Software Requirements Specification
Purpose
This document describe what RespiraWorks Ventilator software must do.
This document is meant to be read and agreed-upon by the project owners and by software developers during design and construction.
Todo
Specify the functional requirements, performance requirements, interface requirements, safety requirements, hazard mitigations
Requirements
General
All software clocks must have high enough range to not overflow within 2 weeks
Numeric algorithms within the software must not lose stability over 2 weeks
Software algorithms must be runnable in faster than real time to allow stress testing of long-term continuous operation
Software (both controller and Pi) should be power-efficient enough to continuously work from battery for 1 hour
- Fulfills
Controller must be able to detect patient inspiration
Alarms
GUI must have an alarm that triggers when the input air line is blocked (leading to low pressure), with severity HIGH
GUI must have an alarm that triggers when the input O2 line is blocked (leading to low pressure), with severity HIGH
Device and GUI must have an alarm for inspiratory pressure dropping below -4cm H2O
GUI must have an alarm that triggers when the input O2 line pressure is too high, with severity HIGH
Controller shall trigger an alarm in case GUI is unresponsive for 1/2 of the apnea time
GUI displays an overpressure alarm
GUI shall trigger an alarm in case controller is unresponsive for 1/2 of the apnea time
Controller must implement an overpressure alarm firing above 60 cmH2O
- Fulfills
GUI can compute a “LOW VTI” alarm that becomes active if the VTI for the current breath is above threshold
The LOW VTI alarm is of medium priority
GUI has a control for setting the threshold for the LOW VTI alarm
The control for setting the threshold for LOW VTI alarm allows setting values between X and Y (TODO what values)
- Fulfills
GUI can compute a “HIGH VTI” alarm that becomes active if the VTI for the current breath is above threshold
The HIGH VTI alarm is of medium priority
- Fulfills
GUI can compute VTI for each breath
- Fulfills
GUI can compute a “LOW VTE” alarm that becomes active if the VTE for the current breath is above threshold
- Fulfills
GUI can compute a “HIGH VTE” alarm that becomes active if the VTE for the current breath is above threshold
- Fulfills
The LOW VTE alarm is of medium priority
- Fulfills
The HIGH VTE alarm is of medium priority
- Fulfills
GUI can compute VTE for each breath
- Fulfills
When cancelled, the “pressure high” alarm does not re-trigger for 2 minutes
- Fulfills
GUI shall be able to compute a high-priority alarm that triggers when the O2 input line is disconnected
GUI must be able to display all currently active alarms if there are several of them
The event log must include all confirmed alarm settings
The event log must include all alarm occurrences
The event log must include all alarm inhibitions, cancellations, resets, acknowledgements
GUI must allow inhibiting alarms
GUI must allow acknowledging alarms
- Fulfills
GUI must allow cancelling alarms
- Fulfills
RW-SYS-79 not defined, broken link
GUI must allow setting an alarm on inspiration tidal volume above threshold between the bounds of 80 to 3000 ml in increments of 10ml
- Fulfills
RW-SYS-80 not defined, broken link
GUI must have an alarm that fires if for 3 consecutive breaths PIP >user-specified threshold
- Fulfills
RW-SYS-81 not defined, broken link
GUI must have an alarm that fires if amount of leakage is >user-specified threshold between 5 to 150lpm
Controller must be able to detect and/or receive alarms from GUI
Controller must be able to command the hardware PCB buzzer.
GUI/Controller enumerates alarm codes and assigns them priorities
GUI displays highest priority alarm on main screen
GUI displays list of active alarms on button press
GUI displays alarm on main screen legible at distance of 1 meter.
- Fulfills
High severity alarms shall be indicated with a red color and a flashing frequency of 2Hz with a 50% duty cycle
- Fulfills
Low severity alarms shall be indicated with a yellow color which shall be constantly on.
- Fulfills
Medium severity alarms shall be indicated with a yellow color, and a flashing frequency of 0.5Hz with a 50% duty cycle
- Fulfills
RW-SYS-104 not defined, broken link
High severity alarms shall have an auditory signal consisting of 10 pulses with each pulse lasting 200ms with a pulse frequency of 500Hz (A4 note).
- Fulfills
RW-SYS-104 not defined, broken link
High severity alarms shall have an auditory signal consisting of 4 pulses with each pulse lasting 200ms with a pulse frequency of 500Hz. (how is this different from 77?)
- Fulfills
A press on the AUDIO PAUSE / ALARM PAUSE key shall initiate an auditory alarm signal pause of all active alarms during 60 seconds (Assuming that all the active alarms can be inhibited). The alarm activation symbol shall be displayed during the inactivation state with the symbol IEC 60417-5576
- Fulfills
RW-SYS-108 not defined, broken link
Alarm: apnea. If no breath is triggered within the specified apnea time interval, the ventilator shall respond with a medium priority alarm with the display text “APNEA ALARM”
- Fulfills
RW-SYS-109 not defined, broken link
Alarm: breath rate. When the breath rate has exceeded the breath rate setting, the device shall trigger a medium level alarm with the display text “HIGH BREATH RATE”
- Fulfills
RW-SYS-109 not defined, broken link
There must be a maximum breath rate setting which acts as alarm threshold.
- Fulfills
Alarm: pressure low. Upon a low pressure alarm, the gui will sound and display a high severity alarm and a text shall be displayed as “LOW INSP P”.
- Fulfills
GUI will log onset and reset of low pressure alarm.
- Fulfills
Alarm: pressure low. The system shall trigger a low pressure alarm with a high priority in the event of a low inspiratory pressure.This alarm shall be automatically reset upon the first breath with inspiration pressure above the threshold.
- Fulfills
GUI can compute a “pressure high” alarm that becomes active when pressure goes above a specified threshold for 3+ consecutive breaths AND becomes inactive on the first breath where it doesn’t go above the threshold
- Fulfills
While the “pressure high” alarm is active, GUI emits a sound
- Fulfills
The “pressure high” alarm is displayed until cancelled even if inactive
- Fulfills
Alarm management subsystem should support an alarm state where the alarm is visible but not audible
- Fulfills
RW-SYS-80 not defined, broken link
The PIP too high alarm shall have high priority
- Fulfills
RW-SYS-80 not defined, broken link
The default value for the “PIP too high” alarm shall be the commanded PIP value + 5cm H2O
- Fulfills
Controller should report whether the proximal tube is connected
- Fulfills
GUI should compute a “proximal tube disconnect” alarm that becomes active when the proximal tube is disconnected
- Fulfills
The “proximal tube disconnected” alarm is of medium priority
- Fulfills
GUI can detect obstruction, based on the condition that VTI < 100ml
- Fulfills
When obstruction is detected, GUI activates an “obstruction” alarm
- Fulfills
The obstruction alarm is inactivated when obstruction is not detected
- Fulfills
The obstruction alarm has high priority
- Fulfills
GUI can compute amount of leakage (L/min) based on sensor readings
- Fulfills
GUI can compute a “high leakage” alarm that becomes active when average leakage over X seconds is > 3 L/min
- Fulfills
The “high leakage” alarm is high priority
- Fulfills
The “involuntary shutdown” alarm is a continuous-tone alarm
- Fulfills
The “involuntary shutdown” alarm emits a sound tone for at least 2 min
- Fulfills
The alarm subsystem supports continuous-tone alarms
- Fulfills
GUI can detect loss of AC mains
- Fulfills
GUI is connected to the “AC mains power loss” sensor (and we have such a sensor)
- Fulfills
The AC mains power loss alarm is medium priority
- Fulfills
GUI can compute battery ETA from a history of remaining battery amounts
- Fulfills
GUI is connected to a battery amount sensor
- Fulfills
GUI can compute a “low battery” alarm when battery ETA is <30min
- Fulfills
The “low battery” alarm is low priority
- Fulfills
GUI can compute a “critically low battery” alarm when battery ETA is <10min
- Fulfills
The “critically low battery” alarm is high priority
- Fulfills
GUI needs to be able to read hardware battery presense and chargeability sensors
- Fulfills
GUI needs to have a “battery failure” alarm that is activated when the battery is absent, unavailable, or unchargeable
- Fulfills
The “battery failure” alarm has high priority
- Fulfills
RW-SYS-125 not defined, broken link
(System requirement 125) “System shall be capable of sensing the temperature of heating elements (blower motor, battery cell during operation)”
- Fulfills
GUI needs to be able to read temperature sensors for: blower motor, blower power mgmt system, battery cell
- Fulfills
GUI needs to have a “blower motor temperature too high” alarm triggered by a user-specified threshold
- Fulfills
GUI needs to have a “blower power system temperature too high” alarm triggered by a user-specified threshold
- Fulfills
GUI needs to have a “battery temperature too high” alarm triggered by a user-specified threshold
- Fulfills
GUI needs to automatically invoke a safety action when blower power system temperature is above threshold
- Fulfills
GUI needs to automatically invoke a safety action when battery temperature is above threshold
- Fulfills
GUI has a control for setting the threshold for HIGH RR alarm
- Fulfills
The control for setting the threshold for HIGH RR alarm allows setting values between 5-30 in increments of 1
- Fulfills
RW-SYS-129 not defined, broken link
GUI has a control for setting the threshold for LOW RR alarm
- Fulfills
RW-SYS-129 not defined, broken link
The control for setting the threshold for LOW RR alarm allows setting values between 5-30 in increments of 1
- Fulfills
RW-SYS-130 not defined, broken link
GUI has a control for setting the threshold for the apnea alarm
- Fulfills
RW-SYS-130 not defined, broken link
The control for setting the threshold for the apnea alarm allows setting values between 1-30 seconds in increments of 1s
Alarm when relief valve opens. Need to detect this based on an unexpected increase in flow (not pressure). Might be folded into a leak alarm - but need to ensure we account for this case and test it.
Self-Test
- Fulfills
Self-test shall include a test for accuracy of the O2 sensor
- Fulfills
Self-test shall include validation of blower response: commanded speed vs. pressure achieved at that speed
- Fulfills
Self-test shall include validation of the pinch valves pressure response at a fixed blower speed
- Fulfills
Self-test shall include validation that all the audible alarm devices work. Eg could test that, given voltage there’s current, or could ask the user to confirm that it’s audible
- Fulfills
Self-test shall include validation that all visual alarms work (asking user to confirm that the alarm works)
- Fulfills
Self-test shall include validation of flow sensor accuracy (set blower to certain speed, air lines open, nothing connected to the output etc. -> gives expected flow)
- Fulfills
Self-test shall include validation of pressure sensor accuracy
- Fulfills
Controller must support a pre-test mode
- Fulfills
GUI must support the controller’s pre-test mode
- Fulfills
Controller’s pre-test mode must include the following checks: …
GUI
GUI allows user to adjust PEEP from 0-20 cmH2O with increments of 1
GUI shall render parameters and alarms readable at a distance of 1m
GUI must allow adjusting RR from 5-30 bpm with increments of 1
GUI must allow adjusting IER from 1:1 to 1:4 (Inhale to exhale)
GUI must require all ventilation and alarm setting changes to be confirmed
GUI must allow adjusting O2 infusion (FiO2) in supplied air from 0.21 to as close to 1 as possible with a minimum of 0.96, adjustable in increments of 0.1.
GUI must allow adjusting HFNC flow rate from 0 to 60 L/min in increments of 5(TBD) L/min
- Fulfills
RW-SYS-81 not defined, broken link
GUI must be able to compute amount of leakage based on controller actuation and sensor readings
GUI must display patient pressure measured at the gas outlet port, based on data from controller
GUI graph refresh rate must be >= 20 Hz
GUI graph duration must be 30 seconds
GUI must display a reading of inspiratory tidal volume in the range 0..1000mL with resolution of 1mL
GUI must display the ratio of inspiration time to expiration time of the most recent breath in the range 10:1 to 1:200 with display resolution of 0.1 for values under 10 and 1 for values over 10. Transition from inspire to expire is defined as being after the plateau
GUI must display a reading of PEEP for the most recent breath in increments of 1 cmH2O
GUI must display a graph of volume provided to the patient
The GUI shall display the flow rate provided to the patient as a graph with duration of 30 seconds updated at a rate >=20Hz and units of liters / minute.
GUI shall display FiO2 as measured prior to the patient inhale limb
GUI shall allow the user to set PIP from 5-55 cmH2O with increments of 1 cm H2O.
- Fulfills
GUI can detect controller shutdown
In [what modes?] , GUI should have a “rise time” parameter controlling how long it takes from PEEP to PIP
In GUI should allow setting the “rise parameter” in the range of 0..20% of breath cycle time
- Fulfills
GUI must allow specifying the assist/control with pressure controlled ventilation mode
Embedded
Controller should respond fast enough to prevent pressure dropping below -4cm under ? (under what conditions)
Controller should never command pressure to go above 60
SW must measure PEEP over each breath (pressure at the end of the breath)
- Fulfills
RW-SYS-88 not defined, broken link
For parameters that do not have a different performance target specified, controller shall be able to hit commanded values within 10%
Controller should trigger an inspiration cycle when (NEED TO CLARIFY)
Controller should trigger an expiration cycle when
Controller should be able to meet PIP targets in the range 5-55cmH2O +/- 5cm
- Fulfills
RW-SYS-93 not defined, broken link
Controller should be able to meet commanded breath rate within +- 1 breath
Controller should be able to meet commanded pressure during the pressure fall phase within an overshoot of 0.8*PEEP-1 cmH2O
- Fulfills
Controller should be able to meet commanded PEEP within +-1 H2O + 10% (of what?)
Controller shall be able to achieve target FiO2 value within 0.05
Controller shall report FiO2 as measured prior to patient inhale limb
- Fulfills
Controller shall be able to achieve commanded values under different air conditions affecting air density, such as temperature, altitude and humidity
- Fulfills
Controller must implement assist/control with pressure controlled ventilation mode, where inspiration is triggered by detecting patient inspiration
Controller must have safety measures to avoid acting on absurd commands even in case of data corruption between GUI and controller communication
Logging
GUI must store an event log in non-volatile memory
The event log must include all confirmed ventilation settings
The event log must include a date and timestamp
The event log must include changes to the system’s real time clock by logging the Current Date/Time followed by the new Date/Time
Traceability Matrix
System Requirements to SRS
Software Requirements |
System Requirements |
|---|---|