Abstract
A demonstration is presented of how automated reasoning tools can be used to check the predictability of a user interface. Predictability concerns the ability of a user to determine the outcomes of their actions reliably. It is especially important in situations such as a hospital ward where medical devices are assumed to be reliable devices by their expert users (clinicians) who are frequently interrupted and need to quickly and accurately continue a task. There are several forms of predictability. A definition is considered where information is only inferred from the current perceptible output of the system. In this definition, the user is not required to remember the history of actions that led to the current state. Higher-order logic is used to specify predictability, and the Symbolic Analysis Laboratory is used to automatically verify predictability on real interactive number entry systems of two commercial drug infusion pumps—devices used in the healthcare domain to deliver fluids (e.g., medications, nutrients) into a patient’s body in controlled amounts. Areas of unpredictability are precisely identified with the analysis. Verified solutions that make an unpredictable system predictable are presented through design modifications and verified user strategies that mitigate against the identified issues.
Similar content being viewed by others
Notes
Due to the constraints imposed by the functionalities of the other buttons, the down button may act as recall memory only when the display shows 99999.
References
List of errorprone abbreviations, symbols and dose designations (2006). http://www.ismp.org/tools/abbreviations/
Arney D, Jetley R, Jones P, Lee I, Sokolsky O (2007) Formal methods based development of a PCA infusion pump reference model: generic infusion pump (GIP) project. In: Joint Workshop on High Confidence Medical Devices, Software, and Systems and Medical Device Plug-and-Play Interoperability 0, pp 23–33. doi:10.1109/HCMDSS-MDPnP.2007.36
B-Braun Melsungen AG: Infusomat space and accessory: Instruction for use
Back J, Brumby DP, Cox AL (2010) Locked-out: investigating the effectiveness of system lockouts to reduce errors in routine tasks. In: Proceedings of the 28th of the international conference extended abstracts on Human factors in computing systems, CHI EA ’10. ACM, New York, pp 3775–3780. doi:10.1145/1753846.1754054
Bass EJ, Feigh KM, Gunter EL, Rushby JM (2011) Formal modeling and analysis for interactive hybrid systems. ECEASST 45
Bolton ML, Bass EJ (2010) Formally verifying human–automation interaction as part of a system model: limitations and tradeoffs. Innov Syst Softw Eng 6(3):219–231. doi:10.1007/s11334-010-19730129-9
Campos JC, Harrison MD (2009) Interaction engineering using the ivy tool. In: Proceedings of the 1st ACM SIGCHI symposium on Engineering interactive computing systems, EICS ’09. ACM, New York, pp 35–44. doi:10.1145/1570433.1570442
Campos JC, Harrison MD (2011) Modelling and analysing the interactive behaviour of an infusion pump. ECEASST 45
Cauchi A, Gimblett A, Thimbleby A, Curzon P, Masci P (2012) Safer “5-key” number entry user interfaces using differential formal analysis. In: 26th Annual Conference on Human–Computer Interaction, BCS-HCI
Degani A, Heymann M (2002) Formal verification of human–automation interaction. Human Factors 44(1):28–43
Department fo Health and Human Services, US Food and Drug Administration (2010) Total Product Life Cycle: Infusion Pump—Premarket Notification [510(k)] Submissions—Draft Guidance, April 2010
Dix AJ (1991) Formal methods for interactive systems. Computers and people series. Academic Press, San Diego. http://www.hiraeth.com/books/formal/
Dix AJ, Runciman C (1985) Abstract models of interactive systems. People and computers: designing the interface. Cambridge University Press, Cambridge, pp 13–22
Harrison MD, Thimbleby H (1985)Abstract models of interactive systems. In: Proceedings British Computer Society Conference on Human Computer Interaction (HCI’85). Cambridge University Press, Cambridge, pp 161–171
Endsley MR, Bolte B, Jones DG (2003) Designing for situation awareness: an approach to user-centered design. Taylor and Francis, Boca Raton
Health C (2006) Alaris GP volumetric pump: directions for use
Hinckley K, Cutrell E, Bathiche S, Muss T (2002) Quantitative analysis of scrolling techniques. In: Proceedings of the SIGCHI conference on Human factors in computing systems: changing our world, changing ourselves, CHI ’02. ACM, New York, pp 65–72. doi:10.1145/503376.503389
Javaux D (1998) Explaining sarter and woods’ classical results. In: Second Workshop on Human Error, Safety, and Software Design
Kim B, Ayoub A, Sokolsky O, Lee I, Jones P, Zhang Y, Jetley R (2011) Safety-assured development of the GPCA infusion pump software. In: Proceedings of the ninth ACM international conference on Embedded software, EMSOFT ’11. ACM, New York, pp 155–164. doi:10.1145/2038642.2038667
Leape L (1994) Error in medicine. J Am Med Assoc 272(23):1851–1857
Masci P, Rukšėnas R, Oladimeji P, Cauchi A, Gimblett A, Li Y, Curzon P, Thimbleby H (2011) On formalising interactive number entry on infusion pumps. ECEASST
Medicines and Healthcare products Regulatory Agency (MHRA) (2010) Device bulletin, infusion systems, db2003(02) v2.0. http://www.mhra.gov.uk/Publications/Safetyguidance/DeviceBulletins/CON007321
de Moura L, Owre S, Ruess H, Rushby J, Shankar N, Sorea M, Tiwari A (2004) SAL 2. In: Alur R, Peled DA (eds) Computer aided verification: CAV 2004, Lecture Notes in Computer Science, vol 3114. Springer, Berlin, pp 496–500
Norman DA (1983) Design rules based on analyses of human error. Commun ACM 26(4):254–258. doi:10.1145/2163.358092
Norman DA (2002) The Design of Everyday Things, reprint paperback edn. Basic Books, New York
Oladimeji P, Thimbleby H, Cox A (2011) Number entry interfaces and their effects on error detection. In: Proceedings of the 13th IFIP TC 13 international conference on Human–computer interaction—Volume Part IV, INTERACT’11. Springer, Berlin, pp 178–185. http://dl.acm.org/citation.cfm?id=2042283.2042302
Perrow C (1984) Normal accidents: living with high-risk technologies. Basic Books, New York
Reason J (1990) Human error, 1st edn. Cambridge University Press, Cambridge
Rushby J (2002) Using model checking to help discover mode confusions and other automation surprises. Reliab Eng System Safety 75(2):167–177. http://www.csl.sri.com/users/rushby/abstracts/ress02
Rushby JM (2001) Modeling the human in human factors. In: Proceedings of the 20th International Conference on Computer Safety, Reliability and Security, SAFECOMP ’01. Springer, London, pp 86–91. http://dl.acm.org/citation.cfm?id=647399.724851
Ryan M, Fiadeiro JL, Maibaum TSE (1991) Sharing actions and attributes in modal action logic. In: TACS, pp 569–593
Thimbleby H (2001) Permissive user interfaces. Int J Human Comput Studies 54(3):333–350. doi:10.1006/ijhc.2000.0442
Thimbleby H (2007) Interaction walkthrough: evaluation of safety critical interactive systems. In: Doherty G, Blandford A (eds) DSVIS 2006, The XIII International Workshop on Design, Specification and Verification of Interactive Systems, Lecture Notes in Computer Science, vol 4323. Springer, Berlin, pp 52–66
Thimbleby HW, Gimblett A (2011) Dependable keyed data entry for interactive systems. ECEASST 45
Trafton GJ, Monk CA (2007) Task interruptions. Rev Human Factors Ergonomics. 3(16):111–126. doi:10.1518/155723408X299852. http://www.ingentaconnect.com/content/hfes/rhfe/2007/00000003
Vincent (2011) Patient safety, 2nd edn. Wiley, New York
Acknowledgments
Funded as part of the CHI+MED: Multidisciplinary Computer-Human Interaction research for the design and safe use of interactive medical devices project, EPSRC Grant Number EP/G059063/1, and Extreme Reasoning, Grant Number EP/F02309X/1.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Masci, P., Rukšėnas, R., Oladimeji, P. et al. The benefits of formalising design guidelines: a case study on the predictability of drug infusion pumps. Innovations Syst Softw Eng 11, 73–93 (2015). https://doi.org/10.1007/s11334-013-0200-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11334-013-0200-4