Assurance Cases for Model-based Development of Medical Devices. Anaheed Ayoub, BaekGyu Kim, Insup Lee, Oleg Sokolsky. Outline

Similar documents
Tim Kelly. High Integrity Systems Engineering Group Department of Computer Science

Physiological Closed-loop Controllers for MDCPS

Reasoning About Confidence and Uncertainty in Assurance Cases: A Survey

CSC2130: Empirical Research Methods for Software Engineering

Considerations for requiring subjects to provide a response to electronic patient-reported outcome instruments

Using Real-World Data/Evidence in Regulatory Decision Making

Physiological Closed-loop Controllers for MDCPS

Global Harmonization Task Force SG3 Comments and Recommendations ISO/DIS 9001: 2000 and ISO/DIS 9000: 2000 And Revision of ISO and 13488

NANDTB-F012 Rev 0 Audit Checklist

Assurance Case Research: Themes and Directions

DRAFT. full paper published in: Lecture Notes in Computer Science, Volume 5219, Berlin/Heidelberg, 2008, pp

C/S/E/L :2008. On Analytical Rigor A Study of How Professional Intelligence Analysts Assess Rigor. innovations at the intersection of people,

PROPOSED WORK PROGRAMME FOR THE CLEARING-HOUSE MECHANISM IN SUPPORT OF THE STRATEGIC PLAN FOR BIODIVERSITY Note by the Executive Secretary

Sterility Assurance and Risk Management: A CDER Microbiologist s Perspective

Validity Arguments for Alternate Assessment Systems

Mapping from SORT to GRADE. Brian S. Alper, MD, MSPH, FAAFP Editor-in-Chief, DynaMed October 31, 2013

High-Confidence Medical Device Software Development

Aer ODE B3-20. Database System for GEX B3 Dosimetry. Aérial. Optical Dosimetry Equipment. (gamma and/or electron beam versions)

510(k) submissions. Getting US FDA clearance for your device: Improving

Using Data from Electronic HIV Case Management Systems to Improve HIV Services in Central Asia

FDA 510(k) 101 The Basics

Assurance Activities Ensuring Triumph, Avoiding Tragedy Tony Boswell

Your submission states that the adjusted indirect comparison methodology was based largely on the publication by Glenny et al

Frequently Asked Questions (FAQ) March 2013

Use of Standards in Substantial Equivalence Determinations

July 7, Dockets Management Branch (HFA-305) Food and Drug Administration 5630 Fishers Lane, Rm Rockville, MD 20852

Selecting a research method

A Framework for Conceptualizing, Representing, and Analyzing Distributed Interaction. Dan Suthers

FSIS DIRECTIVE

Defect Removal. RIT Software Engineering

ALL DIPLOMATE SURVEY. Refining New Models for MOC Assessment

a practical guide ISO 13485:2016 Medical devices Advice from ISO/TC 210

Division of Community Health Partnership Evaluation Survey

Insulin Pump Software Certification

Towards an Assurance Case Practice for Medical Devices

Preparing a US FDA Medical Device 510(K) Submission

Downloaded from:

Redesigning the Process for Establishing the Dietary Guidelines for Americans

A proposed bridging approach for the assessment of novel tobacco products

Models of Information Retrieval

Focus on Patient & Product Quality as the foundation for Data Integrity

Study Endpoint Considerations: Final PRO Guidance and Beyond

Introduction. 1.1 Facets of Measurement

INTRODUCTION. Evidence standards for justifiable evidence claims, June 2016

Toward Plug and Play Medical Cyber-Physical Systems (Part 2)

Outline. TDD = Too Dumb Developers? Implications of Test-Driven Development on maintainability and comprehension of software

Hand Therapy Certification and the CHT Examination

Confirmation 4 Reasoning by Analogy; Nicod s Condition

ST440/550: Applied Bayesian Statistics. (10) Frequentist Properties of Bayesian Methods

E11(R1) Addendum to E11: Clinical Investigation of Medicinal Products in the Pediatric Population Step4

LEAF Marque Assurance Programme

College of American Pathologists

Medical Cyber-Physical Systems

Stepwise Formal Modelling and Reasoning of Insulin Infusion Pump Requirements

Using Recall Data to Assess the 510(k) Process

Essential Skills for Evidence-based Practice Understanding and Using Systematic Reviews

Checklist for Text and Opinion. The Joanna Briggs Institute Critical Appraisal tools for use in JBI Systematic Reviews

Compilation of food composition datasets- an analysis of user needs through the Use Case. Approach.

Critical appraisal: Systematic Review & Meta-analysis

Inventory Research agenda setting

Hypothesis-Driven Research

Development of Capability Driven Development Methodology: Experiences and Recommendations

How To Document Length of Time Homeless in WISP

From recruiting to data collection, the impact of connected digital health in clinical trials. Practical Example : The VERKKO study

15 May 2017 Exposure Draft. Response Due Date 23 June Exposure Draft

Advancing Use of Patient Preference Information as Scientific Evidence in Medical Product Evaluation Day 2

Unifying Data-Directed and Goal-Directed Control: An Example and Experiments

Semantic Alignment between ICD-11 and SNOMED-CT. By Marcie Wright RHIA, CHDA, CCS

Relationships Between the High Impact Indicators and Other Indicators

Automatic Fault Tree Derivation from Little-JIL Process Definitions

Insight Assessment Measuring Thinking Worldwide

Framework for Comparative Research on Relational Information Displays

Comments of the Patient, Consumer, and Public Health Coalition. Strengthening the Center for Devices and Radiological Health s 510(k) Review Process

Implementation Guide for the DoseControl Dosimetry System

Classification & Clinical Evidence under the IVDR

The extended timeframe associated with being listed on the CCSL;

Audio: In this lecture we are going to address psychology as a science. Slide #2

Ethical Conduct for Research Involving Humans

Clinical Experience 2

Advocacy Framework. St. Michael s Hospital Academic Family Health Team

Future of Diabetes Research in Europe JDRF Perspective

37 th ANNUAL JP MORGAN HEALTHCARE CONFERENCE

Sterilization of health care products Radiation. Part 3: Guidance on dosimetric aspects of development, validation and routine control

Advanced in vitro exposure systems VITROCELL VC 1 SMOKING MACHINE

Using and Referencing ISO and IEC Standards for Technical Regulation

Checklist for Randomized Controlled Trials. The Joanna Briggs Institute Critical Appraisal tools for use in JBI Systematic Reviews

Establishing LCA in the Healthcare Sector

What Counts as Credible Evidence in Evaluation Practice?

Advanced in vitro exposure systems

Lessons Learned about Mixed Methods Research Strategies in Systems Engineering: Evidence from PhD Dissertations

Deliberating on Ontologies: The Present Situation. Simon Milton Department of Information Systems, The University of Melbourne

Structural assessment of heritage buildings

Combining Archetypes with Fast Health Interoperability Resources in Future-proof Health Information Systems

SCIENTIFIC RESEARCH TECHNOLOGY QUALITY RELIABILITY FOR YOUR PATIENTS, WITHIN EVERYONE S REACH.

ERA: Architectures for Inference

Foundations of AI. 10. Knowledge Representation: Modeling with Logic. Concepts, Actions, Time, & All the Rest

Making Connections: Early Detection Hearing and Intervention through the Medical Home Model Podcast Series

Lakshy Management Consultant Pvt. Ltd.

Avaya G450 Branch Gateway, Release 7.1 Voluntary Product Accessibility Template (VPAT)

Progress from the Patient-Centered Outcomes Research Institute (PCORI)

Transcription:

Assurance Cases for Model-based Development of Medical Devices Anaheed Ayoub, BaekGyu Kim, Insup Lee, Oleg Sokolsky Outline Introduction State of the art in regulatory activities Evidence-based certification Research goals Case study Learn by doing Methodology Generalize lessons from the case study 1

State of the Art Regulatory approval with respect to a set of safety standards E.g., ISO 9001 (quality management) and ISO 14971 (risk management) Assurance in terms of process Evidence in the form of Process checklists Variety of artifacts for regulators to look at Concerns about State of the Art Does not directly evaluate product Good process is necessary but not sufficient Evidence-based certification is the vision Perceived high cost Some regulation might be overkill Much activity not directly related to development Tight process standards hinder innovation Conservative designs due to regulatory risk (?) Slow adoption of new development practices Growing system complexity threatens to overwhelm existing processes 4 2

Challenges of novelty Evidence-based certification To gain adoption, we need to understand what works and what does not How do we organize and evaluate evidence Model-driven development (MDD) Detects problems early Enables generative techniques New regulatory challenges: Abstractions and assumptions new validation needs Increased reliance on tools Claim, Evidence, and Argument Explicit Claims State explicitly what properties (safety, security, reliability, performance, etc.) the system must possess and under which assumptions Supporting Evidence Results of observing, analysing, testing, simulating and estimating the properties of a system that provide the fundamental information from which safety can be inferred High Level Arguments Explanation of how the available evidence can be reasonably interpreted as indicating acceptable dependability Argument without Evidence is unfounded Evidence without Argument is unexplained - Tim Kelly, 2008 6 3

Assurance Cases To construct an assurance case we need to: make an explicit set of claims about the system produce the supporting evidence provide a set of arguments that link the claims to the evidence make clear the assumptions and judgments underlying the arguments Safety case is a special kind: Claims are limited to safety 7 Context Sub-Goal Evidence Goal Strategy Sub-Goal Evidence Potential Pitfalls A poorly constructed assurance case gives false confidence Manufacturers lack experience in creating ones A poorly evaluated assurance case lets errors slip "Spagetti argument" is hard to evaluate How to avoid pitfalls? Keep the argument simple Reuse successful arguments 4

Keeping It Simple Separate safety argument from confidence argument Safety argument Reasoning about safety of the device E.g.: formal verification + code generation implies requirement satisfaction Confidence argument Reasoning about confidence in the safety argument, assumptions, evidence E.g.: Tools are trustworthy and were appropriately applied Assurance Case Patterns Extended notation to represent patterns Each pattern needs to be appropriately documented Indicates possible alternatives 5

Research Goals Determine appropriate patterns for assurance cases Incorporate guarantees of formal methods and code generation into the argument Develop techniques for identifying gaps in the argument Aim to create a methodology that system developers can follow to create good assurance cases Case Study: Infusion Pump Deceptively simple 2005 2009: 56, 000 adverse event reports; 87 recalls 1% deaths, 34% serious injuries Case study goals Show how to do it right Develop good requirements Apply rigorous development Explore assurance case construction Provide guidance to manufacturers 6

GPCA reference implementation FDA initiated GPCA Safety Requirements GPCA Model (Simulink/ Stateflow) Develop a GPCA reference implementation Provide evidence that the implementation satisfies the safety requirements Safety argument Confidence cases Safety Requirements Formal Modeling & Verification Automated Implementation Testing GPCA Reference Implementation GPCA Model Model-Based Development of GPCA Reference Implementation 13 Model-based GPCA Implementation Test sequences GPCA Safety Requirements GPCA Model (Simulink/Stateflow) Test sequences Manual translation Manual translation UPPAAL Queries UPPAAL Model External Channels Clock Source Formal Verification Code-Synthesis (TIMES tool) Manual Implementation Verification Result (Yes/No) Platform-Independent Code (C code) Glue Code Model Trace Code-Interfacing Compilation Validation Result Validation Implementation Trace Executable Image of the target platform [Kim et al, EMSOFT 2011] 7

Formalization of the GPCA model The GPCA State Controller Rigorous translation procedure ensures full traceability The PCA Safety Argument 8

The PCA Safety Argument The PCA Safety Argument 9

Beyond the Case Study Reusing the argument Safety case pattern for model-based development Capture the assurance of formal verification and generative development techniques Evaluating the safety argument Where are the gaps? The PCA Safety Case Safety Pattern 10

The PCA Safety Case Safety Pattern Confidence Case Construction We need a mechanism to Systematically construct confidence arguments Identify safety gaps (assurance deficits) Generalize experience from GPCA case study Identify common characteristics of concepts that require confidence argument Summarize relationship between the concepts in a map We target trustworthiness; appropriateness is similar 11

Common Characteristics Map The common characteristics map Map Instantiation The Safety Argument Context or Evidence Given a GSN element, pick the corresponding map node Unroll the map Find affected GSN elements, repeat AND Instantiate the common characteristics map 12

Instantiated Map 25 Generate Confidence Case Near-isomorphic structure 13

Identify safety gaps Look for branches that do not end with evidence nodes 27 In order for assurance cases to work in practice, we need to Determine effective ways to construct them Systematically tie in all the relevant evidence (and no other) Case studies are useful: A way to gain experience A source of examples for the community Generalization of experience is the next step Under way Conclusions 28 14

Outreach / Technology Transfer Collaboration with FDA Frequent visits to compare visions and coordinate plans Guidance for manufacturers GPCA case study All artifacts will be freely available to the community, including safety case Some GPCA aspects are already used by manufacturers in preparing 510(k) submissions 15

2024 © healthdocbox.com Privacy Policy | Terms of Service | Feedback