Ensuring Patient Safety in
Wireless Medical Device
Networks
Presented by:
Eric Flickner
Chris Hoffman
Speed vs. Safety
WMDNs provide many alarms and related
clinical data that are life-critical. To
avoid exposing patients to serious
injuries or death, these systems must be
protected from data delays, distortions,
loss, or other erratic delivery problems.
WDN (Wireless Device Network)
 Based upon existing popular IEEE 802.1x
technologies




Wi-Fi (IEEE 802.11a/b/g)
Wi-Max (IEEE 802.11n)
Bluetooth (IEEE 802.15.1)
Zigbee (IEEE 802.15.4)
 Each of these has their own pros/cons in
 Speed, interoperability, security, coexistence,
battery life, and building/object penetration
Business Networks
Simple CSM (Collision Sense Method)
 Random delay intervals to resequence data
Problems
 Unpredictable CSM delay length
 Randomization of message transfers
Both are tolerable in this kind of network
Medical Networks
 Unpredictable CSM delay length
 Ex: delay can exceed max delay allowed in
arrhythmia monitoring applications
 Causes corruption of real-time patient waveforms
leads to misdiagnosis, interfering with therapeutic
interventions
 Randomization of message transfers
 Invalidates intelligent alarm monitoring (IEC/ISO
60601-1-8)
Problems during WMDN Life
Cycle
Delayed or lost WMDN data is the major
problem
Any change or interference can seriously
affect other WMDN during its life cycle
Nonproprietary WMDN verification and
validation (V2) techniques do not exist
Problems during WMDN Life
Cycle
 Absence of industry standards or regulations
 Unconstrained mobility of patients and devices
 Rapid changes in the underlying wireless
network modalities
 No single proprietary V2 strategy can assure
safe and reliable WMDN systems
 Solution: Propose developing a V2 toolkit for
use by clinical and biomedical engineering
departments to ensure safe and reliable
WMDN operation.
Formal Methods
 Definition
 A notation or technique, based on some
mathematical theory, for modeling and analyzing
systems.
 Advantages
 Making sure that it behaves according to
specifications
 Helps developers identify potential problems or
misunderstandings
Petri Nets
 A petri net (a.k.a. place/transition net) is one of
several mathematical representations of
discrete distributed systems.
 Graphically depicts the structure of a
distributed system as a directed bipartite
graph
Petri Nets
 States
 Ready to accept $$ (Ready)
 $$ accepted (Accepted)
 Events
 Insert coin (Coin)
 Soda dispense button (Soda)
 Gum dispense button (Gum)
 Requirements
 Gum costs 1 coin
 Soda costs 2 coins
 Current state indicates Ready
Healthcare Scenario
 For example, suppose a heart alarm goes off
while a large image file is being transmitted
over the same wireless network.
 How will this affect the network’s behavior?
 Will the alarm signal reach the station in time?
 A formal modeling and analysis technique can
answer these questions.
Sample Patient Monitoring System
Sample Patient Monitoring System
10 patients with heart monitors and
pulse oximeters
Heart monitors can generate a low
battery alarm
2 nurses at nurse’s station
Connected via wireless network
Colored Petri Net (CPN)
CPNs trace and control the path and
timing of each token (alarm) in the net
CPN ML is a the programming language
used to edit, model, simulate, and
analyze CPNs
Colored Petri Net (CPN) Model
Red – infrequent heart alarms
Orange – frequent pulse oximetry alarms
Yellow – very infrequent heart monitor
battery alarm
Colored Petri Net (CPN) Model
Colored Petri Net (CPN) Model
Pulse oximetry alarms began to queue
up, exposing a bottleneck in network
CPN allows priority to be given to
individual tokens in a IEEE802.11e-style
QoS technique
Critical heart alarm and battery alarms
given priority over pulse-oximetry alarms
Conclusions
QoS compliant network equipment
necessary for life-critical applications
CPN Tools predict and avoid lifethreatening data delays, insufficient
bandwidth, and inadequate priority
management
Model does not address RF interference