John OpsahlSomeone's life could be at risk if the IV Fluid Warmer does not operate properly. To better understand and address potential failure modes of the device, I have performed a system FMEA. Through this analysis I have developed a design strategy that includes double redundant fault detection and user alert methods.
Even so, there are a few failure modes where it is both difficult to detect the failure and difficult to convey to the user that a failure is occurring. These challenging failure modes include the scenario when either the microcontroller fails (a rare occurrence) or if the power being supplied to the device is interrupted (a likely occurrence particularly if a battery is used to power the device). Under these scenarios, if the user isn't actively watching the indicator lights on the device, they are unlikely to notice that the lights are no longer lit up and the device is no longer operating. There may be a 30 second or so grace period after either failure scenario when heat continues to transfer from the unit to the IV fluid, but eventually the rate of heat transfer to the fluid will slow and the IV fluid exiting the device may drop to an unsafe temperature. My current thought to alert the user during these scenarios is to either include a battery or capacitor in the device that will discharge to a buzzer when the microcontroller is no longer functioning (when it either fails or doesn't receive power).
Next I put together a list of system fault conditions that will implemented in software to detect when a failure mode has occurred. Hard faults will cut power to the heaters. Hard fault conditions represent scenarios where there is risk that the system will heat the IV fluid to 42 degC or greater and cause hemolysis of the blood products. A soft fault will just inform the user (in a sufficiently annoying manner) that the system isn't functioning properly and that it may or may not still be heating the IV fluid properly. The soft fault allows the user to recognize that there is an issue with the device and decide whether it is in the patient's best interest to continue to administer the fluid or to stop and investigate the cause of the fault. Three sensing devices will be used by the system for fault detection: four heater control temperature sensors, a system level hall current sensor, and an analog voltage sense.
| ID | Description | Type |
| F01 | erroneous temperature sensor reading | soft |
| F02 | large variation of temperature sensor measurements | soft |
| F03 | temperature sensor above max temperature limit | hard |
| F04 | temperature sensor below min temperature limit | soft |
| F05 | current is larger than max allowable current | hard |
| F06 | increase in current is larger than max allowable current change | hard |
| F07 | decrease in current is larger than max allowable current change | soft |
| F08 | input supply voltage below min supply voltage | soft |
| F09 | input supply voltage above max supply voltage | hard |
Finally, I have decided on the following strategy for alerting the user of the state of the system using three colored LEDs and a buzzer.
| State Indicator | ||||
| State | Red Light | Yellow Light | Green Light | Buzzer |
| hard fault | solid | - | - | ping every second |
| soft fault | flashing | - | - | ping every 5 seconds |
| warm up | - | flashing | - | ping every 30 seconds |
| warm up period over | - | - | solid | ping five times rapidly |
| operating; no faults | - | - | solid | ping every 5 minutes |
Discussions
Become a Hackaday.io Member
Create an account to leave a comment. Already have an account? Log In.