[SystemSafety] Operational logging for medical devices

Matthew Squair mattsquair at gmail.com
Tue Nov 27 01:21:19 CET 2018 

Historical note, the full magnitude of the Therac disaster was only really appreciated when the affected hospitals formed a user group to compare notes. There was at the time no clear procedure to feed back trouble or accident  reports to the manufacturer.

Matthew Squair

MIEAust, CPEng
Mob: +61 488770655
Email; Mattsquair at gmail.com
Web: http://criticaluncertainties.com

> On 27 Nov 2018, at 7:14 am, Olwen Morgan <olwen at phaedsys.com> wrote:
> 
> 
> No quibble with that ... but your infusion pump example is one that's a particular hobby-horse of mine.
> My GRS was spread over three operations, the last of which typically has a painful immediate post-op recovery period (owing to ileus). In the hospital, I was put on patient-controlled analgesia delivered by an infusion pump. Staff shortages meant that my intravenous hydration often ran out before a nurse could come and change the drip bag. As a result of that, the veins constricted resulting in back-pressure to the peristaltic infusion pump, so the flow of morphine was reduced.
> 
> When I asked a nurse to check the flow, he pressed a button on the pump, looked at the LCD display and said that the morphine was flowing. Somewhat irately, I told him not to look at the LCD but at a window in the pump body in which a rotating vane physically showed the fluid flow - only to be told that there was no such physical window. After the pain had finally subsided, I asked for somebody from the hospital physics department to come to the ward and told him that IMO that particular model of pump was of deficient design. He admitted that they were, "having a few problems with them".
> 
> They had switched to peristaltic infusers because some patients had physically interfered with syringe driver pumps. While being less vulnerable to tampering, the peristaltic pumps were also much harder to monitor. In the end, after heated arguments about whether the pump was doing its job, I withdrew consent to be treated with that type of pump and nurses gave me oral morphine sulphate from syringes.
> 
> Given such cr at p physical design, I simply do not believe that the logged amount of morphine was consistent with what I actually received, because I was in so much pain. The answer to tampering with syringe drivers is to manufacture them with more robust physical interlocks. When that problem's solved, IMO there's less to go wrong with them than with small peristaltic pumps. Nobody needs an infusion pump with good logging if its physical design exhibits such fundamental dysfunction.
> 
> Olwen
> 
>> On 26/11/2018 16:51, Martyn Thomas wrote:
>> It's not enough to have a log - an investigator needs enough verified
>> system documentation to be able to understand what the log entries
>> really reveal and with what integrity. For example, if an infusion pump
>> logs that a particular dose rate was entered, how sure can an
>> investigator be that this was genuinely the value entered by the user
>> and displayed to the user for checking purposes?
>> 
>> Martyn
>> 
>> On 26/11/2018 13:14, Olwen Morgan wrote:
>>> Aircraft have flight recorders and I've worked on software a neonatal
>>> ventilator that had operational logging. One thing that bothered me is
>>> that the rest of the engineers in the company often said of the
>>> logging that it was not safety-critical and therefore didn't need to
>>> be developed as strictly as the bits that controlled the air flow to
>>> the patient.
>>> 
>>> With modern solid-state storage devices, it is straightforward to
>>> write an operational log to non-volatile storage but AFAI can see
>>> (possibly wrongly, please correct me if so) the medical device
>>> regulators seem to look at it only in cases where it is deemed
>>> essential. Given that the marginal cost of adding such logging is
>>> quite low, I'm inclined to think that there should be a general
>>> presumption that logging is required unless it is proven not to be
>>> needed.
>>> 
>>> Any views? 
>> 
>> 
>> _______________________________________________
>> The System Safety Mailing List
>> systemsafety at TechFak.Uni-Bielefeld.DE
>> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20181127/be58de5c/attachment.html>

More information about the systemsafety mailing list