Towards Patient Safety in Closed-Loop Medical Device Systems Authors David Arney, Miroslav Pajic, Julian Goldman, Insup Lee, Rahul Mangharam, Oleg Sokolsky.

Slides:



Advertisements
Similar presentations
Please wait……….. CHAPTER 12 AUTOMATED DISPENSING CABINETS (ADCs) - is a computerized point-of-use medication management system that is designed to replace.
Advertisements

Pre-reading about Patient Controlled Analgesia (PCA) for Children Royal Children’s Hospital Melbourne Australia.
T OWARD P ATIENT S AFETY IN C LOSED -L OOP M EDICAL D EVICE S YSTEMS By- Rakheesh Kotagiri.
Chapter 19: Network Management Business Data Communications, 5e.
Primary Goal: To demonstrate the ability to provide efficient and accurate ICU care, formally close the ICU event with the patient’s PCP, and show interoperability.
1 © ECRI Institute 2011 Wake up! This is alarming! ALARM FATIGUE Kara Polichetti.
ICE-PAC Kickoff Meeting. Gap Analysis A proposed approach to this gap analysis is a two phase approach – Phase I: Identify Gaps using three responses.
MD PnP Program brief overview for OHT BoD Meeting September 9, 2011 Julian M. Goldman, MD Attending Anesthesiologist, Massachusetts General Hospital Medical.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.
Epidural Analgesia Chart – adult Education Slide Presentation A presentation prepared by the Pain Interest Group Nursing Issues in association with the.
ACap™ Confirm. ACap™ Confirm ACap™ Confirm Benefits Automatic algorithm to adjust the atrial pacing amplitude to address changing atrial thresholds.
Medical Device Interoperability: From Abstract Concepts to Clinical Improvement Collaborative Innovation at the Bedside: A Case Study May 31, 2008 Yadin.
Bastien DURAND Karen GODARY-DEJEAN – Lionel LAPIERRE Robin PASSAMA – Didier CRESTANI 27 Janvier 2011 ConecsSdf Architecture de contrôle adaptative : une.
Ensuring Patient Safety in Wireless Medical Device Networks Presented by: Eric Flickner Chris Hoffman.
Chapter 19: Network Management Business Data Communications, 4e.
Slide 1 Client / Server Paradigm. Slide 2 Outline: Client / Server Paradigm Client / Server Model of Interaction Server Design Issues C/ S Points of Interaction.
Infusion Pump Controller Requirements Definition A Decision-Table Approach by Richard Riehle.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Critical Care Bioinformatics at Columbia University Medical Center J. Michael Schmidt, PhD Neurological Institute of New York Columbia University College.
Autonomic Wireless Sensor Networks: Intelligent Ubiquitous Sensing G.M.P. O’Hare, M.J. O’Grady, A. Ruzzelli, R. Tynan Adaptive Information Cluster (AIC)
8/3/011 Formal methods for CARA development Insup Lee (Univ. of Pennsylvania) Rance Cleaveland (SUNY at Stony Brook) Elsa Gunter (NJIT)
SNAL Sensor Networks Application Language Alvise Bonivento Mentor: Prof. Sangiovanni-Vincentelli 290N project, Fall 04.
Federal HIT Summit Nov 20, 2014 Washington, DC
5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.
Post Test 1.What is this red button used for? a)To stop an infusion. b)To stop any infusion in progress. c)To stop any infusion in progress in emergency.
FDASIA WG Regulations Sub-Group Report Out HIT Policy Committee FDASIA WG May
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 10 Slide 1 Critical Systems Specification 3 Formal Specification.
Zhihao Jiang, Rahul Mangharam PRECISE Center University of Pennsylvania.
Assessing Pain What is pain? Do you believe that “perception is reality”? What are EB clinical practice guidelines?? What if client non-verbal, or you.
UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine1 CSE 503 – Software Engineering Lecture 2: Jackson Problem Frames Rob DeLine 31 Mar 2004 Thanks.
G4 Control and Management Solution for Data- Centers and Computer Rooms.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
BAND-AiDe: A Tool for Cyber-Physical Oriented Analysis and Design of Body Area Networks and Devices Authors: Ayan Banerjee, Sailesh Kandula, Tridib Mukherjee.
Chapter 1- “Diversity” “In higher education they value diversity of everything except thought.” George Will.
ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.
Topics Covered: Software requirement specification(SRS) Software requirement specification(SRS) Authors of SRS Authors of SRS Need of SRS Need of SRS.
Business Analysis and Essential Competencies
The Disposable Infusion Pump Instruction Basal + PCA Bolus Model.
The 11th Global Conference on Ageing 28 May – 1 June 2012 Prague Research on usability for ICT system to improve the health of dependent elderly people.
What is a Business Analyst? A Business Analyst is someone who works as a liaison among stakeholders in order to elicit, analyze, communicate and validate.
University of Toronto Department of Computer Science © Steve Easterbrook. This presentation is available free for non-commercial use with attribution.
BE-SECBS FISA 2003 November 13th 2003 page 1 DSR/SAMS/BASP IRSN BE SECBS – IRSN assessment Context application of IRSN methodology to the reference case.
Us Case 5 ICU Event with Pharmacy and Pt Monitoring and Follow-up Care by PCP Care Theme: Transitions of Care, Medical Device Integration Use Case 15 Interoperability.
Interactive CARA Simulation Prof. Insup Lee. Hierarchical EFSM Specification for CARA.
Historical Aspects Origin of software engineering –NATO study group coined the term in 1967 Software crisis –Low quality, schedule delay, and cost overrun.
Model Checking and Model-Based Design Bruce H. Krogh Carnegie Mellon University.
Safety-Critical Systems 7 Summary T V - Lifecycle model System Acceptance System Integration & Test Module Integration & Test Requirements Analysis.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Slide 1 Critical Systems Specification 1.
Roles of Clinician and Engineer in Design and Evaluation of Autonomous Critical Care Devices What are the knowledge gaps? 1 University of Maryland 1 Lex.
PCD User Handbook 2010 Purpose The Handbook is designed to help healthcare professionals implement IHE on a new clinical system purchase or upgrade an.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
Relying on Safe Distance to Achieve Strong Partitionable Group Membership in Ad Hoc Networks Authors: Q. Huang, C. Julien, G. Roman Presented By: Jeff.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Håkan L. S. YounesDavid J. Musliner Carnegie Mellon UniversityHoneywell Laboratories Probabilistic Plan Verification through Acceptance Sampling.
1 Session 3:Healthcare Provider, Clinician & Patient Perspective Julian M. Goldman, MD Medical Director, Biomedical Engineering Partners HealthCare, Boston,
Medical Device CPS Testbeds: Candidate Testbed for Research and Development on Cyber Physical Medical Device Systems Julian M. Goldman, MD Medical Director,
Improving Medication Safety: Closing the Loop with Smart Infusion Systems and EHR Interoperability Presented by: Tim Vanderveen, PharmD, MS.
Fire Fighting Robotic Vehicle. Introduction:  It is designed to develop a fire fighting robot using RF technology for remote.
Luca Pazzi & Marco Pradelli Department of Information Engineering
CASE STUDIES * System Engineering, 9th Edition Sommerville.
Luca Pazzi, Marco Pradelli University of Modena and Reggio Emilia
SOFTWARE TESTING Date: 29-Dec-2016 By: Ram Karthick.
Testbed for Medical Cyber-Physical Systems
Network Life Cycle Created by Michael Law
Assessing the safety of a nurse call system using STPA
MultiBolus II™ Designed to address the unique Clinical Requirements & Needs of CPNB April 2016.
Rigorous Development Of a Safety-Critical System Based on Coordinated Atomic Actions By Subash M S.
Clinical Alarm Systems - NPSG Goal # 6 -
Baisc Of Software Testing
Presentation transcript:

Towards Patient Safety in Closed-Loop Medical Device Systems Authors David Arney, Miroslav Pajic, Julian Goldman, Insup Lee, Rahul Mangharam, Oleg Sokolsky Presenter Velin Dimitrov

Nurses and other clinicians deal with a multitude of tasks They need to quickly assess dangerous situations and take preventive action Delays are life-threatening Adding autonomy to medical devices will relieve the burden on nurses Need

The clinician “closes the loop” Alarm sounds when sensor passes threshold Clinician arrives to assess the situation Clinician must first acquaint themselves Clinician takes action Typical Clinical Setting

What if devices themselves could sense common fault/dangerous conditions and respond more quickly than a clinician could? Human caregiver will always be in the loop! Proposal

ControllerPlantSensors Bridge to Control Systems

Formal, timed automata based model  UPPAAL tool  Exhaustively test system behaviors in failure mode  Timing constraints from dynamic model Detailed, informal model  Simulink/MATLAB  Captures dynamics of human/device interaction Two Models

MD PnP and ICE Architecture Case Study

Patient Control Analgesia (PCA) pump Provide pain meds to patient  Customized dosing Programmed limits on how many doses can be delivered Clinical Use Case

Mis-programming Overestimation of maximum dose Wrong concentration Accidental pressing of button These failures cannot be currently avoided Modes of Failure

System

Control Loop

Programmed by caregiver  Normal rate of infusion  Increased rate of bolus  Bolus total duration  Drug limit Built in sensors to catch device faults Network interface for status  No pumps can currently accept control sigs PCA Pump

Measure SpO2 and HR Finger clip sensor Ratio of IR to red light Amplitude Pulse Oximeter

Pain, Pain-controlled, Overmedicated Critical Region  Overdose, Respiratory distress  SpO2 <70%, HR <11.5 bpm Drug level is a linear mapping to HR and SpO2 in this model Patient Model

Decides when to stop pump to keep patient out of critical region Clinical application script (CAS) Alarming Region Sp02 <90% or HR <57 bpm Notify caregiver – Alarming condition Supervisor Model

Communication Structure

Will the system function correctly? Finding faults and recovering gracefully Verification and Validation

Formal Model –Pulse Oximeter

Formal Model – PCA Pump

Formal Model - Supervisor

Formal Model - Patient

Formal Model - Network

Check that the pain eventually goes up in the model Check that the pump is stopped in the alarming condition Verifying Safety Properties

Used to determine the timing/rate parameters that make the system safe Models patient dynamics, network delays, pump delays Informal, Detail Simulink Models

System

Patient Model

PCA pump will always be stopped before we reach critical condition Safety Requirement

Variables

Finding t_crit

alpha is 0.001s^-1 Half life of drug is 11.5 minutes For H1 = 90% and H2 = 70% Tcrit = 26.8 minutes Comparing Time Delays to tcrit

Supervisor control algorithm and pump design must maintain open-loop stability Essentially adding capability to limit given dose per command from the supervisor – activation command Network Delay Tolerance

Disregard button pressed for tdel time units t_del must be less than t_safe for this to work t_del

t_safe t_safe must satisfy the following condition

dl_max = 100, Hdl_2 = 85.71, Hdl_1 = 28.57, dl_cur = 20 This corresponds to alarm/critial cond t_safe = 1723 sec t_safe

Supervisor dynamically sets max drug level Retrofittable Solution

Alaris 8210 SpO2 mdoule connects to Alaris 8000 pump controller Tightly integrated system from single vendor Need good model that captures whole process of drug delivery Pharmacokinetic models are not sufficient Related and Future Work

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.