This invention relates to a system and method for controlled failure in electronic devices and, in particular embodiments, to selective potting for controlling failures in defined operations such as controlled failure of a pump driver for delivery of medication or drugs to a patient.
There are many types of electronic devices (medical devices, sensing devices, and the like) that can fail due to moisture or other environmental contaminants coming into contact with the device electronics. A common mechanism is the addition of water to contaminants that combine to form ionic solutions that are conductive and may lead to failure of the electronic device. The failure of such devices may have, in some cases, serious consequences for users of systems which contain the devices. For example, if the device is used in a medical system such as an infusion pump for the delivery of medications/drugs, a failure of the device may lead to accidental over-delivery of the medications/drugs, possibly resulting in injury or death.
One common manner of protecting electrical and electronic components and circuits in such systems against contact with moisture or other environmental contaminants involves covering the electronics of such systems with potting materials that are resistant to contaminants such as moisture. One drawback of this method is that known potting materials can fail to protect the electrical system against long-term contaminant penetration. For example, over time, moisture may diffuse through the potting material, where the penetrated moisture will likely detrimentally affect the performance of the electrical system and may lead to unpredictable and possibly dangerous system failures. Also, the potting materials may degrade, separate or pull away from and expose the electrical and electronic components and circuits, which may reduce the effectiveness of the protection by exposing the various components and system to contaminants.
The contaminant may pass by or diffuse through the potting material that covers particular electrical or electronic components which may be xe2x80x9ccriticalxe2x80x9d because they affect a critical operation of a system (i.e., the failure of which may have serious consequences). Such critical operations may include, for example, electronics for controlling a motor that, for example drives an infusion pump for delivering a medication to a patient. A resulting failure of critical electrical or electronic components due to contact with a contaminant may have serious consequences such as those described above.
As discussed above, conventional drug delivery systems such as infusion pumps are examples of systems wherein a failure of the systems"" electronics may have serious consequences. An infusion pump system can include electronic control circuits and electronic power driver circuits, as well as other circuitry. The control electronics can control the power driver circuit to drive a motor which, in turn, drives the infusion pump. One such drug delivery system is used to deliver insulin over a period of time and utilizes a variety of motor technologies to drive an infusion pump. Typical motor technologies include direct current (DC) motors, stepper motors, or solenoid motors. Each motor type has various advantages and disadvantages related to cost, reliability, performance, weight, and safety.
In drug delivery using infusion pumps, the accuracy of medication delivery can be critical (such as for insulin, HIV drugs or the like), since minor differences in medication quantity can dramatically affect the health of the patient. Thus, safeguards must be designed into the delivery system to protect the patient from over or under delivery of medication. For example, in the case where insulin is administered via an infusion pump to a diabetic patient, excessive drug delivery could cause complications due to hypoglycemia, and could possibly even result in death. Therefore, controlled delivery with safeguards against over-delivery of medications is required for drug delivery systems when over-delivery could result in complications, permanent damage, or death of the patient.
In conventional systems, these safeguards against over-delivery have been incorporated into the drive systems of infusion pumps in varying ways. For example, the motor control electronics utilize cross checks, encoder counts, motor current consumption, occlusion detection, or the like, as a form of feedback to guard against over or under delivery of medication. However, one drawback to this approach can occur if the control electronics in a DC motor driven infusion pump were to fail, such that a direct short occurs from the power source to a DC motor in the infusion pump. For example, in one failure mode, it would be possible for the DC motor to drive continuously for an excessive period of time, for example, until the power source was depleted or removed, or until the short was removed. This condition is commonly referred to as motor xe2x80x9crun awayxe2x80x9d, and could result in all of the medication contained in the infusion pump being infused immediately over too short a period of time resulting in injury or death to the patient.
To avoid this drawback, some infusion pump manufactures have avoided the use of DC motors and have instead utilized solenoid or stepper motor technologies. With these motor types, any short in the control electronics, would only result in, at most, a single motor step. Therefore, motor xe2x80x9crun awayxe2x80x9d would not occur. Thus, this minimizes the risk of a xe2x80x9crun awayxe2x80x9d failure. However, a drawback to the use of solenoid or stepper motor technologies is they generally have a less efficient performance with regard to battery energy, tend to cost more as compared to the DC motors, and may only be capable of running in one direction (i.e. not reversible).
It is an object of embodiments of the present invention to provide a system and method of selectively protecting electrical and/or electronic components or circuits within a particular system to provide for controlling a system failure in a manner where the likelihood of a failure that causes damage or an undesired (or dangerous) condition is reduced.
Embodiments of the invention employ a selective potting system and method for this purpose. According to embodiments of the present invention, critical electrical and electronic components and/or circuits of a system are encapsulated in a potting material. Non-critical components of the system may remain un-encapsulated. The un-encapsulated non-critical components are selected to be components that are likely to contact a contaminant and fail in a predictable or desired manner. Thus, the failure of the non-critical components may disable the protected system in the event that the system becomes contaminated. Accordingly, the system may be disabled before the critical electrical and electronic components and/or circuits can be contacted by the contaminant, which could then fail in a manner that would be undesirable, dangerous, or damaging to the system. It is the purpose of the invention to control the failure of a system by deliberately exposing components of the system to contaminant failure while protecting other system components. Embodiments of the invention may be employed in various electrical and electronic systems, including control systems, guidance systems, navigation systems, fusing systems, acquisition and tracking systems, command systems, sensor systems, power systems, communication systems, computer systems, network systems, processors, or the like, and particularly, automotive and aircraft control systems, sensors and other monitoring devices, military systems for ordinance delivery, medical devices, computers, personal digital assistants (PDAs),and the like.
One embodiment of the present invention is employed in a fluid delivery system including an infusion device for delivering a medication/drug/fluid. An example infusion device is driven by a DC motor. The DC motor may also include safety enhancements such as safety circuits, which obviate, for practical purposes, the above mentioned limitations.
According to an embodiment of the invention, a selectively protected electrical system includes or operates with a power source, a load, a power driver circuit for controllably transferring power from the power source to the load, the power driver circuit being encapsulated in a potting material, and a controller for enabling and disabling the power driver circuit, the controller being un-encapsulated by the potting material. If a contaminant induced electrical fault occurs in the selectively protected electrical system, the electrical fault is more likely to occur in the un-encapsulated controller, such that the selectively protected electrical system is disabled. The contaminant is thus inhibited from inducing an electrical fault in the power driver circuit. Other embodiments may employ other types of drive motor circuits having critical and non-critical components. Selective protection in accordance with embodiments of the invention may be used in combination with embodiments of the safety circuit system or in the alternative.
According to other embodiments of the invention, a safety circuit system for a DC driven device for use with a fluid delivery system includes a first voltage potential DC power line, a second voltage potential DC power line, a controller and a safety circuit. The first voltage potential DC power line is coupled to provide a first voltage potential to the DC driven device, and the second voltage potential DC power line is coupled to provide a second voltage potential to the DC driven device such that the second voltage potential is different relative to the first potential. The controller controls at least the first voltage potential on the first voltage potential DC power line. The safety circuit has an enable state and a disable state, in which the default state is the disable state. The safety circuit is coupled to the controller, and the controller controls the safety circuit to place the safety circuit in the enable state independently of controlling the first voltage potential on the first voltage potential DC power line. The safety circuit is operatively coupled to at least one of the first and second voltage potential DC power lines to inhibit DC flow and operation of the DC driven device when the safety circuit is in the disable state and to permit DC flow and operation of the DC driven device when the safety circuit is in the enable state such that the operation of the DC driven device will occur when the safety circuit is in the enable state. In preferred embodiments, the DC driven device is a DC motor in an infusion pump. Alternatively, the DC driven device is a gas generator in an infusion pump. In preferred embodiments, the safety circuit is controlled by an AC signal from the controller such that the safety circuit is enabled by the AC signal to permit DC flow and enable the forward motion of the DC motor while the AC signal is provided by the controller.
In embodiments that utilize a DC motor with a safety circuit, the safety circuit being in the disable state operates to inhibit the forward motion of the DC motor when the difference of the first voltage potential relative to second voltage potential is positive. In addition, the safety circuit being in the disable state is inoperative to inhibit a reverse motion of the DC motor when the difference of the first voltage potential relative to second voltage potential is negative. Alternatively, or in addition to, the safety circuit being in the disable state operates to inhibit a reverse motion of the DC motor when the difference of the first voltage potential relative to second voltage potential is negative. In addition, the safety circuit being in the disable state operates to inhibit the forward motion of the DC motor when the difference of the first voltage potential relative to second voltage potential is negative. Further, the safety circuit being in the disable state is inoperative to inhibit a reverse motion of the DC motor when the difference of the first voltage potential relative to second voltage potential is positive. Alternatively, the safety circuit being in the disable state operates to inhibit a reverse motion of the DC motor when the difference of the first voltage potential relative to second voltage potential is positive.
Preferred embodiments are directed to an infusion pump, in which the safety circuit is used to prevent operation of the DC motor during a controller failure to prevent accidental delivery of excess fluid. In particular embodiments, the safety circuit is integral with the DC motor. In other embodiments, the safety circuit is co-located with the controller.
Other features and advantages of the invention will become apparent from the following detailed description, taken in conjunction with the accompanying drawings which illustrate, by way of example, various features of embodiments of the invention.