The present invention relates to a method for operating application software in a safety critical environment.
Computing systems, in particular microprocessor controlled systems including as those described in copending application Ser. No. 08/354,971, filed Dec. 13, 1994, are prevalent in medical devices, such as MRI imaging systems, x-ray systems, blood testing equipment, ventilators, etc. These systems now require a safety critical environment for the protection of patients.
Typically, a computing system has application software loaded therein which runs in conjunction with an operating system and a central processor to carry out application specific operations. In an MRI system, the application software will prompt the user for inputs relating to patient data, tests to be performed, etc., control the magnet to apply the magnetic field to the patient for a specific time period with a particular pulse sequence and thereafter interpret the data and display images for the physician.
It should be clear that the safety criticality of various application specific functions will differ. In an MRI system, for example, if a safety critical error is detected in the computing system during the entry of data or during the interpretation of data after the scan has been performed, the system can react according to safety critical rules by halting the program in the background to do further testing, temporarily halt the program and prompt the user that an error has been detected and give the user the opportunity to continue, or permanently stop the program. None of these measures would directly affect the health or safety of the patient. However, if an error was detected during the application of the magnetic field, the aforementioned measures could result in prolonging field exposure which could have a disastrous effect on the patient's health and safety.
Another example is the use of a ventilator. When the machine is on standby, the detection of a safety critical error can result in a halting of the system as long as the user is notified of this fact. However, when the machine is in continuous use, even temporarily halting its operation could result in the death of a patient.
While the system described in the aforementioned copending application establishes a safety critical environment by having the application software provide a set of safety critical rules for the computing system, those rules do not differentiate between different application specific functions being carried out by the application software.