28 research outputs found
Data-driven resiliency assessment of medical cyber-physical systems
Advances in computing, networking, and sensing technologies have resulted in the ubiquitous deployment of medical cyber-physical systems in various clinical and personalized settings. The increasing complexity and connectivity of such systems, the tight coupling between their cyber and physical components, and the inevitable involvement of human operators in supervision and control have introduced major challenges in ensuring system reliability, safety, and security.
This dissertation takes a data-driven approach to resiliency assessment of medical cyber-physical systems. Driven by large-scale studies of real safety incidents involving medical devices, we develop techniques and tools for (i) deeper understanding of incident causes and measurement of their impacts, (ii) validation of system safety mechanisms in the presence of realistic hazard scenarios, and (iii) preemptive real-time detection of safety hazards to mitigate adverse impacts on patients.
We present a framework for automated analysis of structured and unstructured data from public FDA databases on medical device recalls and adverse events. This framework allows characterization of the safety issues originated from computer failures in terms of fault classes, failure modes, and recovery actions. We develop an approach for constructing ontology models that enable automated extraction of safety-related features from unstructured text. The proposed ontology model is defined based on device-specific human-in-the-loop control structures in order to facilitate the systems-theoretic causality analysis of adverse events. Our large-scale analysis of FDA data shows that medical devices are often recalled because of failure to identify all potential safety hazards, use of safety mechanisms that have not been rigorously validated, and limited capability in real-time detection and automated mitigation of hazards.
To address those problems, we develop a safety hazard injection framework for experimental validation of safety mechanisms in the presence of accidental failures and malicious attacks. To reduce the test space for safety validation, this framework uses systems-theoretic accident causality models in order to identify the critical locations within the system to target software fault injection.
For mitigation of safety hazards at run time, we present a model-based analysis framework that estimates the consequences of control commands sent from the software to the physical system through real-time computation of the system’s dynamics, and preemptively detects if a command is unsafe before its adverse consequences manifest in the physical system.
The proposed techniques are evaluated on a real-world cyber-physical system for robot-assisted minimally invasive surgery and are shown to be more effective than existing methods in identifying system vulnerabilities and deficiencies in safety mechanisms as well as in preemptive detection of safety hazards caused by malicious attacks
Robotic Scene Segmentation with Memory Network for Runtime Surgical Context Inference
Surgical context inference has recently garnered significant attention in
robot-assisted surgery as it can facilitate workflow analysis, skill
assessment, and error detection. However, runtime context inference is
challenging since it requires timely and accurate detection of the interactions
among the tools and objects in the surgical scene based on the segmentation of
video data. On the other hand, existing state-of-the-art video segmentation
methods are often biased against infrequent classes and fail to provide
temporal consistency for segmented masks. This can negatively impact the
context inference and accurate detection of critical states. In this study, we
propose a solution to these challenges using a Space Time Correspondence
Network (STCN). STCN is a memory network that performs binary segmentation and
minimizes the effects of class imbalance. The use of a memory bank in STCN
allows for the utilization of past image and segmentation information, thereby
ensuring consistency of the masks. Our experiments using the publicly available
JIGSAWS dataset demonstrate that STCN achieves superior segmentation
performance for objects that are difficult to segment, such as needle and
thread, and improves context inference compared to the state-of-the-art. We
also demonstrate that segmentation and context inference can be performed at
runtime without compromising performance.Comment: accepted at The IEEE/RSJ International Conference on Intelligent
Robots and Systems (IROS) 202
Towards Interpretable Motion-level Skill Assessment in Robotic Surgery
Purpose: We study the relationship between surgical gestures and motion
primitives in dry-lab surgical exercises towards a deeper understanding of
surgical activity at fine-grained levels and interpretable feedback in skill
assessment.
Methods: We analyze the motion primitive sequences of gestures in the JIGSAWS
dataset and identify inverse motion primitives in those sequences. Inverse
motion primitives are defined as sequential actions on the same object by the
same tool that effectively negate each other. We also examine the correlation
between surgical skills (measured by GRS scores) and the number and total
durations of inverse motion primitives in the dry-lab trials of Suturing,
Needle Passing, and Knot Tying tasks.
Results: We find that the sequence of motion primitives used to perform
gestures can help detect labeling errors in surgical gestures. Inverse motion
primitives are often used as recovery actions to correct the position or
orientation of objects or may be indicative of other issues such as with depth
perception. The number and total durations of inverse motion primitives in
trials are also strongly correlated with lower GRS scores in the Suturing and
Knot Tying tasks.
Conclusion: The sequence and pattern of motion primitives could be used to
provide interpretable feedback in surgical skill assessment. Combined with an
action recognition model, the explainability of automated skill assessment can
be improved by showing video clips of the inverse motion primitives of
inefficient or problematic movements.Comment: 16 pages, 5 figures, 7 table
Design and Validation of an Open-Source Closed-Loop Testbed for Artificial Pancreas Systems
The development of a fully autonomous artificial pancreas system (APS) to
independently regulate the glucose levels of a patient with Type 1 diabetes has
been a long-standing goal of diabetes research. A significant barrier to
progress is the difficulty of testing new control algorithms and safety
features, since clinical trials are time- and resource-intensive. To facilitate
ease of validation, we propose an open-source APS testbed by integrating APS
controllers with two state-of-the-art glucose simulators and a novel fault
injection engine. The testbed is able to reproduce the blood glucose
trajectories of real patients from a clinical trial conducted over six months.
We evaluate the performance of two closed-loop control algorithms (OpenAPS and
Basal Bolus) using the testbed and find that more advanced control algorithms
are able to keep blood glucose in a safe region 93.49% and 79.46% of the time
on average, compared with 66.18% of the time for the clinical trial. The fault
injection engine simulates the real recalls and adverse events reported to the
U.S. Food and Drug Administration (FDA) and demonstrates the resilience of the
controller in hazardous conditions. We used the testbed to generate 2.5 years
of synthetic data representing 20 different patient profiles with realistic
adverse event scenarios, which would have been expensive and risky to collect
in a clinical trial. The proposed testbed is a valid tool that can be used by
the research community to demonstrate the effectiveness of different control
algorithms and safety features for APS.Comment: 12 pages, 12 figures, to appear in the IEEE/ACM International
Conference on Connected Health: Applications, Systems and Engineering
Technologies (CHASE), 202
Evaluating the Task Generalization of Temporal Convolutional Networks for Surgical Gesture and Motion Recognition using Kinematic Data
Fine-grained activity recognition enables explainable analysis of procedures
for skill assessment, autonomy, and error detection in robot-assisted surgery.
However, existing recognition models suffer from the limited availability of
annotated datasets with both kinematic and video data and an inability to
generalize to unseen subjects and tasks. Kinematic data from the surgical robot
is particularly critical for safety monitoring and autonomy, as it is
unaffected by common camera issues such as occlusions and lens contamination.
We leverage an aggregated dataset of six dry-lab surgical tasks from a total of
28 subjects to train activity recognition models at the gesture and motion
primitive (MP) levels and for separate robotic arms using only kinematic data.
The models are evaluated using the LOUO (Leave-One-User-Out) and our proposed
LOTO (Leave-One-Task-Out) cross validation methods to assess their ability to
generalize to unseen users and tasks respectively. Gesture recognition models
achieve higher accuracies and edit scores than MP recognition models. But,
using MPs enables the training of models that can generalize better to unseen
tasks. Also, higher MP recognition accuracy can be achieved by training
separate models for the left and right robot arms. For task-generalization, MP
recognition models perform best if trained on similar tasks and/or tasks from
the same dataset.Comment: 8 pages, 4 figures, 6 tables. To be published in IEEE Robotics and
Automation Letters (RA-L
KnowSafe: Combined Knowledge and Data Driven Hazard Mitigation in Artificial Pancreas Systems
Significant progress has been made in anomaly detection and run-time
monitoring to improve the safety and security of cyber-physical systems (CPS).
However, less attention has been paid to hazard mitigation. This paper proposes
a combined knowledge and data driven approach, KnowSafe, for the design of
safety engines that can predict and mitigate safety hazards resulting from
safety-critical malicious attacks or accidental faults targeting a CPS
controller. We integrate domain-specific knowledge of safety constraints and
context-specific mitigation actions with machine learning (ML) techniques to
estimate system trajectories in the far and near future, infer potential
hazards, and generate optimal corrective actions to keep the system safe.
Experimental evaluation on two realistic closed-loop testbeds for artificial
pancreas systems (APS) and a real-world clinical trial dataset for diabetes
treatment demonstrates that KnowSafe outperforms the state-of-the-art by
achieving higher accuracy in predicting system state trajectories and potential
hazards, a low false positive rate, and no false negatives. It also maintains
the safe operation of the simulated APS despite faults or attacks without
introducing any new hazards, with a hazard mitigation success rate of 92.8%,
which is at least 76% higher than solely rule-based (50.9%) and data-driven
(52.7%) methods.Comment: 16 pages, 10 figures, 9 tables, submitted to the IEEE for possible
publicatio
COMPASS: A Formal Framework and Aggregate Dataset for Generalized Surgical Procedure Modeling
Purpose: We propose a formal framework for the modeling and segmentation of
minimally-invasive surgical tasks using a unified set of motion primitives
(MPs) to enable more objective labeling and the aggregation of different
datasets.
Methods: We model dry-lab surgical tasks as finite state machines,
representing how the execution of MPs as the basic surgical actions results in
the change of surgical context, which characterizes the physical interactions
among tools and objects in the surgical environment. We develop methods for
labeling surgical context based on video data and for automatic translation of
context to MP labels. We then use our framework to create the COntext and
Motion Primitive Aggregate Surgical Set (COMPASS), including six dry-lab
surgical tasks from three publicly-available datasets (JIGSAWS, DESK, and
ROSMA), with kinematic and video data and context and MP labels.
Results: Our context labeling method achieves near-perfect agreement between
consensus labels from crowd-sourcing and expert surgeons. Segmentation of tasks
to MPs results in the creation of the COMPASS dataset that nearly triples the
amount of data for modeling and analysis and enables the generation of separate
transcripts for the left and right tools.
Conclusion: The proposed framework results in high quality labeling of
surgical data based on context and fine-grained MPs. Modeling surgical tasks
with MPs enables the aggregation of different datasets and the separate
analysis of left and right hands for bimanual coordination assessment. Our
formal framework and aggregate dataset can support the development of
explainable and multi-granularity models for improved surgical process
analysis, skill assessment, error detection, and autonomy.Comment: 22 pages, 6 figures, 12 table
Adverse Events in Robotic Surgery: A Retrospective Study of 14 Years of FDA Data
Understanding the causes and patient impacts of surgical adverse events will
help improve systems and operational practices to avoid incidents in the
future. We analyzed the adverse events data related to robotic systems and
instruments used in minimally invasive surgery, reported to the U.S. FDA MAUDE
database from January 2000 to December 2013. We determined the number of events
reported per procedure and per surgical specialty, the most common types of
device malfunctions and their impact on patients, and the causes for
catastrophic events such as major complications, patient injuries, and deaths.
During the study period, 144 deaths (1.4% of the 10,624 reports), 1,391 patient
injuries (13.1%), and 8,061 device malfunctions (75.9%) were reported. The
numbers of injury and death events per procedure have stayed relatively
constant since 2007 (mean = 83.4, 95% CI, 74.2-92.7). Surgical specialties, for
which robots are extensively used, such as gynecology and urology, had lower
number of injuries, deaths, and conversions per procedure than more complex
surgeries, such as cardiothoracic and head and neck (106.3 vs. 232.9, Risk
Ratio = 2.2, 95% CI, 1.9-2.6). Device and instrument malfunctions, such as
falling of burnt/broken pieces of instruments into the patient (14.7%),
electrical arcing of instruments (10.5%), unintended operation of instruments
(8.6%), system errors (5%), and video/imaging problems (2.6%), constituted a
major part of the reports. Device malfunctions impacted patients in terms of
injuries or procedure interruptions. In 1,104 (10.4%) of the events, the
procedure was interrupted to restart the system (3.1%), to convert the
procedure to non-robotic techniques (7.3%), or to reschedule it to a later time
(2.5%). Adoption of advanced techniques in design and operation of robotic
surgical systems may reduce these preventable incidents in the future.Comment: Presented as the J. Maxwell Chamberlain Memorial Paper for adult
cardiac surgery at the 50th Annual Meeting of the Society of Thoracic
Surgeons in January. See Appendix for more detailed results, discussions, and
related work. Updated the header