing time below range.

Algorithm and Control Risks

Adaptation rate too slow for rapid insulin resistance changes.
Adaptation rate too aggressive leading to instability or oscillation.
Meal announcement ambiguity (less/usual/more) yields inconsistent dosing.
Failure to revert meal bolus fraction when postprandial lows occur.
Incorrect basal behavior during CGM downtime (weight-based fallback).
Offline basal fallback may over- or under-deliver insulin if it diverges from current needs, especially after prolonged disconnection.

Device and Integration Risks

CGM data gaps, sensor failure, or calibration issues cause unsafe dosing.
Bluetooth interruptions (> 2 hours) delay controller updates.
Bluetooth permission denial or restricted access prevents CGM onboarding.
Pump command failures or occlusions cause missed insulin delivery.
OmniPod DASH delivery constraints conflict with algorithm assumptions.
OmniPod DASH onboarding settings (basal schedule, max bolus, reminders) conflict with algorithm-driven dosing if left user-configurable.
Water exposure or disconnection limits (removed for showering) create gaps.
iOS background execution limits can delay algorithm runs if BLE events are absent.

User Experience and Adherence Risks

Users misunderstand alarms and do not perform confirmatory fingersticks.
Users fail to perform ketone checks when required.
Inconsistent meal announcements (missing meals or misclassified sizes).
Alarm fatigue leading to ignored low/high alerts.
Incorrect infusion set replacement timing leads to delivery failure.

Data Quality and Monitoring Risks

Missing CGM data degrades time-in-range metrics and analyses.
Incorrect calculation of pregnancy-specific metrics (63-140 mg/dL).
Loss or corruption of device logs impairs safety review and auditability.
Incomplete documentation of adverse events and device issues.

Operational and Study Risks

Enrollment constraints (eligibility, exclusions) reduce target sample size.
Requirement for Fiasp and medication washout complicates onboarding.
Inadequate training increases misuse of the system.
Follow-up cadence not maintained, reducing safety oversight.
Long-acting insulin supplementation (high dose scenario) misapplied.

Regulatory and Compliance Risks

Pregnancy configuration is off-label; may require IDE approval.
Adverse event reporting timelines not met (72-hour severe events).
DSMB oversight requires reliable, timely data summaries.
Data de-identification failures could breach confidentiality.

Security and Privacy Risks

CGM/pump data transmission or storage breaches.
Improper handling of identifiable data in logs or exports.

Mitigations (Initial)

Conservative low-glucose safeguards and escalation pathways.
Explicit workflows for CGM downtime and pump failure fallbacks.
Clear Bluetooth permission prompts and error states for CGM setup.
Clear, guided alarm response flows with fingerstick validation.
Robust ketone action plan prompts and documentation.
Audit trails for dosing, targets, algorithm state, and device faults.
Lock or streamline pump onboarding settings to align with algorithm control.
Data redundancy for CGM streams and periodic integrity checks.
Clinician-controlled target adjustments; limit user self-adjustment.
Use multiple wake strategies (BLE events, BGTaskScheduler, HealthKit background delivery, optional silent push) and implement catch-up logic on resume.
Make offline mode obvious, log the transition, and cap offline basal duration.

Open Questions

Final safety thresholds for alarms and escalation in the app context.
How to implement or integrate DSMB-ready reporting and summaries.
OmniPod DASH API constraints on dosing precision and failure states.
Expected minimum data completeness for analysis in this app context.

Traceability (Initial)

R-CLIN-TARGETS: Pregnancy targets (63-140 mg/dL, fasting 70-95).
Risk: Hypoglycemia if algorithm or targets too aggressive.
R-ALG-LOW-TARGETS: Add 90/100 mg/dL targets.
Risk: Increased time < 54 mg/dL.
R-ALG-MEAL90: Meal bolus 90% of learned requirement.
Risk: Postprandial hypoglycemia or overshoot.
R-ALERTS: Low/high alert logic and response.
Risk: Alarm fatigue, missed intervention.
R-KETONE: Ketone checks and escalation.
Risk: DKA if checks skipped.
R-CGM-DOWN: CGM downtime behavior.
Risk: Unsafe basal/bolus during missing CGM.
R-DATA-METRICS: Time-in-range computation and logs.
Risk: Incorrect outcome reporting.

Additional Risk Controls (Proposed)

Lock pregnancy targets to clinician control; log all changes.
Require acknowledgment for missed meal announcements or long CGM gaps.
Safety guardrails for rapid target reductions (stepwise, time-based).
Automated prompts for ketone checks at defined thresholds.
Data completeness checks with user notification when < 70% CGM coverage.

Residual Risks and Acceptance

Some hypoglycemia risk is inherent to tighter targets in pregnancy.
CGM and pump failure risks cannot be eliminated; require robust fallback.
User adherence remains a variable; training and alerts reduce but do not remove.