Medical devices with embedded electronics: design and development methodology for start-ups

358 p.El sector de la biotecnología demanda innovación constante para hacer frente a los retos del sector sanitario. Hechos como la reciente pandemia COVID-19, el envejecimiento de la población, el aumento de las tasas de dependencia o la necesidad de promover la asistencia sanitaria personalizada tanto en entorno hospitalario como domiciliario, ponen de manifiesto la necesidad de desarrollar dispositivos médicos de monitorización y diagnostico cada vez más sofisticados, fiables y conectados de forma rápida y eficaz. En este escenario, los sistemas embebidos se han convertido en tecnología clave para el diseño de soluciones innovadoras de bajo coste y de forma rápida. Conscientes de la oportunidad que existe en el sector, cada vez son más las denominadas "biotech start-ups" las que se embarcan en el negocio de los dispositivos médicos. Pese a tener grandes ideas y soluciones técnicas, muchas terminan fracasando por desconocimiento del sector sanitario y de los requisitos regulatorios que se deben cumplir. La gran cantidad de requisitos técnicos y regulatorios hace que sea necesario disponer de una metodología procedimental para ejecutar dichos desarrollos. Por ello, esta tesis define y valida una metodología para el diseño y desarrollo de dispositivos médicos embebidos

Threat Assessment and Risk Analysis (TARA) for Interoperable Medical Devices in the Operating Room Inspired by the Automotive Industry

Prevailing trends in the automotive and medical device industry, such as life cycle overarching configurability, connectivity, and automation, require an adaption of development processes, especially regarding the security and safety thereof. The changing requirements imply that interfaces are more exposed to the outside world, making them more vulnerable to cyberattacks or data leaks. Consequently, not only do development processes need to be revised but also cybersecurity countermeasures and a focus on safety, as well as privacy, have become vital. While vehicles are especially exposed to cybersecurity and safety risks, the medical devices industry faces similar issues. In the automotive industry, proposals and draft regulations exist for security-related risk assessment processes. The medical device industry, which has less experience in these topics and is more heterogeneous, may benefit from drawing inspiration from these efforts. We examined and compared current standards, processes, and methods in both the automotive and medical industries. Based on the requirements regarding safety and security for risk analysis in the medical device industry, we propose the adoption of methods already established in the automotive industry. Furthermore, we present an example based on an interoperable Operating Room table (OR table)

Responsible and Regulatory Conform Machine Learning for Medicine: A Survey of Challenges and Solutions

Machine learning is expected to fuel significant improvements in medical care. To ensure that fundamental principles such as beneficence, respect for human autonomy, prevention of harm, justice, privacy, and transparency are respected, medical machine learning systems must be developed responsibly. Many high-level declarations of ethical principles have been put forth for this purpose, but there is a severe lack of technical guidelines explicating the practical consequences for medical machine learning. Similarly, there is currently considerable uncertainty regarding the exact regulatory requirements placed upon medical machine learning systems. This survey provides an overview of the technical and procedural challenges involved in creating medical machine learning systems responsibly and in conformity with existing regulations, as well as possible solutions to address these challenges. First, a brief review of existing regulations affecting medical machine learning is provided, showing that properties such as safety, robustness, reliability, privacy, security, transparency, explainability, and nondiscrimination are all demanded already by existing law and regulations - albeit, in many cases, to an uncertain degree. Next, the key technical obstacles to achieving these desirable properties are discussed, as well as important techniques to overcome these obstacles in the medical context. We notice that distribution shift, spurious correlations, model underspecification, uncertainty quantification, and data scarcity represent severe challenges in the medical context. Promising solution approaches include the use of large and representative datasets and federated learning as a means to that end, the careful exploitation of domain knowledge, the use of inherently transparent models, comprehensive out-of-distribution model testing and verification, as well as algorithmic impact assessments

Systematic Model-based Design Assurance and Property-based Fault Injection for Safety Critical Digital Systems

With advances in sensing, wireless communications, computing, control, and automation technologies, we are witnessing the rapid uptake of Cyber-Physical Systems across many applications including connected vehicles, healthcare, energy, manufacturing, smart homes etc. Many of these applications are safety-critical in nature and they depend on the correct and safe execution of software and hardware that are intrinsically subject to faults. These faults can be design faults (Software Faults, Specification faults, etc.) or physically occurring faults (hardware failures, Single-event-upsets, etc.). Both types of faults must be addressed during the design and development of these critical systems. Several safety-critical industries have widely adopted Model-Based Engineering paradigms to manage the design assurance processes of these complex CPSs. This thesis studies the application of IEC 61508 compliant model-based design assurance methodology on a representative safety-critical digital architecture targeted for the Nuclear power generation facilities. The study presents detailed experiences and results to demonstrate the benefits of Model testing in finding design flaws and its relevance to subsequent verification steps in the workflow. Additionally, to study the impact of physical faults on the digital architecture we develop a novel property-based fault injection method that overcomes few deficiencies of traditional fault injection methods. The model-based fault injection approach presented here guarantees high efficiency and near-exhaustive input/state/fault space coverage, by utilizing formal model checking principles to identify fault activation conditions and prove the fault tolerance features. The fault injection framework facilitates automated integration of fault saboteurs throughout the model to enable exhaustive fault location coverage in the model

A Harmonized Compositional Assurance Approach for Safety-Critical Systems

Safety-critical systems, those whose failure could end up in loss or injuries to people or the environment, are required to go through laborious and expensive certification processes. These systems have also increased their complexity and as it has already been done in other domains, they have applied component-based system developments to deal with complexity. However, components are difficult to assess as certification is done at system level and not at component level. Compositional certification approach proposes to get incremental credit by accepting that a specific component complies with specific standard’s requirements and it is correctly integrated. The objective is to support integration of new components while the previously integrated components do not need to work for re-acceptance. We propose (1) the use of assurance modelling techniques to provide us the mechanism to understand the common basis of standards shared by different domains such as the avionics, automotive and the medical devices design. We propose (2) an assurance decomposition methodology offering guidance and modelling mechanisms to decompose the responsibilities associated with the life-cycle of safety-critical components. This methodology ensures a hierarchy of assurance and certification projects where the responsibilities and project tasks can be specified and its accomplishment can be assessed to determine the compliance of functional safety standards. Assurance decomposition supports the reuse of components as it guides us not just for standards compliance but specifically on the understanding and tailoring of those standards for component assurance and support when those components are integrated into the final system. We propose (3) a contract-based approach to support the integration of reused components and at the same time, the proposal supports the identification of assumptions, a very laborious and time consuming task. Assurance Contracts are defined to ensure incremental compliance once the components are integrated. The objective of this assurance contracts is to ensure the overall compliance of the system with the selected standards and reference documents such as guidelines or advisory circulars. The defined approach to assurance contracts specification attempts to balance the need for unambiguity on the composition while maintaining the heterogeneity of the information managed. The claims classification offers an easy method to support the assessment of contract completeness and the structured expressions provide a semi-formal language to specify the assumptions and guarantees of a component. This work has been mainly framed in a European collaborative research projects such as OPENCOSS a Large-scale integrating project (IP) with 17 partners from 9 countries to develop a platform for safety assurance and certification of safety-critical systems (compliance with standards, robust argumentation, evidence management, process transparency), SAFEADAPT an FP7 project with 9 partners and RECOMP an ARTEMIS project.. The results of this work have been presented to the standardization group of the Object Management Group responsible for the SACM (Structured Assurance Case Metamodel) standard specification, which currently discusses its inclusion in future versions. The (4) tools presented and used in this work have been included in the results of an open tool platform developed within the OPENCOSS project that is being released in PolarSys. PolarSys is an Eclipse Industry Working Group created by large industry players and by tools providers to collaborate on the creation and support of Open Source tools for the development of embedded systems

From Concept to Market: Surgical Robot Development

Surgical robotics and supporting technologies have really become a prime example of modern applied information technology infiltrating our everyday lives. The development of these systems spans across four decades, and only the last few years brought the market value and saw the rising customer base imagined already by the early developers. This chapter guides through the historical development of the most important systems, and provide references and lessons learnt for current engineers facing similar challenges. A special emphasis is put on system validation, assessment and clearance, as the most commonly cited barrier hindering the wider deployment of a system

State-based Safety of Component-based Medical and Surgical Robot Systems

Safety has not received sufficient attention in the medical robotics community despite a consensus of its paramount importance and the pioneering work in the early 90s. Partly because of its emergent and non-functional characteristics, it is challenging to capture and represent the design of safety features in a consistent, structured manner. In addition, significant engineering efforts are required in practice when designing and developing medical robot systems with safety. Still, academic researchers in medical robotics have to deal with safety to perform clinical studies. This dissertation presents the concept, model and architecture to reformulate safety as a visible, reusable, and verifiable property, rather than an embedded, hard-to-reuse, and hard-to-test property that is tightly coupled with the system. The concept enables reuse and structured understanding of the design of safety features, and the model allows the system designers to explicitly define and capture the run-time status of component-based systems with support for error propagation. The architecture leverages the benefits of the concept and the model by decomposing safety features into reusable mechanisms and configurable specifications. We show the concept and feasibility of the proposed methods by building an open source framework that aims to facilitate research and development of safety systems of medical robots. Using the cisst component-based framework, we empirically evaluate the proposed methods by applying the developed framework to two research systems -- one based on a commercial robot system for orthopedic surgery and another robot soon to be clinically applied for manipulation of flexible endoscopes