1

Disclaimer

This might be a very broad question. I ask it out of curiosity, because the topic came up in a discussion lately. Hence, I do not have any specific applications or even data that I could show.

Question

In many technical applications, emergency shutdown procedures are essential for safety, e.g. in medical devices. Consider for example a Computed Tomography (CT) scanner, or radiotherapy devices, where the amount of ionizing radiation has to be kept at a save level. Or an magnetic resonance imaging (MRI) machine where the deposed radio-frequency energy and the switching speed of the imaging gradients must be monitored and kept below certain thresholds.

All these quantities can be measured redundantly and independently. In case of a technical failure, the measurement system will detect the fault and initiate an emergency shutdown, BUT at the time the measurement system detects the problem, the patient already was exposed to too high/risky amounts of energy/radiation/etc.

How is this situation handled in those systems? Is the reasoning as simple as

  1. Our system needs a time $\Delta t$ to detect the faulty state and to switch off
  2. If $\Delta t$ is short enough, no serious harm is to be expected to happen

or is there a threshold below the real threshold, i.e.

  1. The emergency shutdown has to be initiated when the intensity (i.e. radiation/energy/magnetic field change per time) $I_\textrm{max}$ is reached
  2. To fulfill the safety conditions, the device switches off slightly below, e.g. at $0.98 \times I_\textrm{max}$

In the first case, the patient may be shortly in danger, in the second case the system performance may be reduced.

Or does it work in a completely different way?

EDIT:

It is certainly also possible to simulate the system (e.g. applied RF fields, x-ray intensity, ...), measure the current state and predict the upcoming values. If the currently predicted value is in agreement with the actually measured one, it is a reasonable assumption to assume that the predicted value for the next time-step is also correct. Hence you could base the shutdown trigger on the predicted value: When it is too high, shutdown. Also stick to the rule to switch off the system if the currently simulated value and the measured value do not agree.

Glorfindel
  • 418
  • 1
  • 5
  • 10
M529
  • 1,736
  • 10
  • 15
  • I wouldn't be surprised if, depending upon the application, there are regulations that dictate the specific approach. However, from just a purely engineering standpoint, the "shutdown threshold below the threshold that actually causes harm" would seem to be a prudent approach. – Jason R Jun 08 '16 at 14:12
  • There are no known for sure thresholds - nobody conducts in vivo experiments of harmful dose of radiation (of any kind) on people. There are some safety regulations, for example MRI are up to 3T, but earlier some 4T or even 8T MRI were used in research, and honestly we do not know whether it was harmful. So norms are low, and yet we are not sure about them. For more risky kinds (based on evidence or just precaution) norms are even lower, so 0.98 or 1.2 of $I_m$ makes no difference – Evil Jun 08 '16 at 15:49
  • @EvilJS Well, there are certainly thresholds in norms and standard operating procedures. How they are determined is more or less irrelevant for the question, I would say - important is that the devices adhere to them. Certainly you never want to harm people - but you'd also certainly do not want a lawyer creeping up your back for a device being incompatible to a norm. BTW: 7 Tesla MRI is an ongoing research field and may even be close to becoming available for "routine" clinical applications. – M529 Jun 08 '16 at 16:07
  • 1
    Ok, yes you are right, and this was not intended as the answer, just a hint about the norms. Getting back to the question afaik there are all kinds of feedback loops, when it gets too high it is reduced, but this is not enough for "obeying the norm" so ahead safety check is also there - observe the growth, react before it happens. Locks are employed - there are cutoffs in place so it "should" be impossible to go beyond the given maximal value, but all kinds of checks are placed anyway. So I would say that both 1 and 2 are in place plus additional restrictions – Evil Jun 08 '16 at 16:20

0 Answers0