Abstract
Infusion pumps are commonly used in home/hospital care to inject drugs into a patient at programmable rates over time. However, in practice, a combination of faults including software errors, mechanical failures and human error can lead to catastrophic situations, causing death or serious harm to the patient. Dependability analysis techniques such as failure mode effect analysis (FMEA) can be used to predict the worst case outcomes of such faults and facilitate the development of remedies against them.
In this paper, we present the use of model-checking to automate the dependability analysis of programmable, real-time medical devices. Our approach uses timed and hybrid automata to model the real-time operation of the medical device and its interactions with the care giver and the patient. Common failure modes arising from device failures and human error are modeled in our framework. Specifically, we use “mistake models” derived from human factor studies to model the effects of mistakes committed by the operator. We present a case-study involving an infusion pump used to manage pain through the infusion of analgesic drugs. The dynamics of analgesic drugs are modeled by empirically validated pharmacokinetic models. Using model checking, our technique can systematically explore numerous combinations of failures and characterize the worse case effects of these failures.
This material is based upon work supported by the National Science Foundation (NSF) under award no. 1035845.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Anonymous (Alberta, R.N.). Lack of standard dosing methods contributes to i.v. infusion errors. Institute for Safe Medication Practices (ISMP) Medication Alert, 64(4) (April 2008)
Arney, D., Jetley, R., Jones, P., Lee, I., Sokolsky, O.: Formal methods based development of a PCA infusion pump reference model: Generic infusion pump (GIP) project. In: Proc. High Confidence Medical Devices, Software Systems and Medical Device Plug and Play Interoperability (2007)
Arney, D.E., Jetley, R., Jones, P., Lee, I., Ray, A., Sokolsky, O., Zhang, Y.: Generic infusion pump hazard analysis and safety requirements: Version 1.0, CIS Technical Report, University of Pennsylvania. (2009), http://repository.upenn.edu/cis_reports/893 (accessed May 2011)
Bates, D.W., Vandervreen, T., Seger, D., Yamaga, C., Rothschild, J.: Variability in intravenous medical practices: Implications for medication safety. J. Joint Commission on Accredication of Healthcare Organizations 31(4), 203–210 (2005)
Biere, A., Cimatti, A., Clarke, E., Zhu, Y.: Symbolic model checking without bDDs. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, pp. 193–207. Springer, Heidelberg (1999)
Bolton, M.L., Bass, E.J.: Formally verifying human-automation interaction as part of a system model: limitations and tradeoffs. Innovations Syst. Softw. Eng. 6, 219–231 (2010)
Bozzano, M., Cimatti, A., Tapparo, F.: Symbolic fault tree analysis for reactive systems. In: Namjoshi, K.S., Yoneda, T., Higashino, T., Okamura, Y. (eds.) ATVA 2007. LNCS, vol. 4762, pp. 162–176. Springer, Heidelberg (2007)
Bozzano, M., Cimatti, A., Katoen, J.-P., Nguyen, V.Y., Noll, T., Roveri, M.: The COMPASS approach: Correctness, modelling and performability of aerospace systems. In: Buth, B., Rabe, G., Seyfarth, T. (eds.) SAFECOMP 2009. LNCS, vol. 5775, pp. 173–186. Springer, Heidelberg (2009)
Brady, J.L.: First, do no harm: Making infusion pumps safer. Biomedical Instrumentation & Technology 44(5), 372–380 (2010)
Brooks, P.A., Memon, A.M.: Automated GUI testing guided by usage profiles. In: Prof. ASE 2007, pp. 333–342. IEEE Press, Los Alamitos (2007)
Chinnapongse, V., Lee, I., Sokolsky, O., Wang, S., Jones, P.: Model-based testing of GUI-driven applications. In: Lee, S., Narasimhan, P. (eds.) SEUS 2009. LNCS, vol. 5860, pp. 203–214. Springer, Heidelberg (2009)
Clarke, E.M., Grumberg, O., Peled, D.A.: Model Checking. MIT Press, Cambridge (1999)
de Moura, L.M., Bjørner, N.: Z3: An efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)
Degani, A., Heymann, M.: Formal Verification of Human-Automation Interaction. Human Factors 44(1), 28–43 (2002)
Dekker, S.: The Field Guide to Understanding Human-Error. Ashgate Publishing (2006)
Dutertre, B., de Moura, L.: The YICES SMT solver. Cf., http://yices.csl.sri.com/tool-paper.pdf (last viewed January 2009)
Ebeling, C.E.: Introduction to Reliability and Maintainability Engineering. Waveland Inc. (2005)
Egan, T., Lemmens, H., Fiset, P., Hermann, D., Muir, K., Stanski, D., Shafer, S.: The pharamcokinetics of the new short acting opioid remifentanil (G187084B) in healthy adult male volunteers. Anesthesiology 74, 881–892 (1996)
Fields, R.: Analysis of erroneous actions in the design of critical systems. PhD thesis, University of York (January 2001)
Grissinger, M.: Misprogram a PCA pump? it’s easy!, July 2004. ISMP Medication Safety Alert. (accessed May 2011)
Henzinger, T.A.: The theory of hybrid automata. In: LICS 1996, pp. 278–292. IEEE, Los Alamitos (1996)
Hollnagel, E.: Human Reliability Analysis Context and Control. Computer And People Series. Academic Press Inc., San Diego (1993)
Hollnagel, E.: Cognitive Reliability and Error Analysis Method. Elsevier, Institutt for Energiteknikk, Halden, Norway (1998)
Institute for Safe Medication Practices Canada. Fluorocil incident root-cause analysis (2007), http://www.cancerboard.ab.ca/NR/..
Joshi, A., Miller, S.P., Heimdahl, M.P.: Mode confusion analysis of a flight guidance system using formal methods. In: 22nd IEEE Digital Avionics Systems Conference, DASC 2003 (October 2003)
Kallen, A.: Computational Pharmacokinetics. Chapman & Hall, Boca Raton (2007)
Kirwan, B.: A Guide to Practical Human Reliability Assessment. Taylor & Francis, Abington (1994)
Lesar, T.S.: Errors in the useof medication dosage equations. Archives of Pediatric Adoloscent Medicine 152, 340–344 (1998)
Leveson, N.G., Palmer, E.: Designing automation to reduce operator errors. In: IEEE Trans. on Systems, Man, and Cybernetics, p. 7 (October 1997)
McClain, D.A., Hug, C.C.: Intravenous fentanyl kinetics. Clinical Pharmacology & Therapeutics 28(1), 106–114 (1980)
Nieuwenhuis, R., Oliveras, A., Tinelli, C.: Solving SAT and SAT modulo theories: From an abstract davis–putnam–logemann–loveland procedure to DPLL(T). J. ACM 53(6), 937–977 (2006)
Paiva, A., Faria, J.C.P., Tillmann, N., Vidal, R.F.A.M.: A model-to-implementation mapping tool for automated model-based GUI testing. In: Lau, K.-K., Banach, R. (eds.) ICFEM 2005. LNCS, vol. 3785, pp. 450–464. Springer, Heidelberg (2005)
Palanque, P.: Formal Methods in Human-Computer Interaction. Springer-Verlag New York, Inc, Heidelberg (1997) ISBN 3540761586
Paternó, F., Santoro, C.: Integrating model checking and HCI tools to help designers verify user interface properties. In: Paternó, F. (ed.) DSV-IS 2000. LNCS, vol. 1946, pp. 135–150. Springer, Heidelberg (2001)
Pérez-Castañeda, G., Aubry, J.-F., Brinzei, N.: Stochastic hybrid automata model for dynamic reliability assessment. Journal of Risk and Reliability 225(1), 28–41 (2011)
Reason, J.T.: Human Error. Cambridge University Press, Cambridge (1990)
Rothschild, J., Keohane, C., Cook, E., Orav, E., Burdick, E., Thompson, S., Hayes, J., Bates, D.: A controlled trial of smart infusion pumps to improve medication safety in critically ill patients. Critical care medicine 33(3) (2005)
Rushby, J.: Using model checking to help discover mode confusions and other automation surprises. In: Proc. HESSD 1999 (June 1999)
Sartori, V., Schumacher, P.M., Bouillon, T., Luginbuehl, M., Morari, M.: On-line estimation of propofol pharamacodynamic parameters. In: Proc. Conference on Engineering in Medicine and Biology, pp. 74–77. IEEE Press, Los Alamitos (2005)
Schein, J., Hicks, R., Nelson, W., Sikirica, V., Doyle, D.: Errors in the postoperative period: Causes and prevention. Drug Safety 32(7), 549–559 (2009)
Shafer, S.L., Siegel, L.C., Cooke, J.E., Scott, J.C.: Testing computer-controlled infusion pumps by simulation. Anesthesiology 68, 261–266 (1988)
Siu, N.: Risk assessment for dynamic systems: An overview. Reliability Engineering & System Safety 43(1), 43–73 (1994)
Tabuada, P.: Verification and Control of Hybrid Systems: A Symbolic Approach. Springer, Heidelberg (2009)
Thimbleby, H.: Ignorance of interaction programming is killing people. ACM Interactions, 52–57 (2008)
Thimbleby, H.: Contributing to safety and due diligence in safety-critical interactive systems development. In: ACM SIGCHI, EICS 2009, pp. 221–230 (2009)
Thimbleby, H.: Is it a dangerous prescription? BCS Interfaces 84, 5–10 (2010)
Trbovich, P.L., Pinkney, S., Cafazzo, J.A., Easty, A.: The impact of traditional and smart pump infusion technology on nurse medication administration performance in a simulated inpatient unit. Qual. Saf. Health Care 19, 430–434 (2010)
Vuyk, J., Mertens, M.J., Olofsen, E., Burm, A.G., Bovill, J.G.: Propofol anesthesia and rational opioid selection. Anesthesiology 87(6), 1549–2562 (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sankaranarayanan, S., Homaei, H., Lewis, C. (2011). Model-Based Dependability Analysis of Programmable Drug Infusion Pumps. In: Fahrenberg, U., Tripakis, S. (eds) Formal Modeling and Analysis of Timed Systems. FORMATS 2011. Lecture Notes in Computer Science, vol 6919. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24310-3_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-24310-3_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24309-7
Online ISBN: 978-3-642-24310-3
eBook Packages: Computer ScienceComputer Science (R0)