Ensuring Patient Safety in Wireless Medical Device Networks Presented by: Eric Flickner Chris Hoffman Speed vs. Safety WMDNs provide many alarms and related clinical data that are life-critical. To avoid exposing patients to serious injuries or death, these systems must be protected from data delays, distortions, loss, or other erratic delivery problems. WDN (Wireless Device Network) Based upon existing popular IEEE 802.1x technologies Wi-Fi (IEEE 802.11a/b/g) Wi-Max (IEEE 802.11n) Bluetooth (IEEE 802.15.1) Zigbee (IEEE 802.15.4) Each of these has their own pros/cons in Speed, interoperability, security, coexistence, battery life, and building/object penetration Business Networks Simple CSM (Collision Sense Method) Random delay intervals to resequence data Problems Unpredictable CSM delay length Randomization of message transfers Both are tolerable in this kind of network Medical Networks Unpredictable CSM delay length Ex: delay can exceed max delay allowed in arrhythmia monitoring applications Causes corruption of real-time patient waveforms leads to misdiagnosis, interfering with therapeutic interventions Randomization of message transfers Invalidates intelligent alarm monitoring (IEC/ISO 60601-1-8) Problems during WMDN Life Cycle Delayed or lost WMDN data is the major problem Any change or interference can seriously affect other WMDN during its life cycle Nonproprietary WMDN verification and validation (V2) techniques do not exist Problems during WMDN Life Cycle Absence of industry standards or regulations Unconstrained mobility of patients and devices Rapid changes in the underlying wireless network modalities No single proprietary V2 strategy can assure safe and reliable WMDN systems Solution: Propose developing a V2 toolkit for use by clinical and biomedical engineering departments to ensure safe and reliable WMDN operation. Formal Methods Definition A notation or technique, based on some mathematical theory, for modeling and analyzing systems. Advantages Making sure that it behaves according to specifications Helps developers identify potential problems or misunderstandings Petri Nets A petri net (a.k.a. place/transition net) is one of several mathematical representations of discrete distributed systems. Graphically depicts the structure of a distributed system as a directed bipartite graph Petri Nets States Ready to accept $$ (Ready) $$ accepted (Accepted) Events Insert coin (Coin) Soda dispense button (Soda) Gum dispense button (Gum) Requirements Gum costs 1 coin Soda costs 2 coins Current state indicates Ready Healthcare Scenario For example, suppose a heart alarm goes off while a large image file is being transmitted over the same wireless network. How will this affect the network’s behavior? Will the alarm signal reach the station in time? A formal modeling and analysis technique can answer these questions. Sample Patient Monitoring System Sample Patient Monitoring System 10 patients with heart monitors and pulse oximeters Heart monitors can generate a low battery alarm 2 nurses at nurse’s station Connected via wireless network Colored Petri Net (CPN) CPNs trace and control the path and timing of each token (alarm) in the net CPN ML is a the programming language used to edit, model, simulate, and analyze CPNs Colored Petri Net (CPN) Model Red – infrequent heart alarms Orange – frequent pulse oximetry alarms Yellow – very infrequent heart monitor battery alarm Colored Petri Net (CPN) Model Colored Petri Net (CPN) Model Pulse oximetry alarms began to queue up, exposing a bottleneck in network CPN allows priority to be given to individual tokens in a IEEE802.11e-style QoS technique Critical heart alarm and battery alarms given priority over pulse-oximetry alarms Conclusions QoS compliant network equipment necessary for life-critical applications CPN Tools predict and avoid lifethreatening data delays, insufficient bandwidth, and inadequate priority management Model does not address RF interference