Written by Kate Stewart and Jason Smith, ELISA Project Medical Devices Working Group Members
The ELISA Project has several working groups with different focuses including Automotive, Linux Features for Safety-Critical Systems, Medical Devices, Open Source Engineering Process, Safety Architecture and Tool Investigation and Code Improvement. The Medical Devices Working Group consists of experts in Linux, medical, and functional safety applications that work together on activities and deliverables intended to help the safe development of medical devices that include Linux-based software. These activities include, but are not limited to, white papers describing best practices and safety requirements for medical devices using operating systems such as Linux, and conducting safety analyses of open source medical device projects that use Linux such as OpenAPS.
The safety of medical devices is very important, and can be influenced to a great extent by any software that is contained in the medical device. Failure of software in a medical device can unfortunately cause harm to persons or worse, as demonstrated in the incidents involving the Therac-25 several decades ago. Therefore, if a medical device is using an operating system such as Linux, the performance and safety of Linux then comes under scrutiny.
In the context of medical device safety standards such as IEC 62304, when Linux is incorporated into a medical device, it is considered to be something called Software of Unknown Provenance (SOUP). In this case, the medical device manufacturer incorporating Linux into their device did not develop Linux and therefore does not fully know what level of quality processes were used to develop Linux in the first place. Standards like IEC 62304 allow the usage of SOUP such as Linux; however, IEC 62304 requires that risks associated with the failure of SOUP have been considered and addressed by the manufacturer.
The Medical Devices Working Group is in the process of developing a white paper summarizing requirements from IEC 62304 pertaining to SOUP to assist medical device manufacturers. If you have experience in Linux, medical, or functional safety applications, the Medical Devices Working Group welcomes your input on this white paper.
One of the interesting challenges with medical devices is that often most of the source for the system is restricted, and not openly available. This presents a challenge when trying to do analysis on how Linux is being used in such systems.
The OpenAPS project is a hobbyist project to create a feedback system between an insulin pump and glucose monitor to aid the Type 1 diabetes users to build systems to help manage their blood glucose levels. That the project is open source means that we can see the code and have a starting point for analysis.
The Medical Devices Working Group has been using System Theoretic Process Analysis (STPA) to analyze the system, which they call a “rig”, and the Linux system interactions within it. A rig consists of the Raspberry PI (running Linux and algorithms), glucose monitor (commercial) , insulin pump (commercial), and some data logging device. How to set up a rig and use it is documented by the OpenAPS project, which has significantly aided our analysis.
At this point, we’ve applied the STPA analysis through a couple of levels and have iterated on the analysis a few times (STPA process helped us identify some factors we’d not considered in diagraming the system initially). The team is now working on collecting traces of the system interacting with the Linux kernel. Tracing will let us continue to take the STPA analysis into the kernel subsystems.
We are interested in learning of other open source projects using Linux in the context of a medical device. If you know of such a project, or are interested in working with our team of volunteers, please feel free to reach out at medical-devices@lists.elisa.tech.