ABSTRACT
We propose a reference architecture aimed at supporting the safety and security of medical devices. The ISOSCELES (Intrinsically Secure, Open, and Safe Cyber-Physically Enabled, Life-Critical Essential Services) architecture is justified by a collection of design principles that leverage recent advances in software component isolation based on hypervisor and other separation technologies. The instantiation of the architecture for particular medical devices is supported by a development process based on Architecture Analysis and Design Language. The architecture models support safety and security analysis as part of a broader risk management framework. The models also can be used to derive skeletons of the device software and to configure the platform's separation policies and an extensive set of services. We are developing prototypes of the architecture and example medical device instantiations on low-cost boards that can be used in product solutions. The prototype and supporting development and assurance artifacts are being released under an open-source license.
Subject(s)
Biomedical Engineering , Computer Security , Medical Device Legislation , Software , Equipment Design , Equipment Safety , Equipment and Supplies , HumansABSTRACT
The complexity of medical devices and the processes by which they are developed pose considerable challenges to producing safe designs and regulatory submissions that are amenable to effective reviews. Designing an appropriate and clearly documented architecture can be an important step in addressing this complexity. Best practices in medical device design embrace the notion of a safety architecture organized around distinct operation and safety requirements. By explicitly separating many safety-related monitoring and mitigation functions from operational functionality, the aspects of a device most critical to safety can be localized into a smaller and simpler safety subsystem, thereby enabling easier verification and more effective reviews of claims that causes of hazardous situations are detected and handled properly. This article defines medical device safety architecture, describes its purpose and philosophy, and provides an example. Although many of the presented concepts may be familiar to those with experience in realization of safety-critical systems, this article aims to distill the essence of the approach and provide practical guidance that can potentially improve the quality of device designs and regulatory submissions.
Subject(s)
Biomedical Technology/standards , Equipment Design/standards , Equipment Safety/standards , Equipment and Supplies/standards , Guidelines as Topic , Societies/organization & administration , Computer-Aided Design/standards , United StatesABSTRACT
This paper proposes a set of communication patterns to enable the construction of medical systems by composing devices and apps in Integrated Clinical Environments (ICE). These patterns abstract away the details of communication tasks, reduce engineering overhead, and ease compositional reasoning of the system. The proposed patterns have been successfully implemented on top of two distinct platforms (i.e., RTI Connext and Vert.x) to allow for experimentation.
Subject(s)
Medical Records Systems, Computerized , Blood Pressure/physiology , Computer Communication Networks/instrumentation , Humans , Internet , Models, Theoretical , Monitoring, Physiologic , OximetryABSTRACT
We describe a preliminary set of security requirements for safe and secure next-generation medical systems, consisting of dynamically composable units, tied together through a real-time safety-critical middleware. We note that this requirement set is not the same for individual (stand-alone) devices or for electronic health record systems, and we must take care to define system-level requirements rather than security goals for components. The requirements themselves build on each other such that it is difficult or impossible to eliminate any one of the requirements and still achieve high-level security goals.
ABSTRACT
The dynamic nature of the medical domain is driving a need for continuous innovation and improvement in techniques for developing and assuring medical devices. Unfortunately, research in academia and communication between academics, industrial engineers, and regulatory authorities is hampered by the lack of realistic non-proprietary development artifacts for medical devices. In this paper, we give an overview of a detailed requirements document for a Patient-Controlled Analgesic (PCA) pump developed under the US NSF's Food and Drug Administration (FDA) Scholar-in-Residence (SIR) program. This 60+ page document follows the methodology outlined in the US Federal Aviation Administrations (FAA) Requirements Engineering Management Handbook (REMH) and includes a domain overview, use cases, statements of safety & security requirements, and formal top-level system architectural description. Based on previous experience with release of a requirements document for a cardiac pacemaker that spawned a number of research and pedagogical activities, we believe that the described PCA requirements document can be an important research enabler within the formal methods and software engineering communities.
