ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
System:PCA InterlockSystem Boundary
2
FundamentalsSystemEnvironment
3
NameReferencePCA PumpPatient
4
App Logic
5
Accident Levels:AL.DeathOrSeriousInjuryN / APulse Oximeter
6
Capnograph
7
Accidents:Acc.PatientHarmedAL.DeathOrSeriousInjury
8
Hazardous FactorSystem ElementSystem Element StateEnv. ElementEnv. Element State
9
Hazards:H.TooMuchAnalgesicAcc.PatientHarmedAnalgesicPCA PumpPumpingPatientNearHarm
10
11
Safety Constraints:SC.DontODPatientH.TooMuchAnalgesic
12
13
Explanations
14
ReferenceExplanation
15
Acc.PatientHarmedThe patient is harmed or seriously injured as a result of the App's actions
16
H.TooMuchAnalgesicThe patient is given more analgesic than they can safely tolerate
17
ArchitectureAs modeled by Arney-etal in ICCPS10 (in section 4.3) with some modifications
18
A lot of possibly unmeetable assumptions (guaranteed timing of network and app)
19
Modified to include RR and EtCO2 physiological monitors (in addition to SpO2)
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100