This project is a collaboration under the NSF-FDA Scholar-In-Residence (SIR) program. The objective of this research is to advance regulatory science for next generation composite medical systems that are based on the concept of medical application platforms (MAP). A MAP is a safety- and security-critical real-time computing platform for (a) integrating heterogeneous devices, medical IT systems, and information displays via a communication infrastructure and (b) hosting application programs ("apps") that provide medical utility via the ability to both acquire information from and update/control integrated devices, IT systems, and displays. The intellectual merit of the project lies in constructing and evaluating a prototype framework for developing and certifying MAP apps that follow the Integrated Clinical Environment(ICE) architecture standard. The project will study approaches for rigorous requirements and architecture specifications that will enable ICE apps to safely interoperate with other medical devices and other service within ICE. These concepts will be illustrated using mock ICE apps developed during the project. In consultation with engineers from the Food and Drug Administration (FDA), the project will construct model risk management and regulatory artifacts associated with ICE apps.
The impact of this work centers around helping FDA engineers understand the architectural and safety issues associated with MAPs and identifying best practices that can lead to high assurance of MAP-based medical systems. Additionally, the project will produce concrete app examples that will provide science-based inputs into the design of a new regulatory approach that supports compositional regulation of heterogeneous multi-vendor ICE systems.
Medical devices historically have been monolithic units -- developed, validated, and approved by regulatory authorities as stand-alone entities. Modern medical devices increasingly incorporate connectivity mechanisms that offer the potential to integrate devices via network/middleware technology into larger systems of cooperating devices. Initial integration efforts in industry have focused on streaming device data into electronic health records and integrating information from multiple devices into single customizable displays. However, there are numerous clinical motivations for moving beyond this to consider frameworks that coordinate the actions of groups of cooperating devices to realize "closed loop" scenarios, automate clinical workflows by controlling networked devices as they perform cooperative tasks, and even automatically construct and execute patient treatments. Many challenges exist that are preventing this vision of systems of coordinated medical devices from being realized. To provide a research foundation for addressing these challenges, in this project Kansas State University and University of Pennsylvania researchers have developed an open source Medical Device Coordination Framework (MDCF). The MDCF includes (a) publish-subscribe (pub/sub) middleware for integrating medical devices and EHRs and (b) a model-based development environment that could be used to quickly implement medical device coordination applications (apps) – enabling a "systems of systems" paradigm for medical devices as described above. The MDCF conforms to the ASTM F2761 "Integrated Clinical Environment" (ICE) architecture and was the first open-source implementation of ICE. In this NSF FDA Scholar-in-Residence project, a research associate with Kansas State University worked with FDA engineers to design development methodologies as well as modeling and specification techniques for designing and implementing ICE-enabled medical devices.Patient-controlled analgesic (PCA) pumps, well-known as the source of challenging safety problems, were used in the evaluation of the work. First, previous FDA work on requirements for infusion pumps was expanded and adapted to a mock PCA Pump following a methodology described in the US Federal Aviation Administration's (FAA) Requirements Engineering Management Handbook. Working with this document as a foundation, a specification and verification environment prototype was developed based on the SAE standard Architecture and Analysis Definition Language (AADL). Using AADL, device architectures were designed with precisely defined interfaces. Using the Behavioral Language for Embedded Systems with Software (BLESS), pre/post-conditions and invariants were specified for interfaces, functional behaviors of components were specified, and behaviors were proved to be compliant with interface specifications. Finally, AADL's Error Modeling Annex was used to illustrate how hazard analyses and other risk management activities that are currently carried out in a largely manual fashion in industry practice can be partially automated. For these artifacts, careful attention was paid to establish traceability links back to the original requirements document. Due to the success of the work, the project had a several important broader impacts. Due to this work as well as other NSF CPS funded work on interoperability architectures, co-PI Hatcliff was invited to serve on the UL / AAMI 2800 standards committee for safe interoperability. In this effort, Hatcliff co-leads the Architecture Work Group (one of four 2800 work groups). Several of the artifacts and technical principles developed in this project are being applied in this standards development effort. Finally, the requirements, specification, and verification artifacts described above have been released under an open-source license to benefit the broader community.
