A hazard analysis method for systematic identification of safety requirements for user interface software in medical devices

© Springer International Publishing AG (outside the US) 2017. Formal methods technologies have the potential to verify the usability and safety of user interface (UI) software design in medical devices, enabling significant reductions in use errors and consequential safety incidents with such devices. This however depends on comprehensive and verifiable safety requirements to leverage these techniques for detecting and preventing flaws in UI software that can induce use errors. This paper presents a hazard analysis method that extends Leveson’s System Theoretic Process Analysis (STPA) with a comprehensive set of causal factor categories, so as to provide developers with clear guidelines for systematic identification of use-related hazards associated with medical devices, their causes embedded in UI software design, and safety requirements for mitigating such hazards. The method is evaluated with a case study on the Gantry-2 radiation therapy system, which demonstrates that (1) as compared to standard STPA, our method allowed us to identify more UI software design issues likely to cause use-related hazards; and (2) the identified UI software design issues facilitated the definition of precise, verifiable safety requirements for UI software, which could be readily formalized in verification tools such as Prototype Verification System (PVS).- U.S. Food and Drug Administration(NORTE-01-0145-FEDER-000016)Sandy Weininger (FDA), Scott Thiel (Navigant Consulting, Inc.), Michelle Jump (Stryker), Stefania Gnesi (ISTI/CNR) and the CHI+MED team (www.chi-med.ac.uk) provided useful feedback and inputs. Paolo Masci’s work is supported by the North Portugal Regional Operational Programme (NORTE 2020) under the PORTUGAL 2020 Partnership Agreement, and by the European Regional Development Fund (ERDF) within Project “NORTE-01-0145-FEDER-000016”.info:eu-repo/semantics/publishedVersio

Short-Term Immunosuppression Promotes Engraftment of Embryonic and Induced Pluripotent Stem Cells

SummaryEmbryonic stem cells (ESCs) are an attractive source for tissue regeneration and repair therapies because they can be differentiated into virtually any cell type in the adult body. However, for this approach to succeed, the transplanted ESCs must survive long enough to generate a therapeutic benefit. A major obstacle facing the engraftment of ESCs is transplant rejection by the immune system. Here we show that blocking leukocyte costimulatory molecules permits ESC engraftment. We demonstrate the success of this immunosuppressive therapy for mouse ESCs, human ESCs, mouse induced pluripotent stem cells (iPSCs), human induced pluripotent stem cells, and more differentiated ESC/(iPSCs) derivatives. Additionally, we provide evidence describing the mechanism by which inhibition of costimulatory molecules suppresses T cell activation. This report describes a short-term immunosuppressive approach capable of inducing engraftment of transplanted ESCs and iPSCs, providing a significant improvement in our mechanistic understanding of the critical role costimulatory molecules play in leukocyte activation

Cashing in on curiosity and spectacle: The forensic patient and news media

This is an Accepted Manuscript of an article published by Taylor & Francis in Journal of Forensic Psychiatry and Psychology on 24/05/2016, available online: 10.1080/14789949.2016.1187760Health and social care professionals are gatekeepers to, and custodians of, confidential service user information. In the United Kingdom (UK), police investigations have unveiled cases of payments being made to public service officials by journalists in return for service user information. The purpose of this discussion is to investigate such cases in the context of high security forensic care. This paper provides a discussion drawing upon two UK-based case studies of prosecutions of public service workers relating to the sale of confidential information. The analysis presented here illuminates upon the salient and connected issues at work that have led to the transgression of legal obligations and professional responsibilities/principles of confidentiality. A fuller reading of the context in which these transgressions occur, and motivations that exist, may well serve to inform policy, training, guidance or vigilance in relation to the preserving of service user information in the future

RiskStructures : A Design Algebra for Risk-Aware Machines

Machines, such as mobile robots and delivery drones, incorporate controllers responsible for a task while handling risk (e.g. anticipating and mitigating hazards; and preventing and alleviating accidents). We refer to machines with this capability as risk-aware machines. Risk awareness includes robustness and resilience, and complicates monitoring (i.e., introspection, sensing, prediction), decision making, and control. From an engineering perspective, risk awareness adds a range of dependability requirements to system assurance. Such assurance mandates a correct-by-construction approach to controller design, based on mathematical theory. We introduce RiskStructures, an algebraic framework for risk modelling intended to support the design of safety controllers for risk-aware machines. Using the concept of a risk factor as a modelling primitive, this framework provides facilities to construct, examine, and assure these controllers. We prove desirable algebraic properties of these facilities, and demonstrate their applicability by using them to specify key aspects of safety controllers for risk-aware automated driving and collaborative robots

Towards applying a safety analysis and verification method based on STPA to agile software development

This paper presents a novel agile process model "S-Scrum" based on the existing development process "Safe Scrum" and extended by a safety analysis method and a safety verification approach based on STPA (System-Theoretic Process Analysis)

Requirements Engineering

Requirements Engineering (RE) aims to ensure that systems meet the needs of their stakeholders including users, sponsors, and customers. Often consid- ered as one of the earliest activities in software engineering, it has developed into a set of activities that touch almost every step of the software development process. In this chapter, we reflect on how the need for RE was first recognised and how its foundational concepts were developed. We present the seminal papers on four main activities of the RE process, namely (i) elicitation, (ii) modelling & analysis, (iii) as- surance, and (iv) management & evolution. We also discuss some current research challenges in the area, including security requirements engineering as well as RE for mobile and ubiquitous computing. Finally, we identify some open challenges and research gaps that require further exploration