Date post: | 28-Dec-2015 |
Category: |
Documents |
Upload: | gilbert-houston |
View: | 215 times |
Download: | 1 times |
2 /GE /
April 19, 2023
Agenda
•Introduction>Environment, products, regulations
•Safety•Portability
Testing, Q
A
Detailed design,
implem
entation
Requirem
ents
Softw
arearchitecture
Quality attributes
Functionality
© Varvana Myllärniemi, 2006
Post M
arket Analysis
Pre M
arket Analysis
4 /GE /
April 19, 2023
Regulations & Directives
• Regulations and Directives are legal documents> Have the force of law> Intended to ensure products are safe and effective.
• Standards are used to prove compliance to the laws.
• All standards are voluntary but often expected by the market.
• The FDA accepts national and European standards to prove compliance to the Quality System Regulations.
• Most other countries accept European standards as proof of compliance to their regulations.
Need to identify standards that prove compliance
5 /GE /
April 19, 2023
Regulation sources
Governments have product regulations or directives related to the following categories:
• Product Safety (FDA, MLHW, EC, CCC, …)• Information Transmission
– Wireless, Ethernet, Telecom (FCC, IEEE, EC, ...)• Health/Safety/Ergonomic/Human Factors (EHS, OSHA, EC, ...)• Environment/disposal (EPA, EC, …)• Privacy (HIPPA, …)• Trade Agreements and Restrictions (GATT, NAFTA, …)
Need to Identify Regulations that apply to product design
7 /GE /
April 19, 2023
Safety - a measure of the absence of unsafe software conditions. The absence of catastrophic consequences to the environmentBarbacci, Mario; Klein, Mark H.; Longstaff, Thomas H. & Weinstock, Charles
B. Quality Attributes (CMU/SEI-95-TR-021). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 1995.
Safety – Freedom from unacceptable risk.
ISO 14971
8 /GE /
April 19, 2023
Safety in Our Case
•No harm to the patient•No harm to the care givers (nurses, physicians)•No harm to technicians•No harm to by standers•No harm to the environment
9 /GE /
April 19, 2023
Definitions
Harm:Harm: Physical injury or damage to health, property, or the environment.
HazardHazard:: A potential source of harm. (I.e. sharp object, electrical shock, loss of data…etc.)
Hazardous SituationHazardous Situation:: Exposure to multiple hazards and/or time exposure element of hazard
Safety:Safety: Freedom from unacceptable harm
10 /GE /
April 19, 2023
What is Risk Management?
Risk Management is a process to:
• Identify the hazards associated with devices;
• Estimate and evaluate the associated risks;
• Control these risks and monitor the effectiveness of that control throughout the devices life cycle.It is more than a Risk Analysis – It is a process of managing risks
12 /GE /
April 19, 2023
Risk Management Process (ISO 14971)
Risk Analysis• Intended use/purpose• Hazard Identification• Risk estimation
Risk Evaluation• Risk acceptability decisions
Risk Control• Option analysis• Implementation• Residual Risk evaluation• Overall Risk
Acceptance Production data• Validation data• Review of risk management experience
Post-Production data•After release data• Review of risk management experience
Lessons Learned• Feedback for next generation products and upgrades.
RiskAssessment
RiskManagement
14 /GE /
April 19, 2023
Pocc:Probability
of Occurrence
LOH:Likelihood
of Harm
Severity
X X = RISK
PoH:Probability of Harm
X =ISO 14971
Severity
RISK
Typical Risk Equation & Elements
PoH = Pocc x LOHProbability of Harm may be divided into subparts as
shown
Anothermodel
15 /GE /
April 19, 2023
Definitions
Severity :Severity : Magnitude, or degree of physical harm. Defined as High, Medium, Low, None
Probability of occurrence (P occ):Probability of occurrence (P occ):Rate at which the hazard occurs. Defined as High, Medium, Low, Negligible. Maybe be based on random failure, or systematic failure.
Likelihood of harm ( LoH) :Likelihood of harm ( LoH) : Estimation of rate at which physical injury, or damage to health, would actually occur, once the hazard has occurred. Defined as High, Med, Low.
Risk:Risk: Combination of the probability of occurrence of harm, and the severity
16 /GE /
April 19, 2023
Example: Hospital Bed
“A patient rolls out of a hospital bed and hits the floor, the severity of the harm could potentially be high due to head injuries, spine injuries, etc. To decrease the risk, designers must reduce the probability, reduce the severity, or both. Probability of harm could be reduced through the use of protective measures, such as bed rails, to prevent the patient from rolling out of bed. Severity of harm could be reduced by placing soft, thick mats on the floor.”
Regulatory Affairs Focus Magazine December 2004. http://www.raps.org/s_raps/rafocus_article.asp?TRACKID=&CID=61&DID=24509
17 /GE /
April 19, 2023
Pocc:Probability
of Occurrence
LOH:Likelihood
of Harm
Severity
X X = RISK
PoH:Probability of Harm
X =ISO 14971
Severity
RISK
Typical Risk Equation & Elements
PoH = Pocc x LOHProbability of Harm may be divided into subparts as
shown
18 /GE /
April 19, 2023
Severity
•Life-threatening—death could occur•Severe—permanent significant disability•Moderate—transient but significant disability; permanent minor disability•Limited—transient minor disability; annoying complaints•None—no disability or physical complaints anticipated
United States Food and Drug Administration, Office of Regulatory Affairs. Regulatory Procedures Manual, March 2004, Effective 6 May 2004, Chapter 7, Attachment D1, 7.41(a)(4)(2).
19 /GE /
April 19, 2023
Example: NIBP Cuff Inflated
It is possible for non-invasive blood pressure pump to remain inflated for an unintended length of time. It is theoretically possible that this could result in nerve damage, or circulation problems that, in the extreme, could result in loss of limb. However, a search of over 10 years in the ECRI and FDA MDR databases, as well as a review of clinical literature, does not report this extreme result as ever occurring. Therefore, the severity of prolonged inflation of an NBP cuff, in this instance, would be Medium, rather than High
20 /GE /
April 19, 2023
Pocc:Probability
of Occurrence
LOH:Likelihood
of Harm
Severity
X X = RISK
PoH:Probability of Harm
X =ISO 14971
Severity
RISK
Typical Risk Equation & Elements
PoH = Pocc x LOHProbability of Harm may be divided into subparts as
shown
21 /GE /
April 19, 2023
Probability of Occurrence
•Some authors think that probability for software is always 100% – if there is bug, executing it will cause the occurrence 100%•However experience shows that some bugs occur more often than others>Bug in constantly used feature>Bug in feature that is used once a year>Bug that requires several preconditions to be met
22 /GE /
April 19, 2023
Pocc:Probability
of Occurrence
LOH:Likelihood
of Harm
Severity
X X = RISK
PoH:Probability of Harm
X =ISO 14971
Severity
RISK
Typical Risk Equation & Elements
PoH = Pocc x LOHProbability of Harm may be divided into subparts as
shown
23 /GE /
April 19, 2023
Likelihood of Harm
•Estimate realistic clinical possibility•Assume “good clinical practices” - except for common user errors•Evaluate effect of labeling•The rate at which the harm can develop•Detectability
25 /GE /
April 19, 2023
Risk Mitigation Methods
1. Eliminate hazard by design2. Provide safety mechanism3. Warning mechanism4. Labeling or training5. Accept risk (requires justification)6. Change intended use
26 /GE /
April 19, 2023
Example: Frozen Numbers
Failure Mode: Numbers in the screen are frozen
Hazard: Incorrect information presentedHarm: Incorrect diagnosisSome mitigations:1) Update numbers once a second even if
value doesn’t change2) Add watchdog to graphic
library/processor
27 /GE /
April 19, 2023
Example: Alarm
Failure Mode: Speaker is brokenHazard: Alarm sound is missingHarm: Delayed treatmentSome mitigations:1) Alarm is shown also in the message field2) Blinking background behind related
number3) Blinking led
28 /GE /
April 19, 2023
Example: Read Only Memory ErrorFailure Mode: Value changes in permanent memoryHazard: Alarm limit is incorrectHarm: Delayed treatmentMitigations: None since the probability is so low. Years ago when quality of memory was lower, data was duplicated in the memory.
30 /GE /
April 19, 2023
Residual Risk
•Index can be acceptable (Category IV), tolerable (III), undesirable (II), or critical (I)•Index affects how risk is managed> IV is broadly acceptable> III is acceptable if “As low as reasonably possible”
(ALARP)> II & I Require risk benefit analysis
•Risk can’t be automatically be assumed ALARP•Overall residual risk
31 /GE /
April 19, 2023
Other
•Risk Benefit Analysis•Acceptable based on the current values of society>Consensus standards>Established practices – ex. Single fault principle>Comparison with devices in use
•Checklists> Medical Device Directive Annex I, part II (1-14)
> IEC 60601-1-4 Checklist
33 /GE /
April 19, 2023
Portability - the ease with which a system or component can be transferred from one hardware or software environment to another
Institute of Electrical and Electronics Engineers. IEEE Standard Computer Dictionary: A Compilation of IEEE Standard Computer Glossaries. New York, NY: 1990.
34 /GE /
April 19, 2023
Which one is more portable?
Java or C++
It depends - what do you exactly mean with
portability?
35 /GE /
April 19, 2023
Java
•Java language is more strictly defined•Java class libraries•No recompilation needed for new environment•Guaranteed to run (almost) the same way in every environment
•C++ compiler available to most OS’s•C++ available for most processors•Supports every hardware component
C++
36 /GE /
April 19, 2023
Our Needs for Portability
•In embedded SW hardware (components) changes often•Need to support more than one processor family•Need to support several operating systems•Need to support several graphics libraries•Need to scale to 486 75MHz
37 /GE /
April 19, 2023
Hardware Abstraction Layer
MDN
Hardware
Alarms
Common
Communication
Parameter
Patient Data
DefaultDGas DEcg DSpo2 DPMem
ArchivePatient Case
Manager
AlarmEngine
AlarmHandlers
NetworkManager
Gas Comm Gas Param
ModuleComm
Manager
Module StxxProtocol
OS SWToolkitExceptionManager
SettingManagement
Flash DriverNetworkDriver
Clock Sound
UI
Digit Field
Waveform
GraphicsMgr
40 /GE /
April 19, 2023
Cost/Benefits of Portability
•It requires more CPU time – or does it?•It limits your ability to use>COTS>Tools
•Need for embedded knowledge is smaller
41 /GE /
April 19, 2023
Did we Really Need to be Portable?•Every single hardware component has changed•We have products using>Intel 486, Intel Pentium M, ARM,
Power PC>Linux, Windows CE, AMX,
Nucleus, Windows 2000>X-Window, PEG, Win32, GSP,
VGA (frame buffer)
M D N
H ardw are
A larm s
C om m on
C om m unication
Param eter
Patient D ata
D efaultD G as D E cg D S po2 D P M em
A rchiveP atient C ase
M anager
A larmE ngine
A larmH andlers
N etw orkM anager
G as C om m G as P aram
M oduleC om m
M anager
M odule S txxP rotoco l
O S S W Toolk itE xceptionM anager
S ettingM anagem ent
H W Toolk itN etw ork
D riverC lock S ound
U I
D ig it F ie ld
W aveform
G raphicsM gr
42 /GE /
April 19, 2023
Network and parameter API
We have one well defined interface for networking and parameter modules.•3 module communication protocols•2 network protocolsThe API and implementation is used in other products too
M D N
H ardw are
A larm s
C om m on
C om m unication
Param eter
Patient D ata
D efaultD G as D Ecg D Spo2 D PM em
ArchivePatient C ase
M anager
A larmEngine
A larmH andlers
N etw orkM anager
G as C om m G as Param
M oduleC om m
M anager
M odule S txxP rotocol
O S SW ToolkitExceptionM anager
SettingM anagem ent
H W ToolkitN etw ork
D riverC lock Sound
U I
D igit F ie ld
W aveform
G raphicsM gr