Sage Journals: Discover world-class research

Abstract

Automated Insulin Delivery (AID) are systems developed for daily use by people with type 1 diabetes (T1D). To ensure the safety of users, it is essential to consider how the human factor affects the performance and safety of these devices. While there are numerous publications on hardware-related failures of AID systems, there are few studies on the human component of the system. From a control point of view, people with T1D using AID systems are at the same time the plant to be controlled and the plant operator. Therefore, users may induce faults in the controller, sensors, actuators, and the plant itself. Strategies to cope with the human interaction in AID systems are needed for further development of the technology. In this paper, we present an analysis of potential faults introduced by AID users when the system is under normal operation. This is followed by a review of current fault tolerant control (FTC) approaches to identify missing areas of research. The paper concludes with a discussion on future directions for the new generation of FTC AID systems.

Keywords

artificial pancreas continuous glucose monitoring fault tolerant control human-in-the-loop insulin pump type 1 diabetes

Background and Motivation

A closed-loop (CL) automated insulin delivery (AID) system, or artificial pancreas (AP), is composed of a minimum of 3 elements¹: a continuous glucose sensor and signal transmitter commonly referred to as continuous glucose monitor (CGM), a continuous insulin infusion device, and an algorithm to make changes in the insulin delivery rate in response to sensor measurements. The algorithm does not necessarily reside on a separate device, such as a mobile phone or pump receiver/transmitter, but can also be on the pump body itself.

The fourth component is the patient. In terms of process control, the patient is both the plant to be controlled and the plant operator. Many failures can come from the plant itself and the way the plant is operated. The impact of having the human-in-the-loop (HitL) must be considered when designing any blood glucose (BG) control system.² Thus, in the control system design specifications, disturbances from inadequate system management should be considered and those that cannot be handled by a feedback control loop should be treated as faults and a fault tolerant control (FTC) scheme should be designed. Similarly, large variations in patient dynamics that cannot be correctly compensated for by the controller must be considered in the fault-tolerant design. New generations of AID systems, to be fully automatic and autonomous, will need to incorporate FTC and personalization strategies that consider the fact that the patient is at the center of the system and in the control loop.³

This paper analyzes and discusses different sources of faults since the patient is in the loop. Methods for detecting and identifying faults are proposed as well as different approaches for FTC. Finally, a discussion is presented on the improvements that new generations of AP systems should contain to be fully autonomous.

Patient Related Faults and Disturbances

Ideally, AID systems aim to relieve the patient of decision-making and disease management so that they can lead a life as closely as possible to that of a healthy person. However, several factors make this impossible for currently commercialized AID systems for the time being, as they can lead the system to a situation of failure. These failures can be due to psychosocial factors, human factors, and physiological changes.

Current commercial AID systems do not consider the particular needs of patients, providing a one-size-fits-all solution. Most of them are designed/tuned with a low tolerance for hypoglycemia and thus may have longer periods of hyperglycemia than if more tightly tuned.⁴ However, psychosocial factors impact the way users use AID systems. Thus, some patients may stop wearing the devices for body image reasons, significantly reducing the CL action time. Others may adopt a more passive attitude towards diabetes self-management, even compromising their safety.⁵ On the other hand, highly motivated type 1 diabetes (T1D) individuals with much experience may be able to tightly control their BG through close attention to meal boluses and the effects of exercise; therefore these individuals can be quite frustrated by the performance of an AID system and seek ways to “override” the system, by (eg,), placing the system in manual mode and providing a manual insulin bolus²; or over-estimating their meal carbohydrates so that a larger bolus is given.⁶

Highly probable patient faults come from user interaction with the system. Patients may introduce faults into the insulin pump, for example, by changing the catheter later than recommended by the manufacturer, which may eventually lead to actuator failure. CGMs can also be miscalibrated, either due to error in reporting the SMBG value at the time of calibration, or problems with the capillary blood sample itself, due to contaminants in the sample (skin not washed beforehand, for example). It should be noted that the newest generation of CGMs is “calibration-free.” Disturbances introduced by the patient can also lead to a faulty system state. For example, patients may override the algorithm (bolusing in manual mode, deliberately misestimating carbohydrate estimates), forget to announce meals (converting a measurable disturbance to unmeasured) or miss a meal.

Among the most common disturbance faults that come from patient’s behavior are missed meals and unexpected exercise. Every fourth meal may have a missed or late bolus associated with it,^7,8 resulting in a significant reduction in time in range and an increase in postprandial peak. Also, in many cases, patients are not able to accurately calculate the amount of carbohydrates they take.⁹ It has been shown that not only carbohydrates influence the calculation of the insulin bolus but also protein can increase insulin requirements by 50%.¹⁰ Unannounced exercise is another major source of system disturbances. First, because its effect is highly variable depending on the type of exercise and its intensity.¹¹ Secondly, because the patient may try to compensate for the effects of exercise on glycemia, for example, by taking carbohydrates but without notifying the controller. Thus, the result is 2 controllers operating simultaneously without being aware of each other.

In addition to the previously discussed, we know that insulin requirements change by the minute and that, in most cases, these can be compensated for by the feedback controller or by basal adjustment strategies. However, some physiological changes that affect the dynamics of the glucose-insulin system may involve large variations in insulin sensitivity that cannot be handled by a simple controller.

Illness, stress, some medications, or sleep apnea can produce major physiological changes such as increased insulin sensitivity, increased rate of glucose disposal, and/or decreased glucose production, pushing the CL controller to extreme situations. Variable hormonal responses due to puberty, menstrual cycles, and menopause also cause major physiological changes. The effects of pregnancy in women with T1D are not fully understood.¹² While requiring strict glucose control, hormonal changes throughout pregnancy can lead to large variations in insulin sensitivity, causing long and dangerous periods of hypoglycemia.

While some studies show that AID systems can control BG in the face of moderate alcohol intakes, more general studies on the impact of alcohol on AID systems in normal living conditions are lacking. In addition, the effects of heavy alcohol consumption on AID systems remain to be investigated. High alcohol consumption is known to contribute to disease complications¹³ while reducing patients’ ability to manage their disease or operate an AID system properly.

Fault Mitigation and Fault Tolerant Control Approaches

AID systems performance and safety can be affected by how users manage and interact with the system. This has been a common situation in many practical control applications in which control systems work with human operators.^14,15 Current systems under development^16,17 are designed for people with diabetes who are unlikely to have experience with control systems technology. For this reason, fault tolerant systems that take special attention to user actions should be designed, validated, and incorporated into commercial devices.

Traditional FTC systems are usually composed of at least 2 layers that work cooperatively, namely execution and supervisory layers. The execution layer is composed of the typical feedback loop with the controller, plant, actuators, and sensors. The supervisory layer consists of a diagnostic block, which continuously monitors the execution layer to detect, identify, locate, quantify and isolate faults; and a decision block that performs the necessary corrective actions to ensure performance and safety.

In the Figure 1 scheme, a fault occurring in the T1D patient ( $f_{p}$ ) that is detected will be treated by the controller if the fault is recoverable, that is, there is a controller configuration that solves the controller redesign problem in the faulty state. That means that a new set of controller parameters or even an entirely new control approach will be used in the faulty state.

Figure 1.

General FTC AID architecture.

Nonetheless, a FTC AID system not only has to detect faults appearing in the plant but also in the actuators ( $f_{u}$ ), sensors ( $f_{s}$ ) and controller ( $f_{c}$ ) itself as the effect of a fault in any of these components is propagated throughout the system. Fault detection algorithms for hardware-based CGM sensors^18-26 and insulin pump actuators^27-34 have been successfully investigated, however, currently available AID systems do not usually include all these features. Plant faults can usually be alleviated by using either robust controllers or an active reconfiguration system that changes the controller according to the faulty state. These types of faults mainly change the input-output relationship of the system and can usually be addressed by the controller, ensuring safety but with degraded performance.

One of the burdens for achieving fault tolerance in AID systems is the limited number of available sensors and actuators.³⁵ In typical commercial configurations, there are only one insulin pump and one CGM sensor.³⁶ Therefore, fault tolerance must be achieved employing analytical redundancy, where information from online CGM and mathematical models is used. Particularly, state estimation is a popular model-based strategy to accomplish fault detection and identification.^37,38

Many research AID prototypes incorporate to some extent algorithms that monitor the system by estimating model states, parameters, or external disturbances. These approaches have been mainly used for control design rather than FTC and HitL interactions. The basic uses of such approaches are: (1) estimating insulin on board (IOB) or plasma insulin concentrations,^39,40 (2) glucose rate of appearance after meal estimations,^41-43 (3) exercise detection,^44-46 and (4) general state estimation for prediction and control.^47-52

Insulin Fault Control

Insulin estimation has become one of the must-have tools for any AID system because direct insulin measurements are currently not possible. These estimations allow to continuously monitor the insulin state and avoid controller over-actuation that may lead to hypoglycemia.³⁹ Most control algorithms include this as a module to enhance safety by having upper constraints in admissible insulin infusion and for prandial bolus computations.^53-56 However, they may also be a major limiting factor in the achievable performance if tuned too conservatively, leading to user frustration when CL systems react too slowly to high BG concentrations.⁵⁷ AID systems should take advantage of these algorithms to enhance safety when the user is commanding the system by providing comprehensive insulin advice. Insulin concentration estimation should remain uninterrupted regardless of the system operation mode and be used to safely initialize or resume the selected therapy. Detection of unannounced insulin injections should also be a fundamental feature of these systems, with appropriate controller accommodation.

Meal Related Patient Faults

Meals are one of the major disturbances that affect AID systems and have centered the most attention in both published research and clinical trials.⁵⁸ The Juvenile Diabetes Research Foundation’s AID system design roadmap,⁵⁹ included a specific design step in which meal announcements were completely removed. This led to several designs, so-called fully CL systems, that operate without meal information.

This is attractive from a control point of view, as these systems decouple the user from the control system, while promising ease of use. However, they still underperform when compared to hybrid AP strategies with meal advertisements and can lead to user dissatisfaction. Monitoring and discriminating user meal action announcements together with the rate of absorption estimations should allow systems to use reliable patient information, allowing for effective feedforward meal control, and providing a better compromise between safety and performance. Several algorithms detect when a meal has been consumed, largely based on glucose rate-of-change greater than a threshold value, and therefore become more aggressive with insulin delivery.^52,60-63 Indeed, knowledge of typical daily eating patterns can be used to anticipate when meals are likely to be consumed and include that probability in future predictions of BG levels.^50,51,64-66 While these anticipatory algorithms lead to good CL performance, providing a premeal bolus yields a significant improvement in meal disturbance rejection.

Exercise Related Patient Faults

Exercise is another important disturbance that AID systems need to be safe against.^67,68 It has been shown that exercise greatly affects the BG system with various types of effects.¹¹ Patient actions, such as the use of carbohydrates as a preventive control action or the adjustment of insulin infusion are essential for safety.^11,53,69,70 Exercise detection methods allow control systems to reconfigure themselves to some extent.^44,46,71-74 Usually, recommendations against exercise raise BG levels to avoid post-exercise hypoglycemia. The system must work cooperatively with the patient so that these feedforward actions are not seen as a disturbance to be rejected by the control system itself. Physical activity may alter insulin sensitivity for a prolonged time, thus methods for controller reconfiguration or tuning adjustment should be incorporated into AID systems to compensate for these changes.

Additional Control Actions for Fault Tolerant Control

Although there is no current formulation of glucagon that is stable for a long time at body temperature, many clinical studies have used insulin and glucagon. El-Khatib et al⁷⁵ use a PD controller that is active under certain glucose concentrations to manipulate glucagon. Insulin is administered based on an adaptive MPC strategy with a very short prediction horizon, making it similar to a PID controller. Russell et al⁷⁶ present results for a 5-day study with 20 adults and 32 adolescents. Blauw et al⁷⁷ stress the advantages of using a single integrated device (rather than separate smartphones and pumps) to manipulate both insulin and glucagon in a 4-day study involving 10 subjects. El-Khatib et al⁷⁸ study 39 subjects in a dual-arm at-home study of 11 days in closed-loop and 11 days in conventional therapy. Haidar et al⁷⁹ compared dual-hormone, single-hormone and sensor augmented pump therapy in 23 adults. The iLet system^80,81 delivers both insulin and glucagon, but the first commercial version will likely administer only insulin. Wilson et al⁸² present results for the Oregon Artificial pancreas, with and without glucagon, in a 76-hour outpatient study with 23 participants. Wilson et al⁸³ provides a comprehensive review of the potential benefits of using dual hormone systems, concluding that the use of glucagon contributes in lowering hypoglycemia.

While glucagon acts to directly increase BG, another hormone, amylin (or pramlintide) can be used to delay gastric emptying to decrease the rate-of-change of glucose after a meal. Weinzimer et al⁸⁴ use premeal pramlintide boluses, combined with PID feedback manipulation of insulin to show improved post-prandial glucose control.

While it is certainly useful to have the additional “degrees of freedom” by manipulating hormones, such as glucagon and pramlintide, in addition to insulin, the major disadvantage is that the additional inputs can fail, an important fault detection consideration. Additionally, most of the AID systems with multiple manipulated hormones are still in an early stage, still requiring more exploration of its benefits before commercialization.

Other Signals for Fault Tolerant Control

Before CGMs were available, there were several devices developed to warn individuals of impending hypo- and hyperglycemia. Howsmon and Bequette⁸⁵ review devices that use a variety of biosignals, including electroencephalography, electrocardiography, skin galvanic resistance, diabetes alert dogs, and CGMs.

To reduce the risk of hypoglycemia it is desirable to provide exercise information as part of an automated insulin delivery strategy. Stenerson et al⁸⁶ incorporate heart rate and an accelerometer into a predictive low glucose suspend (PLGS) system, but find little additional benefit due to the use of heart rate. Turksoy et al⁴⁶ use energy expenditure and galvanic skin resistance as additional sensor inputs to improve BG control during exercise. Breton et al⁸⁷ add heart rate to a MPC strategy to improve BG regulation during exercise.

Recognizing and predicting future activity allows current actions based on likely future actions, such as using GPS location or a calendar entry to predict someone is about to eat or exercise. Navarathna et al⁸⁸ review the use of wearable devices, and show how to use them to predict patient activity improve control of BG levels in people with T1D.

Discussion

The design of fully automatic and autonomous AID systems requires incorporating the analysis of how the patient, which is the user, affects the system. As the patient will be wearing the system and operating it, it is of utmost importance to design FTC systems that consider the patient’s actions. While many research AID prototypes have explored mechanisms and algorithms to minimize the impact of CGMs, insulin pump and human induced faults and disturbances, currently commercialized systems are still lacking the incorporation of these tools.

The main research effort from the point of view of patient faults involves the detection and quantification of 2 common human activities: exercise and meals. Meals are the primary disturbance that CL systems are aimed to reject. Announced meals or exercise allow feedforward control and/or mitigation actions, which can be used to counteract disturbances better than fully CL systems.⁸⁹ However, this implies that the patient has to feed critical information into the control loop and therefore the overall performance of the controller may be compromised if the patient does not provide correct information.

The patient is also the operator of the control system and is in charge of the system maintenance and supervision. Thus, the patient is required to change and supervise the batteries of the CGM and insulin pump, the calibration and insertion of the CGM sensor, to count carbohydrates for announced meals control schemes, and to take additional actions if they are going to exercise or are sick. All these facts suggest that it is unreasonable to talk of fully CL systems and that it is infeasible to remove the patient from the cause-effect chain. Instead, future FTC AID systems that are aimed to appear in the market should consider the patient as a central and crucial element of the system.

As a medical device, an AID system must guarantee the patient’s safety under daily life scenarios, thus safety and failure prevention should be one of the primary concerns in the AID system design. However, it is still difficult to assess the patient’s safety under real life scenarios due to the unpredictable behavior of humans. Then, it is crucial to perform further studies regarding the patient’s point of view of an AID system. The design of such a system should consider what patients would like to have and the interaction between the patient and the system.

The AID system should constitute an ecosystem that the patient can easily incorporate into his or her life, and altogether with caregivers constitute a cyber-physical system (CPS). Although these systems are characterized by the human factor, many studies have shown that cooperation between automatic control and humans can be done.^90-93 In Nunes et al⁹⁴ a complete taxonomy of the human roles in CPS systems is presented. This paper outlines the need for these systems to be more flexible since they are systems created by humans for humans. We therefore urge that new AID systems, intended to automatically control T1D patients, be adapted to the human factor as the only way to become truly fully automated systems.

Conclusions

AP technology has successfully reached the market and is already an available therapy option. People with T1D that will use these systems are active elements of the control scheme as they are at the same time the plant to control and operators that have to maintain the system, perform measurements and execute actions. Uncertainty and faults can appear from improper user management, which could compromise the system. Future systems must include FTC designs to cope with the HitL to offer safer and more human-oriented control systems.

Footnotes

Acknowledgements

None

Abbreviations

AID, Automated Insulin Delivery; AP, Artificial Pancreas; BG, Blood Glucose; CGM, Continuous Glucose Monitoring; CL, Closed-Loop; FTC, Fault Tolerant Control; HitL, Human-In-The-Loop; IOB, Insulin On Board; T1D, Type 1 Diabetes.

Declaration of Conflicting Interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This work was funded by Ministerio de Economía, Industria y Competitividad under Grant DPI2016-78831-C2-2-R and in part by the Autonomous Government of Catalonia under Grant 2017 SGR 1551.

ORCID iDs

Aleix Beneyto

B. Wayne Bequette

Josep Vehi

References

Ramli

Reddy

Oliver

Artificial pancreas: current progress and future outlook in the treatment of type 1 diabetes. Drugs. 2019;79:1089-1101.

Bequette

BW.

Human-in-the-loop insulin dosing. J Diabetes Sci Technol. 2021;15:699-704.

Boughton

Hovorka

The artificial pancreas. Curr Opin Organ Transplant. 2020;25:336-342.

Naranjo

Suttiratana

Iturralde

, et al What end users and stakeholders want from automated insulin delivery systems. Diabetes Care. 2017;40:1453-1461.

Ramkissoon

Aufderheide

Bequette

Vehi

A review of safety and hazards associated with the artificial pancreas. IEEE Rev Biomed Eng. 2017;10:44-62.

Messer

. Automated insulin delivery: six universal observations and understandings. Published n.d. Accessed March 15, 2021. https://diatribe.org/automated-insulin-delivery-six-universal-observations-and-understandings

Munshi

Slyne

Greenberg

, et al Nonadherence to insulin therapy detected by bluetooth-enabled pen cap is associated with poor glycemic control. Diabetes Care. 2019;42:1129-1131.

Norlander

Nykaza

Arbiter

Buckingham

Lal

931-P: hyperglycemia following early vs. late meal boluses. Diabetes. 2019;68:931-P.

Zaugg

Dogbey

Collins

, et al Diabetes numeracy and blood glucose control: association with type of diabetes and source of care. Clin Diabetes. 2014;32:152-157.

10.

Krebs

Arahill

Cresswell

Weatherall

Parry-Strong

The effect of additional mealtime insulin bolus using an insulin-to-protein ratio compared to usual carbohydrate counting on postprandial glucose in those with type 1 diabetes who usually follow a carbohydrate-restricted diet: a randomized cross-over trial. Diabetes Obes Metab. 2018;20:2486-2489.

11.

Riddell

Gallen

Smart

, et al Exercise management in type 1 diabetes: a consensus statement. Lancet Diabetes Endocrinol. 2017;5:377-390.

12.

Bertachi

Ramkissoon

Bondia

Vehí

Automated blood glucose control in type 1 diabetes: a review of progress and challenges. Endocrinol Diabetes Y Nutrición. 2018;65:172-181.

13.

Turner

Jenkins

Kerr

Sherwin

Cavan

DA.

The effect of evening alcohol consumption on next-morning glucose control in type 1 diabetes. Diabetes Care. 2001;24:1888-1893.

14.

Cimini

Pirola

Pinto

Cavalieri

A human-in-the-loop manufacturing control architecture for the next generation of production systems. J Manuf Syst. 2020;54:258-271.

15.

Ghosh

Bequette

BW.

Process systems engineering and the human-in-the-loop: the smart control room. Ind Eng Chem Res. 2019;59:2422-2429.

16.

Allen

Gupta

Current diabetes technology: striving for the artificial pancreas. Diagnostics. 2019;9:31.

17.

Asarani

NAM

Reynolds

Elbalshy

, et al Efficacy, safety, and user experience of DIY or open-source artificial pancreas systems: a systematic review. Acta Diabetol. 2021;58:539-547.

18.

Keenan

Grosman

Clark

, et al Continuous glucose monitoring considerations for the development of a closed-loop artificial pancreas system. J Diabetes Sci Technol. 2011;5:1327-1336.

19.

Leal

Gonzalez-Abril

Lorencio

Bondia

Vehi

Detection of correct and incorrect measurements in real-time continuous glucose monitoring systems by applying a postprocessing support vector machine. IEEE Trans Biomed Eng. 2013;60:1891-1899.

20.

Favero

Monaro

Facchinetti

Tagliavini

Sparacino

Cobelli

Real-time detection of glucose sensor and insulin pump faults in an artificial pancreas. IFAC Proc Vol. 2014;47:1941-1946.

21.

Baysal

Cameron

Buckingham

, et al A novel method to detect pressure-induced sensor attenuations (PISA) in an artificial pancreas. J Diabetes Sci Technol. 2014;8:1091-1096.

22.

Turksoy

Quinn

Littlejohn

, et al Monitoring and Fault detection of continuous glucose sensor measurements. In: 2015 American Control Conference (ACC), Chicago, IL, July 1-3. IEEE; 2015:5091-5096.

23.

Zhao

Statistical analysis based online sensor failure detection for continuous glucose monitoring in type I diabetes. Chemometr Intell Lab Syst. 2015;144:128-137.

24.

Facchinetti

Favero

Sparacino

Cobelli

Modeling transient disconnections and compression artifacts of continuous glucose sensors. Diabetes Technol Ther. 2016;18:264-272.

25.

Moser

Mader

Tschakert

, et al Accuracy of continuous glucose monitoring (CGM) during continuous and high-intensity interval exercise in patients with type 1 diabetes mellitus. Nutrients. 2016;8:489.

26.

Biagi

Bertachi

Quirós

, et al Accuracy of continuous glucose monitoring before, during, and after aerobic and anaerobic exercise in patients with type 1 diabetes mellitus. Biosensors. 2018;8:22.

27.

Herrero

Calm

Vehí

, et al Robust fault detection system for insulin pump therapy using continuous glucose monitoring. J Diabetes Sci Technol. 2012;6:1131-1141.

28.

Cescon

DeSalvo

, et al Early detection of infusion set failure during insulin pump therapy in type 1 diabetes. J Diabetes Sci Technol. 2016;10:1268-1276.

29.

Guenego

Bouzillé

Breitel

, et al Insulin pump failures: has there been an improvement? update of a prospective observational study. Diabetes Technol Ther. 2016;18:820-824.

30.

Meneghetti

Facchinetti

Favero

SD.

Model-based detection and classification of insulin pump faults and missed meal announcements in artificial pancreas systems for type 1 diabetes therapy. IEEE Trans Biomed Eng. 2019;68:170-180.

31.

Meneghetti

Susto

Favero

SD.

Detection of insulin pump malfunctioning to improve safety in artificial pancreas using unsupervised algorithms. J Diabetes Sci Technol. 2019;13:1065-1076.

32.

Howsmon

Cameron

Baysal

, et al Continuous glucose monitoring enables the detection of losses in infusion set actuation (LISAs). Sensors. 2017;17:161.

33.

Rojas

Garcia-Gabin

Bequette

. Multivariate statistical analysis to detect insulin infusion set failure. In: Proceedings of the 2011 American Control Conference, San Francisco, CA, 29 June-1 July. IEEE; 2011:1952-1957.

34.

Meneghetti

Terzi

Favero

Susto

Cobelli

Data-driven anomaly recognition for unsupervised model-free fault detection in artificial pancreas. IEEE Trans Control Syst Technol. 2020;28:33-47.

35.

Doyle

Huyett

Lee

Zisser

Dassau

Closed-loop artificial pancreas systems: engineering the algorithms. Diabetes Care. 2014;37:1191-1197.

36.

Boughton

Hovorka

New closed-loop insulin systems. Diabetologia. 2021;64:1007-1015.

37.

Chen

Patton

. Robust Model-Based Fault Diagnosis for Dynamic Systems. Vol. 3. 1st ed. Springer Science & Business Media; 2012.

38.

Blanke

Kinnaert

Lunze

Staroswiecki

Diagnosis and Fault-Tolerant Control. Springer; 2016.

39.

Bondia

Romero-Vivo

Ricarte

Diez

JL.

Insulin estimation and prediction: a review of the estimation and prediction of subcutaneous insulin pharmacokinetics in closed-loop glucose control. IEEE Control Syst Mag. 2018;38:47-66.

40.

Hajizadeh

Rashid

Turksoy

, et al Plasma insulin estimation in people with type 1 diabetes mellitus. Ind Eng Chem Res. 2017;56:9846-9857.

41.

Samadi

Rashid

Turksoy

, et al Automatic detection and estimation of unannounced meals for multivariable artificial pancreas system. Diabetes Technol Ther. 2018;20:235-246.

42.

Ramkissoon

Herrero

Bondia

Vehi

Unannounced meals in the artificial pancreas: detection using continuous glucose monitoring. Sensors. 2018;18:884.

43.

Sala-Mira

Díez

J-L

Ricarte

Bondia

Sliding-mode disturbance observers for an artificial pancreas without meal announcement. J Process Control. 2019;78:68-77.

44.

Ramkissoon

Bertachi

Beneyto

Bondia

Vehi

Detection and control of unannounced exercise in the artificial pancreas without additional physiological signals. IEEE J Biomed Health. 2019;24:259-267.

45.

Jacobs

Resalat

Youssef

, et al Incorporating an exercise detection, grading, and hormone dosing algorithm into the artificial pancreas using accelerometry and heart rate. J Diabetes Sci Technol. 2015;9:1175-1184.

46.

Turksoy

Paulino

TML

Zaharieva

, et al Classification of physical activity: information to artificial pancreas control systems in real time. J Diabetes Sci Technol. 2015;9:1200-1207.

47.

Incremona

Messori

Toffanin

Cobelli

Magni

Model predictive control with integral action for artificial pancreas. Control Eng Pract. 2018;77:86-94.

48.

Borri

Cacace

Gaetano

, et al Luenberger-like observers for nonlinear time-delay systems with application to the artificial pancreas: the attainment of good performance. IEEE Control Syst Mag. 2017;37:33-49.

49.

Hajizadeh

Rashid

Samadi

, et al Adaptive personalized multivariable artificial pancreas using plasma insulin estimates. J Process Control. 2019;80:26-40.

50.

Cameron

Niemeyer

Bequette

BW.

Extended multiple model prediction with application to blood glucose regulation. J Process Control. 2012;22:1422-1432.

51.

Cameron

Buckingham

, et al Closed-loop control without meal announcement in type 1 diabetes. Diabetes Technol Ther. 2017;19:527-532.

52.

Sanz

García

Díez

J-L

Bondia

Artificial pancreas system with unannounced meals based on a disturbance observer and feedforward compensation. IEEE Trans Control Syst Technol. 2021;29:454-460.

53.

Beneyto

Bertachi

Bondia

Vehi

A new blood glucose control scheme for unannounced exercise in type 1 diabetic subjects. IEEE Trans Control Syst Technol. 2020;28:593-600.

54.

Ellingsen

Dassau

Zisser

, et al Safety constraints in an artificial pancreatic β cell: an implementation of model predictive control with insulin on board. J Diabetes Sci Technol. 2009;3:536-544.

55.

Bertachi

Biagi

Beneyto

Vehí

Dynamic rule-based algorithm to tune insulin-on-board constraints for a hybrid artificial pancreas system. J Healthc Eng. 2020;2020:1-11.

56.

Gondhalekar

Dassau

Doyle

FJ.

Periodic zone-MPC with asymmetric costs for outpatient-ready safety of an artificial pancreas to treat type 1 diabetes. Automatica. 2016;71:237-246.

57.

Barnard

Pinsker

Oliver

Astle

Dassau

Kerr

Future artificial pancreas technology for type 1 diabetes: what do users want?

Diabetes Technol Ther. 2015;17:311-315.

58.

Fathi

Smaoui

Gingras

Boulet

Haidar

The artificial pancreas and meal control: an overview of postprandial glucose regulation in type 1 diabetes. IEEE Control Syst Mag. 2018;38:67-85.

59.

Kowalski

Pathway to artificial pancreas systems revisited: moving downstream. Diabetes Care. 2015;38:1036-1043.

60.

Lee

Buckingham

Wilson

Bequette

BW.

A closed-loop artificial pancreas using model predictive control and a sliding meal size estimator. J Diabetes Sci Technol. 2009;3:1082-1090.

61.

Mahmoudi

Cameron

Poulsen

Madsen

Bequette

Jørgensen

JB.

Sensor-based detection and estimation of meal carbohydrates for people with diabetes. Biomed Signal Process Control. 2019;48:12-25.

62.

Weimer

Chen

Peleckis

Rickels

Lee

Physiology-invariant meal detection for type 1 diabetes. Diabetes Technol Ther. 2016;18:616-624.

63.

Mahmoudi

Nørgaard

Poulsen

Madsen

Jørgensen

JB.

Fault and meal detection by redundant continuous glucose monitors and the unscented Kalman filter. Biomed Signal Process Control. 2017;38:86-99.

64.

Cameron

Bequette

Wilson

Buckingham

Lee

Niemeyer

A closed-loop artificial pancreas based on risk management. J Diabetes Sci Technol. 2011;5:368-379.

65.

Cameron

Niemeyer

Wilson

, et al Inpatient trial of an artificial pancreas based on multiple model probabilistic predictive control with repeated large unannounced meals. Diabetes Technol Ther. 2014;16:728-734.

66.

Forlenza

Cameron

, et al Fully closed-loop multiple model probabilistic predictive controller artificial pancreas performance in adolescents and adults in a supervised hotel setting. Diabetes Technol Ther. 2018;20:335-343.

67.

Breton

MD.

Handling exercise during closed loop control. Diabetes Technol Ther. 2017;19:328-330.

68.

Yardley

JE.

Exercise and the artificial pancreas: trying to predict the unpredictable in patients with type 1 diabetes?

Can J Diabetes. 2020;44:119-120.

69.

Viñals

Beneyto

Martín-SanJosé

J-F

, et al Artificial pancreas with carbohydrate suggestion performance for unannounced and announced exercise in Type 1 Diabetes. J Clin Endocrinol Metab. 2021;106:55-63.

70.

Bertachi

Beneyto

Ramkissoon

Vehi

Assessment of mitigation methods to reduce the risk of hypoglycemia for announced exercise in a uni-hormonal artificial pancreas. Diabetes Technol Ther. 2018;20:285-295.

71.

Turksoy

Hajizadeh

Hobbs

, et al Multivariable artificial pancreas for various exercise types and intensities. Diabetes Technol Ther. 2018;20:662-671.

72.

Patel

Name

MAV

Cengiz

, et al Mitigating reductions in glucose during exercise on closed-loop insulin delivery: the Ex-Snacks study. Diabetes Technol Ther. 2016;18:794-799.

73.

Hajizadeh

Rashid

Turksoy

, et al Incorporating unannounced meals and exercise in adaptive learning of personalized models for multivariable artificial pancreas systems. J Diabetes Sci Technol. 2018;12:953-966.

74.

Pinsker

Sanz

AJL

Lee

, et al Evaluation of an artificial pancreas with enhanced model predictive control and a glucose prediction trust index with unannounced exercise. Diabetes Technol Ther. 2018;20:455-464.

75.

El-Khatib

Russell

Nathan

Sutherlin

Damiano

ER.

A bihormonal closed-loop artificial pancreas for type 1 diabetes. Sci Transl Med. 2010;2:27ra27-27ra27.

76.

Russell

El-Khatib

Sinha

, et al Outpatient glycemic control with a bionic pancreas in type 1 diabetes. N Engl J Med. 2014;371:313-325.

77.

Blauw

Bon

van Koops

, et al Performance and safety of an integrated bihormonal artificial pancreas for fully automated glucose control at home. Diabetes Obes Metabol. 2016;18:671-677.

78.

El-Khatib

Balliro

Hillard

, et al Home use of a bihormonal bionic pancreas versus insulin pump therapy in adults with type 1 diabetes: a multicentre randomised crossover trial. Lancet. 2017;389:369-380.

79.

Haidar

Messier

Legault

Ladouceur

Rabasa-Lhoret

Outpatient 60-hour day-and-night glucose control with dual-hormone artificial pancreas, single-hormone artificial pancreas, or sensor-augmented pump therapy in adults with type 1 diabetes: an open-label, randomised, crossover, controlled trial. Diabetes Obes Metab. 2017;19:713-720.

80.

Russell

Balliro

Ekelund

El-Khatib

Graungaard

Greaux

. . . Damiano

. Improvements in glycemic control achieved by altering the tmax setting in the iLet® bionic pancreas when using fast-acting insulin aspart: a randomized trial. Diabetes Ther, 2011;1-15.

81.

Castellanos

Balliro

Sherwood

Jafri

Hillard

Greaux

. . . Russell

. Performance of the insulin-only iLet bionic pancreas and the bihormonal iLet using dasiglucagon in adults with type 1 diabetes in a home-use setting. Diabetes Care, 2021;44(6):e118-e120.

82.

Wilson

Jacobs

Ramsey

, et al Dual-hormone closed-loop system using a liquid stable glucagon formulation versus insulin-only closed-loop system compared with a predictive low glucose suspend system: an open-label, outpatient, single-center, crossover, randomized controlled trial. Diabetes Care. 2020;43:2721-2729.

83.

Wilson

Jacobs

Castle

JR.

Role of glucagon in automated insulin delivery. Endocrinol Metab Clin North Am. 2019;49:179-202.

84.

Weinzimer

Sherr

Cengiz

, et al Effect of pramlintide on prandial glycemic excursions during closed-loop control in adolescents and young adults with type 1 diabetes. Diabetes Care. 2012;35:1994-1999.

85.

Howsmon

Bequette

BW.

Hypo- and hyperglycemic alarms. J Diabetes Sci Technol. 2015;9:1126-1137.

86.

Stenerson

Cameron

Wilson

, et al The impact of accelerometer and heart rate data on hypoglycemia mitigation in type 1 diabetes. J Diabetes Sci Technol. 2014;8:64-69.

87.

Breton

Brown

Karvetski

, et al Adding heart rate signal to a control-to-range artificial pancreas system improves the protection against hypoglycemia during exercise in type 1 diabetes. Diabetes Technol Ther. 2014;16:506-511.

88.

Navarathna

Bequette

Cameron

. Wearable device based activity recognition and prediction for improved feedforward control. In: 2018 Annual American Control Conference (ACC), Milwaukee, WI, 27-29 June. IEEE; 2018:3571-3576.

89.

Weinzimer

Steil

Swan

Dziura

Kurtz

Tamborlane

WV.

Fully automated closed-loop insulin delivery versus semiautomated hybrid control in pediatric patients with type 1 diabetes using an artificial pancreas. Diabetes Care. 2008;31:934-939.

90.

Feng

Wiltsche

Humphrey

Topcu

Synthesis of human-in-the-loop control protocols for autonomous systems. IEEE Trans Autom Sci Eng. 2016;13:450-462.

91.

Schirner

Erdogmus

Chowdhury

Padir

The future of human-in-the-loop cyber-physical systems. Computer. 2013;46:36-45.

92.

Inoue

Gupta

“Weak” control for human-in-the-loop systems. IEEE Control Syst Lett. 2019;3:440-445.

93.

Gil

Albert

Fons

Pelechano

Engineering human-in-the-loop interactions in cyber-physical systems. Inf Softw Technol. 2020;126:106349.

94.

Nunes

Zhang

Silva

JS.

A survey on human-in-the-loop applications towards an internet of all. IEEE Commun Surv Tutor. 2015;17:944-965.

Fault Tolerant Strategies for Automated Insulin Delivery Considering the Human Component: Current and Future Perspectives

Abstract

Keywords

Background and Motivation

Patient Related Faults and Disturbances

Fault Mitigation and Fault Tolerant Control Approaches

Insulin Fault Control

Meal Related Patient Faults

Exercise Related Patient Faults

Additional Control Actions for Fault Tolerant Control

Other Signals for Fault Tolerant Control

Discussion

Conclusions

Footnotes

Acknowledgements

Abbreviations

Declaration of Conflicting Interests

Funding

ORCID iDs

References