Medical device systems are a prime example of cyber-physical systems, featuring complex and close interaction of sophisticated treatment algorithms with the physical aspects of the system, and especially the patient whose safety is of the utmost concern. As such systems become increasingly complex, interconnected, and interoperating, the major challenge is how to ensure and improve the safety, security, and reliability of medical device cyber-physical systems.

A report by NCO/NITRD on High-Confidence Medical Devices concludes the need for rationally designed high-confidence medical device cyber-physical systems for 21st century health care. In particular, the rapidly increasing use of software to control and interconnect medical devices makes the development and production of medical device software and systems a crucial issue, both for the U.S. economy and to ensure safe advances in health care delivery. This finding is in line with the conclusion of the report by the U.S. National Academy of Science on software for dependable systems that new techniques and methods are needed to build future software systems that meet dependability requirements for safety-critical systems.

The following four observations motivate the project:

  1. there is a frequent need in clinical practice to assemble existing medical devices into new system configurations to match the need of patients with special circumstances--something not possible with today's stand alone devices,
  2. the introduction of network interfaces in medical devices and advances in medical device interoperability are likely to make it possible in the near future,
  3. there is a need to "close the loop" and enable feedback about the condition of the patient to the devices delivering therapy, and
  4. there is no procedure to reason about safety of these dynamically created systems. Based on these observations, we propose a new development paradigm that enables the effective design and implementation of medical device cyber-physical systems (MDCPS) while at the improving patient safety.

The central concept of the paradigm is the clinical scenario, a formal description of the architecture of the medical devices, interconnections, and personnel needed to execute the scenario as well as a description of the scenario workflow. To enable composition, evaluation, and assurance of safe and effective operation of a new clinical scenario, we aim to address the following fundamental challenges:

Foundations for MDCPS development. Foundational challenges include (1) Distributed control and sensing in networked medical device systems for physiological closed-loop treatment; (2) Patient modeling; (3) Modeling of caregiver mental models, and (4) Modeling of operational procedures for medical device systems.

High-confidence MDCPS software development. To enable safe and effective composition based on clinical scenarios, the individual devices must be trusted; we will enable our high confidence device development by integrating formal model-based and component-based development.

MDCPS validation and certification. We will study collection of evidence for system safety arguments from all phases of the system development, including novel verification and validation techniques, as well as from extensive evaluation of our case studies in a clinical setting. We will also study quantification of trust in the collected evidence, and construction of assurance cases based on probabilistic reasoning.

Education of the next generation MDCPS engineers. Through a novel curriculum based around systems thinking and aggressive outreach and recruiting efforts, we aim to lay the foundation for the next generation of MDCPS engineers.

We have assembled a highly qualified, multidisciplinary, multi-institutional team with deep and complementary expertise from CIMIT/MGH, University of Pennsylvania Health System, University of Minnesota, and University of Pennsylvania.

We expect the project to have significant impact on the society at large. Novel design methods and certification techniques will significantly improve patient safety. The introduction of closed-loop scenarios in the clinical practice will reduce the burden that caregivers are currently facing and has the potential of reducing the overall costs of health care. Last but not least, our educational efforts and outreach activities will increase awareness of careers in the MDCPS area and help attract women and under-represented minorities to the field.

The project is supported by the NSF CPS program under the grant CNS-1035715. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the project team and do not necessarily reflect the views of the National Science Foundation.