Using PVSio-web to Demonstrate Software Issues in Medical User Interfaces

  • Paolo MasciEmail author
  • Patrick Oladimeji
  • Paul Curzon
  • Harold Thimbleby
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9062)


We have used formal methods technology to investigate software and user interface design issues that may induce use error in medical devices. Our approach is based on mathematical models that capture safety concerns related to the use of a device. We analysed nine commercial medical devices from six manufacturers with our approach, and precisely identified 30 design issues. All identified issues can induce use errors that could lead to adverse clinical consequences, such as numbers being incorrectly entered. An issue with formal approaches is in making results accessible to developers, human factors experts and clinicians. In this paper, we use our tool PVSio-web to demonstrate the identified issues: PVSio-web allows us to generate realistic and interactive user interface prototypes from the same mathematical models used for analysis. Users can explore the behaviour of the prototypes by pressing buttons on realistic user interfaces that reproduce the functionality and visual representation of the real devices. Users can examine the device behaviour resulting from any interaction. Key sequences identified from analysis can be used to explore in detail the identified design issues in an accessible way.



Paul Jones and Yi Zhang (FDA), Julian Goldman and Dave Arney (Massachusetts General Hospital MD PnP Lab,, Marc Bloom and staff members of the Washington Adventist Hospital, and Paul Lee (Morriston Hospital, Swansea) helped us to validate our findings. This work is supported by EPSRC as part of CHI+MED (Computer-Human Interaction for Medical Devices [EP/G059063/1]).


  1. 1.
    Cauchi, A., Gimblett, A., Thimbleby, H.W., Curzon, P., Masci, P.: Safer 5-key number entry user interfaces using differential formal analysis. In: 26th Annual BCS Interaction Specialist Group Conference on People and Computers (BCS-HCI), pp. 29–38. British Computer Society (2012)Google Scholar
  2. 2.
    Center for Devices and Radiological Health: US Food and Drug Administration. Infusion Pump Improvement Initiative, White Paper (2010)Google Scholar
  3. 3.
    Harrison, M.D., Campos, J.C., Masci, P.: Reusing models and properties in the analysis of similar interactive devices. In: Innovations in Systems and Software Engineering, pp. 1–17 (2013)Google Scholar
  4. 4.
    Harrison, M.D., Masci, P., Campos, J.C., Curzon, P.: Demonstrating that medical devices satisfy user related safety requirements. In: 4th International Symposium on Foundations of Healthcare Information Engineering and Systems (2014)Google Scholar
  5. 5.
    Institute for Safe Medication Practices (ISMP). List of error-prone abbreviations, symbols and dose designations (2006)Google Scholar
  6. 6.
    Masci, P., Ayoub, A., Curzon, P., Harrison, M.D., Lee, I., Thimbleby, H.W.: Verification of interactive software for medical devices: PCA infusion pumps and FDA regulation as an example. In: 5th ACM SIGCHI Symposium on Engineering Interactive Computing Systems (EICS 2013). ACM Digital Library (2013)Google Scholar
  7. 7.
    Masci, P., Rukšėnas, R., Oladimeji, P., Cauchi, A., Gimblett, A., Li, Y., Curzon, P., Thimbleby, H.W.: On formalising interactive number entry on infusion pumps. ECEASST 45 (2011)Google Scholar
  8. 8.
    Masci, P., Rukšėnas, R., Oladimeji P., Cauchi, A., Gimblett, A., Li, Y., Curzon, P., Thimbleby, H.W.: The benefits of formalising design guidelines: a case study on the predictability of drug infusion pumps. In: Innovations in Systems and Software Engineering, pp. 1–21 (2013)Google Scholar
  9. 9.
    Masci, P., Zhang, Y., Jones, P., Curzon, P., Thimbleby, H.: Formal verification of medical device user interfaces using PVS. In: Gnesi, S., Rensink, A. (eds.) FASE 2014. LNCS, vol. 8411, pp. 200–214. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54804-8_14 CrossRefGoogle Scholar
  10. 10.
    Medtronic. Device safety information: accidental misprogramming of insulin delivery (2014). Report # 930M12226-011
  11. 11.
    Munoz, C.: Rapid prototyping in PVS. National Institute of Aerospace, Hampton, VA, USA, Technical report NIA, 3 (2003)Google Scholar
  12. 12.
    Oladimeji, P., Masci, P., Curzon, P., Thimbleby, H.W.: PVSio-web: a tool for rapid prototyping device user interfaces in PVS. In: 5th International Workshop on Formal Methods for Interactive Systems (FMIS 2013) (2013).
  13. 13.
    Owre, S., Rajan, S., Rushby, J.M., Shankar, N., Srivas, M.: PVS: combining specification, proof checking, and model checking. In: Alur, R., Henzinger, T.A. (eds.) CAV 1996. LNCS, vol. 1102, pp. 411–414. Springer, Heidelberg (1996). doi: 10.1007/3-540-61474-5_91 CrossRefGoogle Scholar
  14. 14.
    Rushby, J., Owre, S., Shankar, N.: Subtypes for specifications: predicate subtyping in PVS. IEEE Trans. Softw. Eng. 24(9), 709–720 (1998)CrossRefGoogle Scholar
  15. 15.
    Shankar, N., Owre, S.: Principles and pragmatics of subtyping in PVS. In: Bert, D., Choppy, C., Mosses, P.D. (eds.) WADT 1999. LNCS, vol. 1827, pp. 37–52. Springer, Heidelberg (2000). doi: 10.1007/978-3-540-44616-3_3 CrossRefGoogle Scholar
  16. 16.
    Simone, L.K.: Software-related recalls: an analysis of records. Biomed. Instrum. Technol. 47(6), 514–522 (2013). doi: 10.2345/0899-8205-47.6.514

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Paolo Masci
    • 1
    Email author
  • Patrick Oladimeji
    • 2
  • Paul Curzon
    • 1
  • Harold Thimbleby
    • 2
  1. 1.Queen Mary University of LondonLondonUK
  2. 2.Swansea UniversitySwanseaUK

Personalised recommendations