WO2016160772A1 - Medical treatment devices and methods with power cycling - Google Patents

Medical treatment devices and methods with power cycling Download PDF

Info

Publication number
WO2016160772A1
WO2016160772A1 PCT/US2016/024650 US2016024650W WO2016160772A1 WO 2016160772 A1 WO2016160772 A1 WO 2016160772A1 US 2016024650 W US2016024650 W US 2016024650W WO 2016160772 A1 WO2016160772 A1 WO 2016160772A1
Authority
WO
WIPO (PCT)
Prior art keywords
power
medical treatment
agents
treatment
treatment device
Prior art date
Application number
PCT/US2016/024650
Other languages
French (fr)
Inventor
Man Nguyen
John O'mahony
Gerard A. PRINDLE
Original Assignee
Gambro Lundia Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gambro Lundia Ab filed Critical Gambro Lundia Ab
Publication of WO2016160772A1 publication Critical patent/WO2016160772A1/en

Links

Classifications

    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02HEMERGENCY PROTECTIVE CIRCUIT ARRANGEMENTS
    • H02H3/00Emergency protective circuit arrangements for automatic disconnection directly responsive to an undesired change from normal electric working condition with or without subsequent reconnection ; integrated protection
    • H02H3/02Details
    • H02H3/05Details with means for increasing reliability, e.g. redundancy arrangements
    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02HEMERGENCY PROTECTIVE CIRCUIT ARRANGEMENTS
    • H02H3/00Emergency protective circuit arrangements for automatic disconnection directly responsive to an undesired change from normal electric working condition with or without subsequent reconnection ; integrated protection
    • H02H3/02Details
    • H02H3/06Details with automatic reconnection

Landscapes

  • External Artificial Organs (AREA)

Abstract

Medical treatment devices (200) and methods may include a power supply and a plurality of agents (52,72,80) operable using power supplied by one or more supply lines coupled to the power supply. Each of one or more of the agents may be configured to detect a system malfunction in operation of another agent during operation of the medical treatment device. A non-volatile memory may be used to store operation parameters representative of the operational state of the medical treatment device under control of the treatment control processor on an ongoing basis. A power system controller may be configured to power cycle the medical treatment device upon detection of a system malfunction. Such power cycling may include automatically disconnecting power from the plurality of agents, actively discharging the one or more supply lines to the plurality of agents such that supply voltage provided thereto is discharged below a predetermined voltage, and automatically reconnecting power to the plurality of agents after actively discharging the one or more supply lines to below the predetermined voltage. The medical treatment device may be configured to resume treatment to the operational state existing at the time of detecting the system malfunction using the stored operation parameters after automatically reconnecting power. Fig. 3

Description

MEDICAL TREATMENT DEVICES AND METHODS
WITH POWER CYCLING
CROSS-REFERENCE
This application claims the benefit of U.S. Provisional Application Serial No. 62/140,792, filed 31 March 2015, which is incorporated herein by reference in its entirety.
BACKGROUND
The disclosure herein relates to medical treatment devices and methods for treatment. More particularly, the disclosure relates to medical treatment devices and methods that use power cycling during treatment, such as treatment provided by an extracorporeal blood treatment apparatus.
Medical devices (e.g., devices providing medical therapies) typically continuously examine how a device is performing as part of a power on self-test and as part of ongoing system self-test to ensure the device continues to operate safely. For example, one or more of such tests may include: random access memory (RAM) tests; bus line tests; code cyclic redundancy checks (CRCs); buffer overrun tests; supply voltage tests; communication tests between processors; communication tests to subsystems; clock accuracy tests, battery health checks; system safety tests such as, for example, air detector functionality tests, blood leak detector tests, venous functionality tests, etc.; voltage and current limit tests; position/velocity tests on motors; system power consumption tests; temperature tests of various components; clamp functionality tests; watchdog tests; etc.
Given the increased performance in terms of power density, processor speeds, and memory capacity due to lower voltages in higher density components, the potential for hardware latchup or spurious system noise has also increased. For example, software may determine a system malfunction is present and bring the medical device to a safe state, which may entail enunciating a system malfunction alarm and stopping the device. The user may perceive this event (e.g., a system malfunction) as being indicative of a faulty system and an unreliable device even if the malfunction was due to latchup. Such a fault may be detected by a failure to communicate or to change state when requested. In many cases, the user will power cycle the device and return to the patient treatment.
However, in many circumstances, power cycling the device may be unsuccessful. For example, if the source of power enabling the latchup to persist has not been dissipated, power cycling the device will not fix the issue with latchup.
In a description on latchup by Fairchild Semiconductors (see
www. faircliil d semi . corn/ an/ AN/AN-600.pdf) it is noted that: "Inductive surges and transmission line reflections are the most likely sources of output latch-up in CMOS and should be attended to in the most applicable method, i.e., by clamping, termination or through dissipative measures." Essentially, it is necessary to control electrical overstress (EOS) conditions, such as those that can occur due to electrostatic discharge (ESD) or electrical fast transient (EFT) that may cause any intrinsic pn junctions at any I/O pad to forward bias. As the intrinsic pn junctions have linkages to an intractable network of other parasitic elements in the monolithic integrated circuit, it is practically impossible to predict exactly what parasitic silicon-controlled rectifier (SCR) latching may be triggered.
In theory, it may be possible to design a device to minimize latchup internal to the device in response to higher order effects under normal operation. However, what may occur external to the chip at the I/O pads is the responsibility of the application designer and uncontrollable at the time of design of the integrated circuits. At the application level, lack of consideration for intrinsic pn junctions at the I/O pads, such as absence of voltage translation in multiple supply systems, can contribute to latchup. In addition, parasitic inductance between power supply pins of interacting integrated circuits may also need to be considered. The manufacturers of integrated circuits generally only specify in their data sheets the absolute maximum ratings, beyond which intrinsic pn injunctions at the external pins either a) conduct due to forward biasing, or b) conduct due to reverse breakdown.
Therefore, it is the responsibility of the system design to ensure such conditions are met during normal operations and, if possible, that unforeseen conditions due to ESD/EFT/EOS be mitigated.
As indicated above, in the presence of a latchup condition, the user will typically power cycle the machine. If the errant flow path of current has terminated when the device is turned back on, the latchup condition will have been reset. If the system power has not drained sufficiently to reset the latchup, turning the power back on will result in the latchup condition being re-detected and a system malfunction again being declared. The user may call service which may take a number of hours before arriving on scene to investigate such a fault condition. Such amount of time may enable the latchup condition to reset and cause the service personnel to fail in finding a source of the issue once the remaining power in the system has dissipated.
SUMMARY The present disclosure describes devices and methods that power cycle the medical treatment device in a manner that increases the perceived reliability of the device. For example, in one or more embodiments, each separate voltage domain (e.g., a treatment system domain that includes at least a treatment control processor and associated components where one or more supply lines are used to provide a plurality of supply voltages to the domain) may employ disconnecting the voltage domain from its upstream source, and following the disconnection, may employ activating active discharge circuits to discharge the bulk capacitance below the voltage corresponding to the holding current that is needed by any parasitic SCR to persist. For example, this voltage may be one pn junction forward voltage, which can be in the range from 0.5 to 0.8 volts, depending on the exact characteristic of the latched-up SCR. As such, the active discharge phase should, at least in one embodiment, discharge until the voltage is well below 0.7volts to ensure elimination of most SCR latch up conditions.
In one or more embodiments, the present disclosure provides processes that when used improve the perceived reliability of the device. For example, if the medical treatment device were to fail once every 1000 hours due to a latchup condition or software failure, the device would have a mean time between failures (MTBF) of 1000 hours. By (e.g., preparing software and designing hardware) allowing the device to automatically power cycle itself in the face of system malfunction events, these failure type conditions may be prevented from halting treatment. As such, the MTBF is increased.
For example, in one or more embodiments, the devices and/or methods may be designed to perform one or more of the following tasks: in the event of a system malfunction, the device is automatically power cycled (e.g., power is disconnected followed by an active discharge) and brought to its previous operational state;
during power off, circuits of the device may be actively discharged by discharging each supply voltage below the voltage that any parasitic SCR can persist; booting the device in less than 15 seconds; the cycling power and reinstating therapy may occur in less than 60 seconds, and even less than 30 seconds; on an ongoing basis (e.g., periodically, constantly, or whenever a critical parameter changes), current device settings (e.g., state of therapy settings) may be saved to nonvolatile memory; the number of times power cycling is performed during a time period may be limited (e.g., the number of resets may be limited to 2 in any one hour period and/or 3 in any 24 hour period); an alarm annunciation may be provided if a number of power cycling events exceeds certain limits; and/or reasons for a system
malfunction event may be logged to enable continuous design improvements. For example, with such processes, treatment therapies may be continued with minimal interruption and/or perceived system reliability may be enhanced. One exemplary embodiment of a medical treatment device may include a power supply (e.g., the power supply may be in the form of a battery or AC to DC power supply) and a plurality of agents operable using power supplied by one or more supply lines coupled to the power supply (e.g., at least one agent of the plurality of agents may include a treatment control processor, one or more of the plurality of agents may communicate with at least one or more other agents, etc.). Further, each of one or more agents of the plurality of agents may be configured to detect a system malfunction in operation of another agent of the plurality of agents during operation of the medical treatment device. The medical treatment device may further include a non-volatile memory to store operation parameters on an ongoing basis representative of the operational state of the medical treatment device during treatment and a power system controller configured to power cycle the medical treatment device upon detection of a system malfunction during treatment. Power cycling the medical treatment device may include automatically
disconnecting power from the plurality of agents (e.g., including the treatment control processor) upon detection of the system malfunction, actively discharging the one or more supply lines to the plurality of agents (e.g., including the treatment control processor) such that supply voltage provided thereto is discharged below a predetermined voltage (e.g., 0.7 volts), and automatically reconnecting power to the plurality of agents after actively discharging the one or more supply lines to below the predetermined voltage. The medical treatment device may be configured to resume treatment at the operational state existing at the time of detecting the system malfunction using the stored operation parameters after automatically reconnecting power. One exemplary embodiment of a method may be used with a medical treatment device that includes a power supply and a plurality of agents operable using power supplied by one or more supply lines coupled to the power supply (e.g., wherein at least one agent of the plurality of agents may include a treatment control processor, wherein one or more of the plurality of agents may communicate with at least one or more other agents, etc.). Each of one or more agents of the plurality of agents may be configured to detect a system malfunction in operation of another agent of the plurality of agents during operation of the medical treatment device. The method may include storing operation parameters on an ongoing basis to nonvolatile memory representative of the operational state of the medical treatment device during treatment, detecting a system malfunction in operation of an agent during treatment, and power cycling the medical treatment device upon detection of the system malfunction during treatment. Power cycling the medical treatment device may include automatically disconnecting power from the plurality of agents (e.g., including a treatment control processor) upon detection of the system malfunction, actively discharging the one or more supply lines to the plurality of agents (e.g., including the treatment control processor) such that supply voltage provided thereto is discharged below a predetermined voltage, and automatically reconnecting power to the plurality of agents after actively discharging the one or more supply lines to below the predetermined voltage. Further, the method may include resuming treatment to the operational state existing at the time of detecting the system malfunction using the stored operation parameters after automatically reconnecting power.
In one or more embodiments of the devices and/or methods, resuming treatment to the operational state existing at the time of detecting the system malfunction may include performing a power-on self-test to test the functionality of a plurality of hardware components of the medical treatment device before allowing the medical treatment device to resume treatment (e.g., an alarm may be provided upon detection by the power-on self-test of a failed hardware component).
Further, in one or more embodiments of the devices and/or methods, the treatment control processor may be provided as part of a treatment system domain on one or more boards of the medical treatment device. The one or more supply lines may be used to provide a plurality of supply voltages to the treatment system domain. Actively discharging the one or more supply lines providing the plurality of supply voltages to the treatment system domain may include connecting each of the plurality of supply voltages separately through a resistance to ground. Further, in one or more embodiments of the devices and/or methods, the treatment control processor may be provided as part of a treatment system domain on one or more boards of the medical treatment device and one or more supply lines may be used to provide a plurality of supply voltages to the treatment system domain. The power system controller may be provided as part of a power system control domain, wherein a plurality of supply voltages separate from those providing power to the treatment system domain are used to supply power to the power system control domain. Actively discharging the one or more supply lines may include preventing sneak paths between the treatment system domain and the power system control domain when the one or more supply lines to the treatment system domain are being actively discharged.
Further, in one or more embodiments of the devices and/or methods, the treatment control processor may be provided as part of a treatment system domain on one or more boards of the medical treatment device and one or more supply lines may be used to provide a plurality of supply voltages to the treatment system domain. The power system controller may be provided as part of a power system control domain (e.g., wherein a plurality of supply voltages separate from those providing power to the treatment system domain may be used to supply power to the power system control domain); the power system control domain is not
disconnected from power during the power cycle. Further, for example, the plurality of supply voltages providing power to the power system control domain are not actively discharged.
Further, one or more embodiments of the devices and/or methods may include one or more of the following features and/or processes: the treatment system domain may further include a safety processor; detecting a system malfunction in operation of an agent may include performing at least one test selected from a group of tests such as a communication test between processors, a communication test between a processor and one or more subsystems, a hardware functionality test, and a system safety test; detecting a system malfunction may include providing a watchdog circuit as one of the plurality of agents in communication with the treatment control processor and detecting a system malfunction in communication between the watchdog circuit and the treatment control processor (e.g., the medical treatment device may be power cycled as a result of the detected system malfunction); the time to power cycle the medical treatment device upon detection of the system malfunction from disconnect of the power to resuming treatment at the operational state existing at the time of the system malfunction may be less than 60 seconds; the time from reconnecting power to the plurality of agents after actively discharging supply lines to resuming treatment at the operational state existing at the time of detecting the system malfunction may be less than 60 seconds (e.g., 15 seconds or less); the number of times power cycling occurs as a result of detected system malfunctions may be monitored and a user may be alerted if the number of times power cycling occurs exceeds a set limit over a predetermined period of time; information associated with the power cycling of the medical treatment device may be logged as a result of a detected system malfunction; the medical treatment device may include an extracorporeal blood treatment apparatus; and/or storing operation parameters on an ongoing basis may include storing operation parameters representative of the operational state of the medical treatment device to non-volatile memory at least whenever a critical parameter of the operational state changes. Further, in one or more embodiments of the devices and/or methods, resuming treatment may include providing an aligned treatment operation code file in non-volatile memory, transferring the aligned file from non-volatile memory to volatile memory (e.g., wherein hardware based error correction may be used for correcting transfer errors), relocating components of the aligned treatment operation code file to operation locations, and executing the treatment operation code to resume treatment at the operational parameters existing at the time of detecting the system malfunction.
Further, in one or more embodiments of the devices and/or methods, storing operation parameters on an ongoing basis to non-volatile memory representative of the operational state of the medical treatment device during treatment may include storing current alarm parameters on an ongoing basis to non-volatile memory representative of an alarm state of the medical treatment device (e.g., disconnect alarm, an air detection alarm causing a venous clamp to close, etc.) to non-volatile memory at least whenever a critical parameter of the alarm state changes.
Resuming treatment at the operational state existing at the time of detecting the system malfunction may include taking action to resume treatment based on the stored current alarm parameters. For example, the device and/or method may include storing current machine focused alarm parameters on an ongoing basis to non-volatile memory representative of a current machine focused alarm state caused by one or more system malfunctions (e.g., caused by latchup, etc.) correctable by power cycling the medical treatment device, and/or storing current patient focused alarm parameters on an ongoing basis to non-volatile memory representative of a current patient focused alarm state (e.g., disconnect alarm, an air detection alarm causing a venous clamp to close, etc.) non-correctable by power cycling the medical treatment device.
Further, in one or more embodiments of the devices and/or methods, taking action to resume treatment based on the stored current alarm parameters may include one or more of the following features or processes: recommunicating the current patient focused alarm state to a user (e.g., providing the alarm state in one form or another to the user); reestablishing the current patient focused alarm state in the medical treatment device (e.g., reestablish a current disconnect alarm, etc.); preventing occurrence of one or more tests or actions related to the current patient focused alarm state that are normally performed by the medical treatment device when power cycling the medical treatment device (e.g., preventing opening of a clamp closed upon an air detection alarm, prevent test to detect disconnect, etc.); preventing the medical treatment device from performing actions to detect a condition which caused the current patient focused alarm state (e.g., prevent use of test to detect disconnect, etc.).
Yet further, in one or more embodiments of the devices and/or methods, cycling the medical treatment device may be initiated upon actuation of a reset device by a user. Further, for example, the power cycling may be monitored and an alarm may be indicated if resumption of treatment to the operation state existing at the time of detecting the system malfunction fails to complete within a predetermined period of time. Another exemplary embodiment of a medical treatment device may include a power supply and a plurality of agents operable using power supplied by one or more supply lines coupled to the power supply (e.g., at least one agent of the plurality of agents may include a treatment control processor, one or more of the plurality of agents may communicate with at least one or more other agents, etc.). Further, each of one or more agents of the plurality of agents may be configured to detect a system malfunction in operation of another agent of the plurality of agents during operation of the medical treatment device. The medical treatment device may further include a non-volatile memory to store operation parameters on an ongoing basis representative of the operational state of the medical treatment device during treatment, wherein the operation parameters may include current machine focused alarm parameters representative of a current machine focused alarm state caused by one or more system malfunctions correctable by power cycling the medical treatment device and patient focused alarm parameters representative of a current patient focused alarm state non-correctable by power cycling the medical treatment device. Still further, the device may include a power system controller configured to power cycle the medical treatment device upon detection of a system malfunction during treatment. For example, power cycling the medical treatment device may include automatically disconnecting power from the plurality of agents comprising the treatment control processor upon detection of the system
malfunction and automatically reconnecting power to the plurality of agents. The medical treatment device may be configured to resume treatment at the operational state existing at the time of detecting the system malfunction by using the stored operation parameters after automatically reconnecting power. For example, resuming treatment may include reestablishing a current patient focused alarm state in the medical treatment device based on the patient focused alarm parameters if such a patient focused alarm state was existing at the time of detecting the system malfunction (e.g., further, the medical treatment device may be configured to prevent occurrence of one or more tests or actions related to the current patient focused alarm state that are normally performed by the medical treatment device when power cycling the medical treatment device, the medical treatment device may be configured to prevent the medical treatment device from performing actions to detect a condition which caused the current patient focused alarm state, etc.).
In yet another exemplary embodiment of a medical treatment device, the device may include a power supply and a plurality of agents operable using power supplied by one or more supply lines coupled to the power supply (e.g., at least one agent of the plurality of agents may include a treatment control processor, one or more of the plurality of agents may communicate with at least one or more other agents, etc.). Further, each of one or more agents of the plurality of agents may be configured to detect a system malfunction in operation of another agent of the plurality of agents during operation of the medical treatment device. The medical treatment device may further include a non-volatile memory to store operation parameters on an ongoing basis representative of the operational state of the medical treatment device during treatment and a user interface that includes a reset device actuatable by a user to initiate a power cycling of the medical treatment device. The device may still further include a power system controller configured to power cycle the medical treatment device upon actuation of the reset device by the user. For example, power cycling the medical treatment device may include disconnecting power from the plurality of agents comprising the treatment control processor, actively discharging the one or more supply lines to the plurality of agents (e.g., including the treatment control processor) such that supply voltage provided thereto is discharged below a predetermined voltage, and automatically reconnecting power to the plurality of agents after actively discharging the one or more supply lines to below the predetermined voltage (e.g., the medical treatment device may be configured to resume treatment at the operational state existing at the time the user actuates the reset device. The above summary of the present disclosure is not intended to describe each embodiment or every implementation thereof. Advantages, together with a more complete understanding of the present disclosure, will become apparent and appreciated by referring to the following detailed description and claims taken in conjunction with the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWING
FIG. 1 is a block diagram of an exemplary medical treatment device including input apparatus, display apparatus, and treatment apparatus that may be power cycled as described herein.
FIG. 2 is an illustration of an exemplary extracorporeal blood treatment system that may be power cycled as described herein.
FIG. 3 is an exemplary graphical illustration of a medical treatment device architecture showing the separation of a power system control domain from a treatment system domain for use in describing at least one embodiment of power cycling as implemented, for example, in a medical treatment device as shown generally in FIGS. 1-2.
FIG. 4 is a block diagram depicting a more detailed view of exemplary system architecture with power connect and active discharge circuitry for a medical treatment device, for example, such as shown generally in FIGS. 1-3.
FIG. 5 is a block diagram showing one exemplary embodiment of a method including power cycling of the medical treatment device, for example, such as shown generally in FIGS. 1-4.
FIG. 6 is a block diagram showing another exemplary embodiment of a method including power cycling of the medical treatment device, for example, such as shown generally in FIGS. 1-4; FIG. 6 showing a more detailed power cycling process than in FIG. 5.
FIG. 7 is an illustrative diagram depicting an exemplary discharge circuit for discharging a supply line providing a voltage supply to an integrated circuit for use in illustrating an active discharge process.
FIG. 8 is a block diagram showing an exemplary embodiment of a method to boot the medical treatment device, for example, such as shown more generally in FIG. 6.
DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS
In the following detailed description of illustrative embodiments, reference is made to the accompanying figures of the drawing which form a part hereof, and in which are shown, by way of illustration, specific embodiments which may be practiced. It is to be understood that other embodiments may be utilized and structural changes may be made without departing from (e.g., still falling within) the scope of the disclosure presented hereby.
Exemplary devices and methods providing power cycling for use in medical treatments such as, e.g., extracorporeal blood treatment, shall be described with reference to FIGS. 1-8. It will be apparent to one skilled in the art that elements or processes from one embodiment may be used in combination with elements or processes of the other embodiments, and that the possible embodiments of such devices and methods using combinations of features set forth herein is not limited to the specific embodiments shown in the figures and/or described herein. Further, it will be recognized that the embodiments described herein may include many elements that are not necessarily shown to scale. Still further, it will be recognized that timing of the processes and the size and shape of various elements herein may be modified but still fall within the scope of the present disclosure, although certain timings, one or more shapes and/or sizes, or types of elements, may be
advantageous over others.
The exemplary devices (e.g., systems) and/or methods may use, or utilize, power cycling as described herein for an extracorporeal blood treatment system or for any other medical treatment device or system (e.g., intensive care unit ventilator systems, infusion pump systems, dialysis systems, patient monitoring systems, blood pressure monitoring systems, peritoneal dialysis systems, etc.) that may benefit therefrom. Such power cycling processes, including an active discharge, may improve the perceived reliability of such systems. Exemplary medical treatment device 10 depicted in FIG. 1 may be used to execute, or perform, the exemplary methods and/or processes described herein. In at least one embodiment, the device 10 may be a machine for the extracorporeal treatment of blood (e.g., see FIG. 2). The device 10 could, for example, alternatively be a blood processing device or a blood component preparation device or other medical apparatus for fluid delivery/collection.
As shown, the exemplary medical treatment device 10 includes computing apparatus 12 (e.g., a plurality of processors). The computing apparatus 12 may be configured to receive input from input apparatus 20 and transmit output to display apparatus 22. Further, the computing apparatus 12 may include data storage 14 (e.g., non-volatile and volatile memory). Data storage 14 may allow for access to processing programs or routines 16 (e.g., treatment control code, test routines, reboot routines, etc.) and one or more other types of data 18 (e.g., operational parameters, current alarm parameters representative of alarm states, boot files, graphical elements, variables, images, macros, etc.) that may be employed to perform, or carry out, exemplary methods and/or processes (e.g., displaying graphical user interfaces, accessing data stored in memory for use in power cycling the device, issuing alarms, running a treatment, determining problems with a treatment, detecting system malfunctions, notifying operators/users of problems, etc.) for use in performing a medical treatment. The computing apparatus 12 may be operatively coupled to the input apparatus 20 and the display apparatus 22 to, e.g., transmit data to and from each of the input apparatus 20 and the display apparatus 22. For example, the computing apparatus 12 may be electrically coupled to each of the input apparatus 20 and the display apparatus 22 using, e.g., analog electrical connections, digital electrical connections, wireless connections, bus-based connections, etc. An operator may provide input to the input apparatus 20 to manipulate, or modify, a medical treatment.
Further, various devices and apparatus may be operatively coupled to the computing apparatus 12 to be used with the computing apparatus 12 to perform one or more medical procedures/treatments as well as the functionality, methods, and/or logic described herein. As shown, the device 10 may include input apparatus 20, display apparatus 22, and treatment apparatus 24 operatively coupled to the computing apparatus 12 (e.g., such that the computing apparatus 12 may be configured to use information, or data, from the apparatus 20, 22, 24 and provide information, or data, to the apparatus 20, 22, 24). The input apparatus 20 may include any apparatus capable of providing input to the computing apparatus 12 to perform the functionality, methods, and/or logic described herein.
For example, the input apparatus 20 may include a touchscreen (e.g., capacitive touchscreen, a resistive touchscreen, a multi-touch touchscreen, etc.), a mouse, a keyboard, a trackball, etc. A touchscreen may overlay the display apparatus 22 such that, e.g., an operator may use the touchscreen to interact (e.g., by touch) with a graphical user interface displayed on the display apparatus 22. For example, the input apparatus 20 may allow an operator to interact with a graphical user interface including an alarm region containing, or depicting, information related to the issued alarm. Further, for example, the input apparatus 20 may allow an operator to interact with a graphical user interface to, e.g., modify one or more treatment parameters, change the type of treatment, etc. when used in conjunction with the display apparatus 22 (e.g., displaying the graphical user interface). The input apparatus may include a user interface that provides a reset device actuatable by a user or operator to initiate a power cycling process as described herein (e.g., power cycling that includes one or more of the disconnect, active discharge, and reconnect processes described herein, as well as resuming treatment at the operational state existing at the time the user actuates the reset device). For example, the reset device may be implemented by hardware or software (e.g., a graphical element on a touchscreen may be used, a hard key or reset button may be used, a toggle switch may be used, etc.).
The display apparatus 22 may include any apparatus capable of displaying information to an operator, such as a graphical user interface, etc., to perform the functionality, methods, and/or logic described herein. For example, the display apparatus 22 may include a liquid crystal display, an organic light-emitting diode screen, a touchscreen, a cathode ray tube display, etc. For example, the display apparatus may be used to recommunicate an alarm state to a user (e.g., may provide a visual alarm indicator to the user when reestablishing an alarm state in the device after power cycling, may display an alarm, may provide a graphical user interface allowing a user to address an alarm state, etc.). One or more other alarm devices may be used to provide users with alarm conditions (e.g., speakers, lights, GUIs, etc.).
The processing programs or routines 16 may include programs or routines for performing computational mathematics, matrix mathematics, standardization algorithms, comparison algorithms, or any other processing required to implement one or more exemplary methods and/or processes described herein. Data 18 may include, for example, operational parameters, treatment control files, graphical user interfaces, alarm data, fluid data, flow rates, fluid volumes, notifications, pressures, pressure limits, blood flow, blood flow limits, fluid removal rates, fluid removal limits, target blood temperatures, blood temperature limits, heuristics indicative of malfunction, results from one or more processing programs or routines employed according to the disclosure herein, or any other data that may be necessary for carrying out the one and/or more processes or methods described herein. In one or more embodiments, the medical treatment device 10 may be implemented using one or more computer programs executed on programmable computers, such as computers that include, for example, processing capabilities, data storage (e.g., volatile or non-volatile memory and/or storage elements), input devices, and output devices. Program code and/or logic described herein may be applied to input data to perform functionality described herein and generate desired output information. The output information may be applied as input to one or more other devices and/or methods as described herein or as would be applied in a known fashion.
The program used to implement the methods and/or processes described herein may be provided using any programmable language, or code, e.g., a high level procedural and/or object orientated programming language, or code, that is suitable for communicating with a computer system. Any such programs may, for example, be stored on any suitable device, e.g., a storage media, that is readable by a general or special purpose program running on a computer system (e.g., including processing apparatus) for configuring and operating the computer system when the suitable device is read for performing the procedures described herein. In other words, at least in one embodiment, the medical treatment device 10 may be implemented using a computer readable storage medium, configured with a computer program, where the storage medium so configured causes the computer to operate in a specific and predefined manner to perform functions described herein. Further, in at least one embodiment, the system 10 may be described as being implemented by logic (e.g., object code) encoded in one or more non-transitory media that includes code for execution and, when executed by a processor, is operable to perform operations such as the methods, processes, and/or functionality described herein.
The computing apparatus 12 may be, for example, any fixed or mobile computer system (e.g., a controller, a microcontroller, a personal computer, mini computer, etc.). The exact configuration of the computing apparatus 12 is not limiting, and essentially any device capable of providing suitable computing capabilities and control capabilities (e.g., power system control, safety system processing, graphics processing, control of a medical treatment apparatus, etc.) may be used.
As described herein, a digital file may be any medium (e.g., volatile or non- volatile memory, a CD-ROM, a punch card, magnetic recordable tape, etc.) containing digital bits (e.g., encoded in binary, trinary, etc.) that may be readable and/or writeable by computing apparatus 12 described herein. Also, as described herein, a file in user-readable format may be any representation of data (e.g., ASCII text, binary numbers, hexadecimal numbers, decimal numbers, graphically, etc.) presentable on any medium (e.g., paper, a display, etc.) readable and/or
understandable by an operator.
In view of the above, it will be readily apparent that the functionality as described in one or more embodiments according to the present disclosure may be implemented in any manner as would be known to one skilled in the art. As such, the computer language, the computer system, or any other software/hardware which is to be used to implement the processes described herein shall not be limiting on the scope of the systems, processes or programs (e.g., the functionality provided by such systems, processes or programs) described herein.
The methods and/or logic described in this disclosure, including those attributed to the systems, or various constituent components, may be implemented, at least in part, in hardware, software, firmware, or any combination thereof (e.g., also considered agents as discussed herein). For example, various aspects of the techniques may be implemented within one or more processors, including one or more microprocessors, DSPs, ASICs, FPGAs, or any other equivalent integrated or discrete logic circuitry, as well as any combinations of such components, or other devices (e.g., also considered agents as discussed herein). The term "processor" or "processing circuitry" may generally refer to any of the foregoing logic circuitry, alone or in combination with other logic circuitry, or any other equivalent circuitry. Such hardware, software, and/or firmware may be implemented within the same device or within separate devices to support the various operations and functions described in this disclosure. In addition, any of the described components may be implemented together or separately as discrete but interoperable logic devices. Depiction of different features, e.g., using block diagrams, etc., is intended to highlight different functional aspects and does not necessarily imply that such features must be realized by separate hardware or software components. Rather, functionality may be performed by separate hardware or software components, or integrated within common or separate hardware or software components. When implemented in software, the functionality ascribed to the systems, devices and methods described in this disclosure may be embodied as instructions and/or logic on a computer-readable medium such as RAM, ROM, NVRAM, EEPROM, FLASH memory, magnetic data storage media, optical data storage media, or the like. The instructions and/or logic may be executed by one or more processors to support one or more aspects of the functionality described in this disclosure.
The treatment apparatus 24 may include any apparatus used by an exemplary medical treatment device (e.g., an extracorporeal blood treatment system capable of performing extracorporeal blood treatments), such as, e.g., pumps, reservoirs, scales, treatment sets, filters, pressure sensors, etc. For example, the treatment apparatus 24 may include one or more elements, or components, of the
extracorporeal blood treatment system 100 described herein with reference to FIG. 2.
The exemplary devices (e.g., systems), and exemplary methods performed, or used, by such exemplary systems, described herein may include systems such as, e.g., dialysis systems. The general term "dialysis" as used herein includes hemodialysis, hemofiltration, hemodiafiltration, hemoperfusion, liver dialysis, and therapeutic plasma exchange (TPE), among other similar treatment procedures. In dialysis generally, blood is taken out of the body and exposed to a treatment device to separate substances therefrom and/or to add substances thereto, and is then returned to the body. Although extracorporeal blood treatment systems capable of performing general dialysis (as defined above, including TPE) shall be described herein with reference to the exemplary extracorporeal blood treatment system of FIG. 2, other systems such as those for infusion of drugs, performance of continuous renal replacement therapy (CRRT), extracorporeal membrane oxygenation
(ECMO), hemoperfusion, liver dialysis, apheresis, TPE, etc. may benefit from the devices (e.g., systems or apparatus) or methods described herein and the present disclosure is not limited to any particular treatment system. Referring to FIG. 2, one illustrative embodiment of an extracorporeal blood treatment system, or apparatus, 100 is depicted which includes all the features described with reference to the device 10 shown in FIG. 1. The system 100 includes a housing 110 having a front face 112. The system 100 further includes one or more pumps 120 used to move liquids through the system as part of a treatment process. Although the pumps 120 are depicted in the form of peristaltic pumps, the pumps used in the extracorporeal blood treatment system described herein may be provided in a variety of alternative forms, e.g., piston pumps, pumps for use with syringes, diaphragm pumps, etc.
The extracorporeal blood treatment system 100 also includes, in one or more embodiments, a display 160 used to convey information to an operator or user. The display 160 may also serve as an input device if, e.g., the display 160 is in the form of a touchscreen.
The extracorporeal blood treatment system 100 also includes one or more reservoir scales 130, each of which is configured to hold and weigh a reservoir 132. The reservoir scales 130 are positioned below a bottom end 114 of the housing 110, at least in part because the reservoirs 132 are typically attached to and hang from the reservoir scales 130. FIG. 3 shows a generalized system architecture diagram that, for example, may be used to implement a medical treatment device such as shown generally in FIG. 1 (e.g., an extracorporeal blood treatment system such as shown in FIG. 2). For example, the system architecture may include any number of various types of agents. For example, agents may include hardware agents, software agents, or any combination thereof. For example, an agent may be an autonomous and intelligent, real or abstract component or process that is capable of acting itself or in a multi- agent environment. Agents may communicate with other agents in a distributed system and the behavior of agents may be dependent upon the agent's own observations and knowledge and/or communicated observations and knowledge of other agents.
For example, agents may include any number of various hardware components of a medical treatment device that may be used alone or in combination with any number of other components of a system. For example, agents may include processors, controllers, subsystem components, etc. such as safety processors, treatment control processors, power system controllers, pumps, infusion devices, sensors, leak detectors, weight scales, LCDs, LEDs, air detectors, blood leak detectors, pressure sensors, etc. Further, for example, agents may include software components that provide methods, functions, or perform one or more tasks when operating within the medical treatment device. For example, agents may include database agents, communication agents, process monitoring agents, treatment control agents, user interface agents, treatment delivery agents, temperature control agents, alarm detection agents, watchdog agents, weight control agents, etc. The exemplary illustrative system architecture shown in FIG. 3 shows a distributed system of agents that may include a first agent 52 (e.g., a power system controller for use in providing power to various components of the medical treatment device), a second agent 72 (e.g., a treatment control processor, for example, configured to control the performance of a treatment on a patient), and a third agent 80 (e.g., a safety processor, for example, configured to watch or monitor the treatment control processor or operations controlled thereby) which may all be coupled in a communicative network (e.g., one or more agents may communicate with one or more other agents, one or more agents may be used to monitor communications therebetween, communicate control information therebetween, etc.). Further as shown in FIG. 3, each of the first, second, and third agents (52, 72, and 80) may further be coupled in a communicative network with one or more additional agents (e.g., such additional agents may also be coupled to facilitate communication therebetween). For example, first agent 52 may be coupled with agents 55- 57; second agent 72 may be coupled with agents 75-76, and third agent 80 may be coupled with agents 82- 84. For example, agents 55- 57, 74-76, and 82- 84 may be one or more software or hardware agents performing one or more tasks associated with the treatment control processor, power system controller, or safety processor, may be representative of one or more contracts (e.g., tasks) to be completed by or between one or more system components (e.g., communication tasks, control tasks, etc.), may be subsystem components performing one or more functions, etc.
One skilled in the art will recognize that the number of agents and/or the manner in which such agents are distributed to form the system architecture is not limiting to the present disclosure. For example, any number of agents may exist in any distributed configuration.
Generally, a power supply is provided to power the medical treatment device implemented using the system architecture shown in FIG. 3. For example, a plurality of agents within the architecture are operable using power supplied by one or more supply lines coupled to the power supply (e.g., a power supply in the form of a battery or AC to DC power supply, or any other suitable power supply). At least in one embodiment, as will be described herein, a power system controller provided as the first agent 52 may be configured to be within a power system controller domain 50 and a treatment control processor provided as the second agent 72 and/or a safety processor provided as the third agent 80 may be configured to be within a treatment system domain 70. For example, the power system controller domain may be provided with power by a plurality of supply voltages separate from those providing power to the treatment system domain to accommodate power cycling functionality as described herein (e.g., the treatment system domain may be actively discharged during power cycling while the power system control domain may remain connected when power is cycled; sneak paths may be prevented between the treatment system domain and the power system control domain, etc.).
Medical treatment devices (e.g., devices providing medical therapies such as configured with the system architecture of FIG. 3) typically continuously examine how a device is performing as part of a power on self-test and as part of ongoing system self-test to ensure the device continues to operate safely. For example, system malfunctions in operation of an agent may be detected by performing one or more various tests, such as communication tests between agents, communication tests between a processor agents and one or more subsystem agents, hardware agent tests, etc. For example, such tests may include: random access memory (RAM) tests; bus line tests; code cyclic redundancy checks (CRCs); buffer overrun tests; supply voltage tests; communication tests between processors; communication tests between processors and subsystems; clock accuracy tests, battery health checks; system safety tests such as, for example, air detector functionality tests, blood leak detector tests, venous functionality tests, etc.; voltage and current limit tests;
position/velocity tests on motors; system power consumption tests; temperature tests of various components; clamp functionality tests; watchdog tests; etc.
As previously described herein, given the increased performance of device components (e.g., integrated circuit components) in terms of power density, processor speeds, and memory capacity due to lower voltages in higher density components, the potential for hardware latchup or spurious system noise has also increased and may be the cause of a system malfunction. For example, latchup (e.g., a type of short circuit) can occur inadvertently to create a low impedance path between the power supply rails of a MOSFET circuit, triggering a parasitic structure which disrupts proper functioning of the part. Such circuits may be a part of any agent within the system architecture. The parasitic structure may be equivalent to a thyristor or silicon controlled rectifier (SCR). For example, the structure may act as a P P and an PN transistor stacked next to each other. During a latchup when one of the transistors is conducting, the other one begins conducting too. They both keep each other in saturation for as long as the structure is forward-biased and some current flows through it. The latchup may occur between power rails; however, it may happen at any place where the required parasitic structure exists. For example, a spike of positive or negative voltage on an input or output pin of a digital chip (e.g., exceeding the rail voltage by more than a diode drop), is a common cause of latchup; the supply voltage exceeding the absolute maximum rating may be a cause (e.g., often from a transient spike in the power supply leading to a breakdown of some internal junction); ESD may be a cause; etc.
If during treatment a system malfunction is detected, whether the system malfunction is a result of latchup or was otherwise caused, automatic power cycling as described herein (i.e., as opposed to a user performing the power cycling) is performed in an attempt to quickly remove the cause of the system malfunction
(e.g., latchup) and resume treatment by the medical treatment device without user's assistance and without a failure being issued for the medical treatment device. For example, as opposed to a user power cycling the device, a power system controller may be configured to automatically power cycle the medical treatment device upon detection of a system malfunction during treatment (e.g., due to latchup or for one or more other reasons). For example, in one or more embodiments, power may be automatically disconnected from a plurality of agents (e.g., agents of a treatment system domain that includes a treatment control processor and associated components, a safety control processor, etc.; wherein one or more supply lines are used to provide a plurality of supply voltages to the domain), and following the disconnection, the one or more supply lines to the plurality of agents may be actively discharged such that the supply voltage provided thereto is discharged below a predetermined voltage (e.g., active discharge circuits may be used to discharge the bulk capacitance of the supply lines below the voltage corresponding to the holding current that is needed by any parasitic SCR to persist). The voltage corresponding to the holding current that is needed by any parasitic SCR to persist may be, for example, the sum of two pn junction forward voltages. For example, such a sum may be in the range from 1 to 1.4 volts. As such, the active discharge phase should, at least in one embodiment, discharge until the voltage is well below one (1) volt to ensure elimination of most SCR latchup conditions. Further, for example, this voltage may be one pn junction forward voltage, which can be in the range from 0.5 to 0.8 volts, depending on the exact characteristic of the latched-up SCR. As such, at least in one embodiment, the active discharge is carried out until the voltage is less than a predetermined voltage of 0.7 volts to ensure elimination of even a greater number of SCR latch up conditions. Further, in another embodiment, the active discharge is carried out until the voltage is less than a predetermined voltage of 0.5 volts to ensure elimination of even a greater number of SCR latch up conditions.
After the active discharge is performed, power may be automatically reconnected to the plurality of agents (e.g., agents of a treatment system domain that includes a treatment control processor and associated components, a safety control processor, etc.) and the medical treatment device may resume treatment at the operational state existing at the time of detecting the system malfunction (e.g., using the operation parameters stored on an ongoing basis in non-volatile memory representative of the operational state of the medical treatment device).
FIG. 4 is a block diagram depicting a more detailed view of an exemplary system architecture 200 (e.g., more detailed than the exemplary general system architecture shown in FIG. 3) that may be employed to implement a medical treatment device, for example, such as shown generally in FIGS. 1-2. The system architecture 200 includes power connect and active discharge circuitry for use in implementing power cycling as described herein.
As shown FIG. 4, the system architecture 200 may include one or more circuit boards connected to a backplane board 202 connected to both internal and external components such as actuators, sensors, communication ports, displays and storage devices. Although the system architecture 200 shown in FIG. 4 includes a certain number of boards and/or components to implement the medical treatment device (e.g., an extracorporeal blood treatment device such as shown in FIG. 2), the present disclosure is not limited to this particular exemplary detail configuration as any number of different configurations may be usable to attain the benefits of power cycling as described herein.
The system architecture 200 shown in FIG. 4 includes a power board 204 connected to backplane 202 to control the supply of power to the system
architecture 200, as well as for control of active discharge during power cycling as described herein. For example, the power board 204 may include a power system controller 250 for use in controlling the supply of power, power cycling the device based on user input, power cycling the device automatically upon detection of a system malfunction, etc. The power system controller 250 may be implemented using any number of different circuit configurations (e.g., watchdog circuitry, processing circuitry, logic circuitry, etc.). For example, the power system controller 250 may be implemented using a power system controller processing unit 252 and associated power connect and active discharge logic 256. For example, an input may be provided to the processing unit 252 indicative of a system malfunction being detected and processing unit 252 may control power connect and active discharge logic 256 accordingly (e.g., command to disconnect power, initiate active discharge, etc.). Further, for example, a watchdog circuit (e.g., without use of a processor) that polls one or more other circuit devices of the system architecture to determine if a system malfunction has occurred may also be used; with power cycling being initiated based thereon. Further, as shown in FIG. 4, a mainboard 206 connected to the backplane board 202 may include circuitry for controlling treatment performed by the medical treatment device. For example, mainboard 206 may include treatment control circuitry 262. Treatment control circuitry 262 may include any number of different circuits suitable for controlling a particular treatment provided by the medical treatment device. The particular configuration and number of circuitry components for use in controlling such treatment is not limiting on the present disclosure as power cycling described herein may be applicable to any number of different medical treatment devices performing any number of different treatments. As shown in FIG. 4, treatment control circuitry 262 may include a treatment control processor 264 and associated memory, including, for example, volatile memory 265 and non-volatile memory 266. For example, such memory may include
synchronous dynamic random access memory (SDRAM) 265 and non-volatile NAND flash memory 266. Further, for example, other circuitry including control processor delegate circuitry and peripheral circuits 268 may be provided on mainboard 206. A safety board 208 may also be connected to the backplane board 202 as shown in FIG. 4. For example, safety board 208 may include safety system circuitry 270 used to monitor the treatment control (e.g., as controlled by treatment control circuitry 262) and may provide certain redundancies. Safety system circuitry 270 may include any number of different circuits suitable for performing such a monitoring and backup functionality as may be provided in a medical treatment device. The particular configuration and number of circuitry components for use in providing such functionality is not limiting on the present disclosure as power cycling described herein may be applicable to any number of different medical treatment devices performing any number of different treatments. As shown in FIG. 4, safety system circuitry 270 may include control processor delegate circuitry, a safety processor, safety processor delegate circuitry, and any other number of other circuits, such as peripheral type circuits. At least in one embodiment, the safety system circuitry 270 may include a watchdog circuit (e.g., an agent) in communication with the treatment control processor of treatment control circuitry 262. A system malfunction in communication between the watchdog circuit and the treatment control processor may be detected; wherein the medical treatment device may be power cycled as a result of the detected system malfunction.
Further, for example, safety system circuitry 270 may monitor the medical treatment device (e.g., after power cycling) and when the device is attempting to resume treatment. For example, the process described to resume treatment of the patient may be monitored and an alarm may be issued if resumption of treatment to the operation state existing at the time of detecting a system malfunction fails to complete within a predetermined period of time. For example, an audible and/or a visual alarm may be annunciated. Still further, any number of other boards 210 may also be connected to the backplane board 202 as shown in FIG. 4. For example, such boards 210 may include driver boards, accessory boards, advanced therapy boards, etc. and may include any number of different types of circuits 280 (e.g., delegate circuits, peripheral circuits, etc.). Yet further, a display monitor assembly 214 is also provided as part of the system architecture 200 as shown in FIG. 4. For example, the display monitor assembly 214 may include, for example, a display controller board including a display processing apparatus, an alarm board, a touchscreen, and any other components for use in providing any number of different types of medical treatments using the medical treatment device.
Any number of additional agents 216 (e.g., subsystems, communication links, system components, etc.) may also be provided as part of the system architecture 200. For example, such agents 216 that may be part of a medical treatment device may include: nurse call components, main and backup speakers for producing audible alarms (e.g., that may be used to recommunicate an alarm state to a user as described herein when reestablishing an alarm state in the device when power cycling), barcode readers, SD cards, USB ports, Ethernet ports, RS-232 ports, fluid pump motors, weight scales, syringe pumps, pinch valves, loader motors, solenoids, pressure valves, motors for providing air, pressure sensors, blood leak detectors, liquid leak detectors, liquid level sensors, venous clamps, microphones, etc. The number of additional agents is unlimited and is not limiting on the present disclosure as power cycling described herein may be applicable when any number of additional agents are present. It will be recognized by one of skill the art that the various portions and/or components (e.g., agents) of the system architecture 200 are all either connected and/or coupled in one way or another to one or more other portions and/or components of the system architecture 200. For example, such connection and/or coupling may be an electrical coupling, a communicative coupling, or in any other manner (e.g., structural, nonstructural, wired, wireless, etc.). For example, one or more of the agents 216 may be in communication with and/or under the control of one or more other agents provided in the system architecture 200. Various communication channels (represented generally by reference numeral 293) are provided for facilitating communication among the agents including, for example, with use of one or more various transceivers for establishing such communication channels (e.g., RS-232 transceiver links, etc.).
In addition, a power control panel 212 is also provided within the system architecture 200 as shown in FIG. 4. The power control panel 212 may include a user actuated on-off actuator (e.g., a membrane switch, or any other actuator that may be used to switch states), as well as an on-off indicator (e.g., a light, a beep, or any other visual or audible indicator). The power control panel 212 is operable in an on-off state to provide power to the system architecture 200. One or more components and/or circuits (e.g., transformers, converters, etc.) may be used to provide a power supply 215 (e.g., a 24V DC power source) to the power board 204 which may then be converted and/or distributed.
For example, as shown in FIG. 4, power may be distributed via multiple voltage domains. For example, a first voltage domain 230 may be provided for powering power system controller 250 and/or one or more other circuits such as may be needed for performing the functionality of automatically power cycling upon detection of a system malfunction as described herein. For example, the first voltage domain 230 may include providing a plurality of voltage supplies, including 5V supply 295 and 3.3V supply 296. Such voltage supplies being provided by one or more converters (e.g., DC-DC converters) across a supply capacitor to ground (e.g., each providing a power rail for connection as needed). Further, for example, a second voltage domain 220 may be provided for powering other portions of the system architecture 200 including at least the treatment control circuitry 262 and/or one or more other circuits such as may be needed for performing the treatment provided by the medical treatment device. For example, the second voltage domain 220 may provide power to the circuitry of mainboard 206, circuitry of safety board 208, the circuitry of the one or more additional boards 210, etc. Such a distribution of power in the second voltage domain 220 is shown in FIG. 4 by the various illustrated sets of supply voltages corresponding to each board (e.g., supply voltage set 221 on power board 204 which includes converters for establishing supply voltages to be distributed, supply voltage set 222 providing supply voltages to circuitry on mainboard 206, supply voltage set 224 providing supply voltages to circuitry on safety board 208, and supply voltage set 226 providing supply voltages to circuitry on one or more additional boards 210). For example, the second voltage domain 220 may include the plurality of voltage supplies 221 at power board 204, including a 24V supply 288, a 12V supply 285, a 5V supply 286 and a 3.3V supply 287. Such voltage supplies may be provided by one or more converters (e.g., DC-DC converters 299) across a supply capacitor to ground (e.g., each providing a power rail). Such converted supply voltages may be distributed from power board 204 to the circuitry of the other boards to provide various sets of supply voltages (e.g., 222, 224, and 226).
One will recognize that various supply lines may be used to distribute the power, for example, as illustrated in FIG. 4. Such supply lines may be implemented using any conductor configurations (e.g., conductor connections, board traces, backplane board conductors, etc.) and any circuitry required to provide desired power levels to the desired locations (e.g., converters, translators, voltage translation bus transceivers, etc.). For example, various voltage translation bus transceivers 291 are shown with respective line connections to various components of the system architecture 200. Each of the voltage supplies provided as part of the distributed second voltage domain 220 is illustrated in FIG. 4 as a voltage supply across a supply capacitor to ground (e.g., providing a power rail). In addition, as shown in FIG. 4, a discharge circuit is also provided for each supply voltage. A more detailed view of such a voltage supply 300 providing a power rail for connection to an integrated circuit 302 is shown in FIG. 7. Further, as shown in FIG. 7, an active discharge circuit 304 is also provided for the supply voltage circuit. The active discharge circuit 304 is connected across the supply capacitance 301 and includes a discharge resistance 305 and a controllable switch 306 connected in series with the discharge resistance 305 between supply voltage (VDD) and ground (GND). As such, when the switch 306 is activated for active discharge of the supply lines, the supply voltage (VDD) is connected through the resistance 305 to ground (GND). For example, the integrated circuit 302 may include a parasitic SCR in latchup (e.g., a triggered state somewhere inside integrated circuit chip 302) and a system
malfunction may be detected. The detection of the system malfunction may initiate an automatic power cycling, including actuation of system discharge switch 306 and connection of the supply voltage (VDD) through discharge resistance 305 to ground. One will recognize that any suitable switch circuit may be utilized for use in controlling the active discharge. Preferably, discharge resistance 305 is sufficiently sized to discharge any remaining charge in a desired time while not inducing damage to the circuitry.
As shown, for example, in FIG. 4, each of the voltage supplies may be associated with an active discharge circuit, such as that shown in FIG. 7 or any other suitable discharge circuit. The detection of a system malfunction may initiate automatic power cycling, including actuation of system discharge of each supply voltage (VDD) (e.g., each supply voltage of the sets of supply voltages) through a discharge resistance to ground. With each of the supply voltages being connected separately through a discharge resistance (e.g., 305) to ground, the overall resistance for discharge due to the parallel connected discharge resistances (e.g., 304) is decreased (e.g., separate resistances connected in parallel result in a resistance less than each separate resistance). Such a parallel configuration provides for a very fast discharge.
The system architecture 200 shown in FIG. 4 provides a controllable switch 217 for use in connecting and disconnecting the second voltage domain 220 to power source 215 (e.g., DC 24V power source). For example, the controllable switch 217 may be controllable by power system controller 250 (e.g., using power connect and active discharge logic 256). For example, upon detection of a system malfunction, power system controller 250 may initiate a disconnection of power via controllable switch 217 from the second voltage domain 220. Further, at least in one embodiment, for example, the controllable discharge switches (e.g., a controllable switch 306 for each supply voltage in the second voltage domain 220) may be controllable by power system controller 250 (e.g., using power connect and active discharge logic 256). For example, upon detection of a system malfunction, and after power system controller 250 controls
disconnection of power via controllable switch 217 from the second voltage domain 220, power system controller 250 (e.g., using power connect and active discharge logic 256) may initiate an active discharge process by controlling the active discharge circuits (e.g., providing a control signal to each controllable switch 306 of each supply voltage in the second voltage domain 220 such that each of the supply voltages is connected separately through a resistance to ground).
Still further, after an active discharge is performed, the power system controller 250 may initiate a reconnection of power via controllable switch 217 to the second voltage domain 220. It is noted that power to the first voltage domain 230 is not disconnected from power during an automatic power cycling process and the plurality of supply voltages 295, 296 providing power to the power system controller 250 are not actively discharged (e.g., active discharge circuits are not provided for such supply voltages). In other words, the first and second voltage domains 230 and 220 are separated from one another with respect to providing one or more supply lines (e.g., supply voltages provided thereby) to the separated voltage domains. In view of such voltage domain separation, sneak paths may be prevented between the first voltage domain 230 (i.e., the power system control domain) and the second voltage domain 220 (i.e., the treatment system domain) when the one or more supply lines to the second voltage domain 220 are actively discharged.
For example, sneak paths may be defined as unintended electrical (e.g., current) paths within a circuit and its external interfaces. Further, such sneak paths and techniques for preventing such paths from occurring are described in the Interim Report by Jeff Miller, RADC-TR-89-223 (October 1989) entitled "Sneak Circuit Analysis For The Common Man" (SoHaR Incorporated), which is incorporated herein by reference. In the system architecture 200, this may be implemented during circuit design by making sure, for example, that no signal driven in the power system controller's power domain drives a logic circuit in the control processor's power domain (i.e., treatment system power domain) for which there is a resistive or diode bridge to a power supply in the control processor's power domain. This may ensure that, while the power system controller's power domain is energized while the control processor's power domain is intended to be
unenergized, there is no sneak path through which the control processor's power domain is unintentionally energized resulting in potentially sustaining an SCR latchup condition.
A method 400 for a medical treatment device that includes power cycling as shown in FIG. 5 shall be described with reference to one or more of the system configuration figures (e.g., FIGS. 1-4). For example, the method 400 may include initiation of a patient treatment (block 402) provided by the medical treatment device such as described with reference to FIGS. 1-4 (e.g., an extracorporeal blood treatment, such as dialysis). During treatment, such as under control of treatment control circuitry 262, operation parameters are stored on an ongoing basis to non- volatile memory (block 406). Such operation parameters are representative of the operational state of the medical treatment device. For example, such operational parameters may be stored periodically, constantly, or at least whenever a critical parameter of the operational state changes. For example, such operational parameters for an ongoing extracorporeal blood treatment may include parameters such as therapy in operation, set attached, treatment prescription parameters, flow rates, times, therapy duration, volumes delivered and extracted, syringe pump position, pressure operating points, next interval to run periodic self-testing, valve positions, date and time system error detection, currently active patient alarms , etc.
Further, for example, such operation parameters may include current alarm parameters representative of an alarm state of the medical treatment device (e.g., disconnect alarm, an air detection alarm causing a venous clamp to close, etc.) stored to non-volatile memory at least whenever a critical parameter of the alarm state changes. For example, further, the current alarm parameters may include current machine focused alarm parameters representative of a current machine focused alarm state caused by one or more system malfunctions (e.g., caused by latchup, etc.) correctable by power cycling the medical treatment device as described herein. For example, such current machine focused alarm parameters may be system related (e.g., alarms issued in view of latchup, etc.). Further, for example, such current machine focused alarm parameters may be machine resettable alarms (e.g., power cycling device may cure alarm).
Still further, the current alarm parameters may include current patient focused alarm parameters representative of a current patient focused alarm state (e.g., return disconnect alarm, an air detection alarm causing a venous clamp to close, a flow clipping alarm, an access alarm, a return clamp fails to close alarm, a flow rate alarm, a predicted weight error alarm, a calcium fusion stopped alarm, a check infusion line alarm, a system component not connected alarm, a battery depleted alarm, a syringe pump malfunction alarm, a pressure pod alarm, an incorrect pump command alarm, etc.) non-correctable by power cycling the medical treatment device. For example, such current patient focused alarm parameters may be therapy related, may be latchable alarms, and/or may require the venous clamp to close (e.g., alarms issued in view of a therapy problem, etc.). Further, for example, such current patient focused alarm parameters may be user resettable alarms (e.g., requiring user interaction to cure the alarm).
For example, a patient focused alarm state may include air being detect or a catheter disconnect detection. In the case of such alarm conditions, the patient focused alarm state is remembered and the medical treatment device enters this same safe state after exiting power on self-test of a power cycling process described herein (e.g., the same alarm state is reestablished in the device). Further, for example, activities during the power cycling process (e.g., such as opening a clamp that may have been closed due to air detection) may be prevented from occurring during power on in the case where certain events have caused a patient focused alarm state. Thus, for example, activities such as opening and closing devices (e.g., safety devices) may only occur if it has been determined that it is safe to do so and if the active patient alarm state does not mandate that such a safety device (e.g., valve etc.) remain closed.
As treatment progresses, the medical treatment device continuously examines how a device is performing using, for example, various tests as described herein. In one or more circumstances, a system malfunction in operation of an agent during the treatment may be detected (block 404) (e.g., system malfunctions in operation of an agent may be detected by performing one or more various tests, such as communication tests between agents, communication tests between a processor agent and one or more subsystem agents, hardware agent tests, etc.). Upon detection of a system malfunction (e.g., such as due to latchup) during performance of the treatment, an automatic power cycling process is performed (block 408). For example, and as described herein, the power cycling of the medical treatment device may include automatically disconnecting power from the plurality of agents (e.g., agents being powered in the treatment system voltage domain, such as second voltage domain 220 as shown in FIG. 4); actively discharging the one or more supply lines to the plurality of agents such that supply voltage provided thereto is discharged below a predetermined voltage (e.g., sets of supply voltages 220, 222, 224, 226 are actively discharged to a voltage less than 0.7 such as described with reference to FIG. 7), and, after actively discharging the one or more supply lines to below the predetermined voltage, power is automatically
reconnected to the plurality of agents (e.g., agents being powered in the treatment system voltage domain, such as second voltage domain 220 as shown in FIG. 4). Thereafter, treatment is resumed to the operational state existing at the time of detecting the system malfunction using the stored operation parameters (block 410). For example, a reboot of the medical device providing the treatment is performed. At least in one embodiment, the time to power cycle the medical treatment device upon detection of the system malfunction from disconnect of the power to resuming treatment at the operational state existing at the time of the system malfunction may be less than 60 seconds (e.g., such a time period may be related to the time needed to prevent clotting of blood and/or some other treatment requirement). At least in another exemplary embodiment, such a time period from disconnect to resuming treatment at the operational state is less than 30 seconds.
Further, for example, at least in one embodiment, the time from reconnecting power to the plurality of agents after actively discharging supply lines to resuming treatment at the operational state existing at the time of detecting the system malfunction may be less than 15 seconds (e.g., such a time period corresponds to a reboot process for bringing the medical treatment device into an operational state for continued treatment of the patient after power has been reconnected). Further, for example, the power cycling process, as well as the process of resuming treatment, may be monitored and an alarm may be indicated if resumption of treatment to the operational state existing at the time of detecting the system malfunction fails to complete within a predetermined period of time.
FIG. 6 is a block diagram showing another exemplary embodiment of a method including power cycling of a medical treatment device, for example, such as shown in FIGS. 1-4. FIG. 6 shows a more detailed power cycling process than in FIG. 5. For example, like FIG. 5, the method 500 may include initiation of a patient treatment (block 502) provided by the medical treatment device such as described with reference to FIGS. 1-4 (e.g., an extracorporeal blood treatment, such as dialysis). Further, for example, like FIG. 5, during treatment, such as under control of treatment control circuitry 262, operation parameters are stored on an ongoing basis to non-volatile memory (block 510).
Still further, such as described with reference to FIG. 5, treatment progresses and the medical treatment device continuously examines how a device is performing. A system malfunction in operation of an agent during the treatment may be detected (block 504) (e.g., system malfunctions in operation of an agent may be detected by performing one or more various tests, such as communication tests between agents, communication tests between a processor agent and one or more subsystem agents, hardware agent tests, etc.). Upon detection of a system malfunction during performance of the treatment, an automatic power cycling process is performed; the initial action being a disconnect of power (e.g., as shown in FIG. 4, a controllable switch 217 may be used to disconnect the second voltage domain 220 from power source 215; for example, power system controller 250 may initiate a disconnection of power from the second voltage domain 220 using controllable switch 217). However, power to the first voltage domain 230 is not disconnected during the automatic power cycling process (e.g., the power system control domain remaining powered and operative to control the automatic power cycling).
After power has been disconnected, an active discharge process is performed (e.g., the controllable discharge switches for each supply voltage in the second voltage domain 220 may be controlled by the power system controller 250 to begin discharge). The supply lines may be monitored (e.g., using a comparator, sampled using an analog to digital converter and analyzed, etc.) and continue to be discharged until a predetermined voltage has been reached (block 520) (e.g., sets of supply voltages 220, 222, 224, 226 are actively discharged to a voltage less than 0.7 or are discharged for a time period that takes the voltage below a predetermined voltage based upon calculated or empirical knowledge). After the actively discharged supply voltages have reached the predetermined voltage, the power system controller 250 may be used to issue a command stopping the active discharge (e.g., using power connect and active discharge logic 256, a control signal may be provided to each controllable switch 306 of each supply voltage in the second voltage domain 220 such that active discharge of the supply voltages is halted).
Once the active discharge is no longer occurring and supply voltages have reached the predetermined voltage such that latchup can no longer persist, then power may be reconnected (block 522). For example, the controllable switch 217 may be controlled by power system controller 250 (e.g., using power connect and active discharge logic 256) to reconnect power source 215 to the second voltage domain 220 (i.e., the treatment system domain).
After power has been reconnected to the treatment system domain, a process of reestablishing the medical treatment device to its operational state existing at the time of the detected system malfunction is performed (block 524). For example, such a process may involve rebooting the medical treatment device to a state of operation and then using the stored operational parameters to resume treatment of the patient at the operational state existing at the time of the system malfunction (e.g., avoiding a user becoming involved in solving the system malfunction and reducing the perceived failure rate for the medical treatment device). For example, operation parameters such as specific states for a syringe pump (e.g., position or a surrogate of position) may be used in resuming treatment.
At least in one or more embodiments, the stored operation parameters may include stored current alarm parameters and resuming treatment at the operational state existing at the time of detecting the system malfunction may include taking action to resume treatment based on the stored current alarm parameters. For example, the stored current alarm parameters may include stored current machine focused alarm parameters representative of a current machine focused alarm state caused by one or more system malfunctions (e.g., caused by latchup, etc.) existing at the time of the system malfunction. Further, for example, the stored current alarm parameters may include current patient focused alarm parameters representative of a current patient focused alarm state existing at the time of system malfunction detection (e.g., a disconnect alarm, an air detection alarm state causing a venous clamp to close, etc.).
Depending on the type of alarm state existing at the time of system malfunction, the resumption of treatment may vary. For example, if no patient focused alarm state existed at the time of system malfunction detection, then a normal reboot process may be used and treatment may continue to be provided to the patient. However, if a current patient focused alarm state exists at the time of system malfunction, then the reboot may be modified to include any number of different process features. For example, in such cases where a current patient focused alarm state exists at the time of system malfunction, taking action to resume treatment may include recommunicating the current patient focused alarm state to a user.
Recommunication of the current patient focused alarm state to a user may include any number of different features. For example, such recommunication may be in the form of reestablishing the current patient focused alarm state in the medical treatment device (e.g., reestablish a current disconnect alarm in the machine, etc.). Further, for example, such recommunication may be in the form of providing a visual or audible alarm to the user.
Still further, for example, in such cases where a current patient focused alarm state exists at the time of system malfunction, taking action to resume treatment may include preventing occurrence of one or more tests related to the current patient focused alarm state that are normally performed by the medical treatment device (e.g., during a reboot of the medical treatment device) (e.g., prevent occurrence of a test to detect disconnect, etc.). For example, the medical treatment device may be prevented from performing actions to detect a condition which caused the current patient focused alarm state. For example, if a patient focused alarm state, like a disconnect alarm, is present, then it is annunciated again after reboot and before resuming treatment (e.g., after power cycling). The medical device during reboot is prevented from attempting to redetect this alarm state (e.g., such attempt to redetect would have no benefit). These types of alarms rely on the user to fix them and therefore, upon reboot, such alarms are reestablished in the medical treatment device (e.g., they are active alarms being presented to the user for action thereby). At least in one embodiment, if multiple alarm states are present, triaging (e.g., manipulating, selecting, etc.) which ones to reestablish may be performed (e.g., prioritizing such alarms to be presented, reducing the number to be presented, etc.).
Still further, for example, in such cases where a current patient focused alarm state exists at the time of system malfunction, taking action to resume treatment may include preventing occurrence of one or more actions related to the current patient focused alarm state that are normally performed by the medical treatment device (e.g., during a reboot of the medical treatment device) (e.g., preventing opening of a clamp closed upon air detection alarm, etc.).
For example, in the event of air detection by the medical device, an air detection alarm (e.g., a patient focused alarm state) is present. For example, in such a case, a venous clamp may be closed. Therefore, when resuming treatment, the venous clamp is prevented from being opened (e.g., opening of the clamp may not be desired for various reasons). Reestablishing the safe state for this patient focused alarm state may include not power cycling the venous clamp during the reboot if the air detection alarm state is present. In at least one embodiment, one may never cycle the venous clamp during the power on self-test, but, rather, cycling venous clamp may be made contingent upon determining if the power on sequence was initiated by the user (e.g., may cycle the venous clamp if the user initiates power cycling by actuating the reset device) or by detection of a system malfunction and automatically initiated (e.g., venous clamp is not opened). One exemplary embodiment of a method 550 for reestablishing or rebooting the medical treatment device and resuming treatment for the patient at the operational state existing at the time of the system malfunction is shown in FIG. 8. An aligned treatment operation code file is generally stored in non-volatile memory for use in booting a medical treatment device (block 552). Upon reconnection of power to the treatment system domain (e.g., block 522 in FIG. 6), the aligned file from non-volatile memory is transferred to volatile memory (block 554). At least in one embodiment, a hardware based error correction is applied to correct for possible bit errors in the code (block 556). Once transferred to volatile memory, components of the aligned file are relocated to various operation locations (block 558) for use in accordance with the treatment to be performed by the medical treatment device.
The code may then be executed by the medical treatment device and, after one or more conditions are satisfied, the stored operational parameters existing at the time of system malfunction (block 562) may be used to resume treatment of the patient at the operational state existing at the time of system malfunction. For example, before resuming treatment, one or more operational tests may be performed. For example, a power-on self-test may be performed to test the functionality of hardware components of the medical treatment device before allowing patient treatment to resume. An alarm may be provided upon detection by the power-on self-test of a failed hardware component. Further, any one or more other operation tests may be performed as a condition to resuming treatment (e.g., such as, random access memory (RAM) tests; bus line tests; code cyclic redundancy checks (CRCs); buffer overrun tests; supply voltage tests; communication tests between processors; communication tests between processors and subsystems; clock accuracy tests, battery health checks; system safety tests such as, for example, air detector functionality tests, blood leak detector tests, venous functionality tests, etc.; voltage and current limit tests; position/velocity tests on motors; system power consumption tests; temperature tests of various components; clamp functionality tests; watchdog tests; etc.).
One exemplary process of performing the reboot may include one or more of the following processes. For example, the booting process may include providing an ELF (Executable and Linkable Format) binary file (e.g., code for providing treatment) in non-volatile memory. The ELF file may be transferred from the nonvolatile store with a faster interface, which is raw NA D Flash (e.g., 266 in FIG. 4) in many modern embedded systems, to volatile memory (SDRAM) (e.g., 265 in FIG. 4) from which the processor can execute. Direct memory access (DMA) is utilized to make the transfer from raw NAND Flash to SDRAM.
Error correcting code (ECC)) is used to correct for possible bit errors in the raw NAND Flash. Although software based error correction is available for use, most microprocessors are designed with hardware-based ECC calculation engines to also facilitate this correction process. Utilizing the hardware-based ECC calculation engine provides a much faster boot time than using software based error correction.
With the above steps complete, another step is relocation of components of the ELF File (which are now in SDRAM), to their requisite locations before execution of code can begin. For example, the ELF file may be considered a suitcase of instructions stating how the components need to be arranged, in a kind of unpacking process as would be known to one skilled in the art. There are also directives encoded in the ELF file to clear portions of SDRAM memory, typically initializing them with zeros. As such, this process involves SDRAM to SDRAM memory transfers and also SDRAM memory clears. This process can be performed quickly with use of DMA. However, utilization of DMA for the SDRAM to SDRAM memory transfers is only possible and fast if the ELF file is properly aligned.
Prior to continuing treatment of the patient at the operational state existing at the time of system malfunction (block 526) one or more further conditions may need to be satisfied. For example, the medical treatment system (e.g., the treatment control circuitry 262, the safety system processor, etc.) may monitor the number of times power cycling occurs as a result of detected system malfunctions (e.g., a count may be provided for a certain period of time). If the number of times power cycling occurs exceeds a set limit over a predetermined period of time, a user may be alerted and/or treatment may be prevented from resuming. For example, if power cycling occurs twice in any particular hour, an alert may be issued. Further, for example, if power cycling occurs three times or more in any 24 hour period, an alert may be issued. Further, for example, the medical treatment system (e.g., the treatment control circuitry 262, the safety system processor, etc.) may log any information associated with the power cycling of the medical treatment device as a result of a detected system malfunction. Such log information may be associated with the detected system malfunction (e.g., the reason for the system malfunction) and accessed and used at a later time.
All patents, patent documents, and references cited herein are incorporated in their entirety as if each were incorporated separately. This disclosure has been provided with reference to illustrative embodiments and is not meant to be construed in a limiting sense. As described previously, one skilled in the art will recognize that other various illustrative applications may use the techniques as described herein to take advantage of the beneficial characteristics of the systems and methods described herein. Various modifications of the illustrative
embodiments, as well as additional embodiments of the disclosure, will be apparent upon reference to this description.

Claims

CLAIMS What is claimed is:
1. A medical treatment device compri a power supply; a plurality of agents operable using power supplied by one or more supply lines coupled to the power supply, wherein at least one agent of the plurality of agents comprises a treatment control processor, wherein one or more of the plurality of agents communicate with at least one or more other agents, wherein each of one or more agents of the plurality of agents are configured to detect a system malfunction in operation of another agent of the plurality of agents during operation of the medical treatment device; a non-volatile memory to store operation parameters on an ongoing basis representative of the operational state of the medical treatment device during treatment; and a power system controller configured to power cycle the medical treatment device upon detection of a system malfunction during treatment, wherein power cycling the medical treatment device comprises: automatically disconnecting power from the plurality of agents comprising the treatment control processor upon detection of the system
malfunction, actively discharging the one or more supply lines to the plurality of agents comprising the treatment control processor such that supply voltage provided thereto is discharged below a predetermined voltage, and automatically reconnecting power to the plurality of agents after actively discharging the one or more supply lines to below the predetermined voltage, wherein the medical treatment device is configured to resume treatment at the operational state existing at the time of detecting the system malfunction using the stored operation parameters after automatically reconnecting power.
2. A method for a medical treatment device, wherein the medical treatment device comprises a power supply and a plurality of agents operable using power supplied by one or more supply lines coupled to the power supply, wherein at least one agent of the plurality of agents comprises a treatment control processor, wherein one or more of the plurality of agents communicate with at least one or more other agents, wherein each of one or more agents of the plurality of agents are configured to detect a system malfunction in operation of another agent of the plurality of agents during operation of the medical treatment device, wherein the method comprises: storing operation parameters on an ongoing basis to non-volatile memory representative of the operational state of the medical treatment device during treatment; detecting a system malfunction in operation of an agent during treatment; power cycling the medical treatment device upon detection of the system malfunction during treatment, wherein power cycling the medical treatment device comprises: automatically disconnecting power from the plurality of agents comprising the treatment control processor upon detection of the system
malfunction, actively discharging the one or more supply lines to the plurality of agents comprising the treatment control processor such that supply voltage provided thereto is discharged below a predetermined voltage, and automatically reconnecting power to the plurality of agents after actively discharging the one or more supply lines to below the predetermined voltage; and resuming treatment to the operational state existing at the time of detecting the system malfunction using the stored operation parameters after automatically reconnecting power.
3. The device or method of any one of claims 1 and 2, wherein resuming treatment to the operational state existing at the time of detecting the system malfunction comprises performing a power-on self-test to test the functionality of a plurality of hardware components of the medical treatment device before allowing the medical treatment device to resume treatment, wherein an alarm is provided upon detection by the power-on self-test of a failed hardware component.
4. The device or method of any of claims 1 to 3, wherein the treatment control processor is provided as part of a treatment system domain on one or more boards of the medical treatment device, wherein the one or more supply lines are used to provide a plurality of supply voltages to the treatment system domain, and further wherein actively discharging the one or more supply lines comprises actively discharging the one or more supply lines providing the plurality of supply voltages to the treatment system domain by connecting each of the plurality of supply voltages separately through a resistance to ground.
5. The device or method of any of claims 1 to 4, wherein the treatment control processor is provided as part of a treatment system domain on one or more boards of the medical treatment device, wherein the one or more supply lines are used to provide a plurality of supply voltages to the treatment system domain, wherein the power system controller is provided as part of a power system control domain, wherein a plurality of supply voltages separate from those providing power to the treatment system domain are used to supply power to the power system control domain, wherein actively discharging the one or more supply lines comprises preventing sneak paths between the treatment system domain and the power system control domain when the one or more supply lines to the treatment system domain are being actively discharged.
6. The device or method of any of claims 1 to 5, wherein the treatment control processor is provided as part of a treatment system domain on one or more boards of the medical treatment device, wherein the one or more supply lines are used to provide a plurality of supply voltages to the treatment system domain, wherein the power system controller is provided as part of a power system control domain, wherein a plurality of supply voltages separate from those providing power to the treatment system domain are used to supply power to the power system control domain, wherein the power system control domain is not disconnected from power during the power cycle and the plurality of supply voltages providing power to the power system control domain are not actively discharged.
7. The device or method of any one of claims 4 to 6, wherein a treatment system domain further comprises a safety processor.
8. The device or method of any one of claims 1 to 7, wherein detecting a system malfunction in operation of an agent comprises performing at least one test selected from a group of tests comprising: a communication test between processors, a communication test between a processor and one or more subsystems, a hardware functionality test, and a system safety test.
9. The device or method of any one of claims 1 to 8, wherein detecting a system malfunction comprises: providing a watchdog circuit as one of the plurality of agents in communication with the treatment control processor; detecting a system malfunction in communication between the watchdog circuit and the treatment control processor, wherein the medical treatment device is power cycled as a result of the detected system malfunction.
10. The system or method of any one of claims 1 to 9, wherein actively discharging the one or more supply lines comprises actively discharging the one or more supply lines to the plurality of agents comprising the treatment control processor such that the supply voltage thereto is discharged below at least 0.7 volts.
11. The device or method of any of claims 1 to 10, wherein the time to power cycle the medical treatment device upon detection of the system malfunction from disconnect of the power to resuming treatment at the operational state existing at the time of the system malfunction is less than 60 seconds.
12. The device or method of any one of claims 1 to 11, wherein the time from reconnecting power to the plurality of agents after actively discharging supply lines to resuming treatment at the operational state existing at the time of detecting the system malfunction is less than 60 seconds.
13. The device or method of any one of claims 1 to 12, wherein the medical treatment system is further configured to or the method further comprises: monitoring the number of times power cycling occurs as a result of detected system malfunctions; and alerting a user if the number of times power cycling occurs exceeds a set limit over a predetermined period of time.
14. The device or method of any one of claims 1 to 13, wherein the medical treatment system is further configured to or the method further comprises logging information associated with the power cycling of the medical treatment device as a result of a detected system malfunction.
15. The device or method of any one of claims 1 to 14, wherein resuming treatment comprises: providing an aligned treatment operation code file in non-volatile member; transferring the aligned file from non-volatile memory to volatile memory, wherein hardware based error correction is used for correcting transfer errors; relocating components of the aligned treatment operation code file to operation locations; and executing the treatment operation code to resume treatment at the operational parameters existing at the time of detecting the system malfunction.
16. The device or method of any one of claims 1 to 15, wherein the device comprises an extracorporeal blood treatment apparatus.
17. The device or method of any one of claims 1 to 16, wherein storing operation parameters on an ongoing basis to non-volatile memory representative of the operational state of the medical treatment device during treatment comprises storing operation parameters representative of the operational state of the medical treatment device to non-volatile memory at least whenever a critical parameter of the operational state changes.
18. The device or method of claim 17, wherein storing operation parameters on an ongoing basis to non-volatile memory representative of the operational state of the medical treatment device during treatment comprises storing current alarm parameters on an ongoing basis to non-volatile memory representative of an alarm state of the medical treatment device to non-volatile memory at least whenever a critical parameter of the alarm state changes, wherein resuming treatment at the operational state existing at the time of detecting the system malfunction comprises taking action to resume treatment based on the stored current alarm parameters.
19. The device or method of claim 18, wherein storing current alarm parameters on an ongoing basis to non-volatile memory comprises: storing current machine focused alarm parameters on an ongoing basis to non-volatile memory representative of a current machine focused alarm state caused by one or more system malfunctions correctable by power cycling the medical treatment device; and storing current patient focused alarm parameters on an ongoing basis to non-volatile memory representative of a current patient focused alarm state non- correctable by power cycling the medical treatment device.
20. The device or method of claim 19, wherein taking action to resume treatment based on the stored current alarm parameters comprises recommunicating the current patient focused alarm state to a user, wherein recommunicating the current patient focused alarm state to a user comprises reestablishing the current patient focused alarm state in the medical treatment device.
21. The device or method of claim 19, wherein taking action to resume treatment based on the stored current alarm parameters comprises preventing occurrence of one or more tests or actions related to the current patient focused alarm state that are normally performed by the medical treatment device when power cycling the medical treatment device.
22. The device or method of claim 19, wherein taking action to resume treatment based on the stored current alarm parameters comprises preventing the medical treatment device from performing actions to detect a condition which caused the current patient focused alarm state.
23. The device or method of any one of claims 1 to 22, wherein the method comprises or the power system controller is configured to power cycle the medical treatment device upon actuation of a reset device by a user.
24. The device or method of any one of claims 1 to 23, wherein the method comprises monitoring or the medical treatment device is configured to monitor resuming treatment and provide an alarm indication if resumption of treatment to the operational state existing at the time of detecting the system malfunction fails to complete within a predetermined period of time.
25. A medical treatment device comprising: a power supply; a plurality of agents operable using power supplied by one or more supply lines coupled to the power supply, wherein at least one agent of the plurality of agents comprises a treatment control processor, wherein one or more of the plurality of agents communicate with at least one or more other agents, wherein each of one or more agents of the plurality of agents are configured to detect a system malfunction in operation of another agent of the plurality of agents during operation of the medical treatment device; a non-volatile memory to store operation parameters on an ongoing basis representative of the operational state of the medical treatment device during treatment, wherein the operation parameters comprise current machine focused alarm parameters representative of a current machine focused alarm state caused by one or more system malfunctions correctable by power cycling the medical treatment device and patient focused alarm parameters representative of a current patient focused alarm state non-correctable by power cycling the medical treatment device; and a power system controller configured to power cycle the medical treatment device upon detection of a system malfunction during treatment, wherein power cycling the medical treatment device comprises: automatically disconnecting power from the plurality of agents comprising the treatment control processor upon detection of the system
malfunction, automatically reconnecting power to the plurality of agents, wherein the medical treatment device is configured to resume treatment at the operational state existing at the time of detecting the system malfunction by using the stored operation parameters after automatically reconnecting power, wherein resuming treatment comprises reestablishing a current patient focused alarm state in the medical treatment device based on the patient focused alarm parameters if such a patient focused alarm state was existing at the time of detecting the system malfunction.
26. The device of claim 25, wherein the medical treatment device is configured to prevent occurrence of one or more tests or actions related to the current patient focused alarm state that are normally performed by the medical treatment device when power cycling the medical treatment device.
27. The device of any of claims 25 to 26, wherein the medical treatment device is configured to prevent the medical treatment device from performing actions to detect a condition which caused the current patient focused alarm state.
28. The device of claim 27, wherein the medical treatment device is configured to prevent the medical treatment device from opening a clamp which was closed as a result of detected air and which caused a patient focused alarm state.
29. The device of any of claims 25 to 27, wherein the medical treatment device is configured to monitor power cycling the medical treatment device and provide an alarm indication if resumption of treatment to the operational state existing at the time of detecting the system malfunction fails to complete within a predetermined period of time.
30. A medical treatment device comprising: a power supply; a plurality of agents operable using power supplied by one or more supply lines coupled to the power supply, wherein at least one agent of the plurality of agents comprises a treatment control processor, wherein one or more of the plurality of agents communicate with at least one or more other agents, wherein each of one or more agents of the plurality of agents are configured to detect a system malfunction in operation of another agent of the plurality of agents during operation of the medical treatment device; a non-volatile memory to store operation parameters on an ongoing basis representative of the operational state of the medical treatment device during treatment; a user interface comprising a reset device actuatable by a user to initiate a power cycling of the medical treatment device; and a power system controller configured to power cycle the medical treatment device upon actuation of the reset device by the user, wherein power cycling the medical treatment device comprises: disconnecting power from the plurality of agents comprising the treatment control processor, actively discharging the one or more supply lines to the plurality of agents comprising the treatment control processor such that supply voltage provided thereto is discharged below a predetermined voltage, and automatically reconnecting power to the plurality of agents after actively discharging the one or more supply lines to below the predetermined voltage, wherein the medical treatment device is configured to resume treatment at the operational state existing at the time the user actuates the reset device.
PCT/US2016/024650 2015-03-31 2016-03-29 Medical treatment devices and methods with power cycling WO2016160772A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201562140792P 2015-03-31 2015-03-31
US62/140,792 2015-03-31

Publications (1)

Publication Number Publication Date
WO2016160772A1 true WO2016160772A1 (en) 2016-10-06

Family

ID=55911039

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2016/024650 WO2016160772A1 (en) 2015-03-31 2016-03-29 Medical treatment devices and methods with power cycling

Country Status (1)

Country Link
WO (1) WO2016160772A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7389144B1 (en) * 2003-11-07 2008-06-17 Flint Hills Scientific Llc Medical device failure detection and warning system
JP2009296852A (en) * 2008-06-09 2009-12-17 Canon Inc Power supply unit
WO2014078838A2 (en) * 2012-11-19 2014-05-22 Heat Assured Systems, Llc System and methods for controlling a supply of electric energy

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7389144B1 (en) * 2003-11-07 2008-06-17 Flint Hills Scientific Llc Medical device failure detection and warning system
JP2009296852A (en) * 2008-06-09 2009-12-17 Canon Inc Power supply unit
WO2014078838A2 (en) * 2012-11-19 2014-05-22 Heat Assured Systems, Llc System and methods for controlling a supply of electric energy

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JEFF MILLER: "the Interim Report", RADC-TR-89-223, October 1989 (1989-10-01)

Similar Documents

Publication Publication Date Title
US20200197600A1 (en) Error handling in infusion devices with distributed motor control and related operating methods
US20210085855A1 (en) Fail-safe drug infusion therapy system
US11173243B2 (en) Multi-language/multi-processor infusion pump assembly
CA2268176C (en) Safety monitoring apparatus for a patient care system
JP6372014B2 (en) Management of intravenous drip care area transfer
JP2003150280A (en) Backup management system and method
JP6616289B2 (en) Medical device management using safety supervisor
WO2024022339A1 (en) Ventricular assist device control method, control apparatus, electronic device, and storage medium
US10824517B2 (en) Backup and recovery of configuration files in management device
WO2016160772A1 (en) Medical treatment devices and methods with power cycling
EP3378512A1 (en) Medical pump, method for controlling medical pump, and program for controlling medical pump
EP2860634A1 (en) Electronic device
US10921875B2 (en) Computer system, operational method for a microcontroller, and computer program product
US20220020485A1 (en) Medical device having failsafe state machine
US11493982B2 (en) Microcontroller and power management integrated circuit application clustering for safe state management
US20210391068A1 (en) Operating a medical device during startup and shutdown
CN109885450B (en) Active satellite-borne computer health state monitoring and optimizing method and system
WO2015124337A1 (en) Medical device
KR20190094886A (en) System and control method for sensing injection of infusion solution
JPH0277267A (en) Liquid transfusing pump
CN117826685A (en) System start detection device and method of embedded equipment and embedded equipment
JPS63231555A (en) I/o interface resetting system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16720590

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16720590

Country of ref document: EP

Kind code of ref document: A1