Terminology Service — Service Risk Register
Status: populated Owner: TBD Last updated: 2026-04-18 Companion: Service Template · 11 risks-and-tradeoffs
1. Risk Register
| Risk ID | Risk | Likelihood | Impact | Owner | Mitigation | Status |
|---|---|---|---|---|---|---|
| RISK-TERM-01 | Licensed data not available at deployment — LOINC/SNOMED/RxNorm licenses not obtained or ETL not run; service starts with empty concept table | Low | Critical | Platform Ops | Readiness probe blocks traffic until concept count > threshold; ETL job must complete before rollout; deployment runbook documents data procurement steps | Open |
| RISK-TERM-02 | Licensed terminology data committed to source repo — developer accidentally includes copyrighted SNOMED RF2 or RxNorm RRF files | Low | High | Engineering Lead | .gitignore rules for all known licensed file types; pre-commit hook scans for licensed data file signatures; periodic audit of git log | Open |
| RISK-TERM-03 | Stale drug interaction data — drug interaction or contraindication table not updated when licensing source publishes safety-critical severity changes | Medium | High | Clinical Safety Officer | Quarterly ETL update schedule enforced; terminology.etl.last_success_age metric alerts after 7 days; ETL run documented as compliance obligation | Open |
| RISK-TERM-04 | Full-text search index bloat after large import — GIN index grows excessively; search latency breaches SLO | Medium | Medium | Platform SRE | Post-import REINDEX CONCURRENTLY in ETL job; search latency alert fires at 500ms; index maintenance runbook in place | Open |
| RISK-TERM-05 | Tenant custom concept duplicate of global concept — tenant admin creates a concept that shadows a global SNOMED/LOINC code, causing lookup inconsistencies | Low | Medium | Engineering Lead | Uniqueness index enforces (tenant_id, system, code) uniqueness; API returns 409 CONFLICT if tenant code matches an existing global code in the same system | Open |
| RISK-TERM-06 | Cache stampede on Redis eviction — simultaneous expiry of hot concept keys causes thundering herd against PostgreSQL | Medium | Medium | Platform SRE | TTL jitter (±5%) on cache write; Redis SETNX-based locking for expensive $expand computations; Redis capacity right-sized for hot concept set | Open |
| RISK-TERM-07 | Offline edge snapshot outdated — edge deployment runs with terminology snapshot > 6 months old; drug interaction severity changes missed | Medium | High | Platform Ops | Snapshot age limit enforced (12 months hard stop); alert on edge instances running snapshot older than 6 months; quarterly snapshot generation schedule | Open |
| RISK-TERM-08 | Afghanistan SNOMED affiliate license lapse — MoPH affiliate license not renewed; SNOMED data cannot be legally used or updated | Low | High | MoPH / Legal | License renewal tracked in compliance calendar; minimum 6-month advance notice required; fallback to ICD-10-CM if SNOMED unavailable | Open |
2. Open Questions
- Confirm the clinical knowledge source vendor for drug interaction data (Multum vs. DrugBank vs. NDF-RT) — affects licensing model and ETL format.
- Clarify whether ICD-10-AM (Australian adaptation used regionally) needs to be added alongside ICD-10-CM for Afghan private hospital tenants.