System

Hospital Patient Monitoring System, fifth subsystem decomposition. Four subsystems previously decomposed: {{entity:Vital Signs Acquisition Subsystem}}, {{entity:Alarm Management Subsystem}}, {{entity:Central Monitoring Station}}, and {{entity:Clinical Data Integration Subsystem}}. This session tackled the {{entity:Network and Communication Subsystem}} — the infrastructure layer connecting bedside monitors, central stations, and clinical data systems. One subsystem remains: {{entity:Safety and Monitoring Subsystem}}.

Decomposition

The {{entity:Network and Communication Subsystem}} ({{hex:50A57019}}) was decomposed into five components spanning physical switching, wireless connectivity, time alignment, security enforcement, and data distribution middleware.

The {{entity:Medical-Grade Network Switch}} ({{hex:D2A51018}}) provides deterministic low-latency Ethernet connectivity with VLAN segmentation and QoS prioritization. The {{entity:Wireless Access Controller}} ({{hex:51B77018}}) manages clinical-grade Wi-Fi with seamless roaming for mobile monitors. The {{entity:Time Synchronization Service}} ({{hex:40A57B58}}) delivers sub-millisecond clock alignment via IEEE 1588 PTP across all devices. The {{entity:Clinical Network Firewall}} ({{hex:50A53859}}) enforces network segmentation and deep packet inspection per IEC 80001-1. The {{entity:Message Broker and Data Distribution Service}} ({{hex:40F57319}}) provides publish-subscribe middleware for real-time vital sign and alarm event distribution.

flowchart TB
  SW["Medical-Grade Network Switch"]
  WAC["Wireless Access Controller"]
  TSS["Time Synchronization Service"]
  FW["Clinical Network Firewall"]
  MB["Message Broker and Data Distribution Service"]
  TSS -->|PTP sync| SW
  MB -->|Pub/sub streams| SW
  SW -->|VLAN trunks| WAC
  SW -->|Ingress/egress traffic| FW
  FW -->|Security policies| WAC

Analysis

The most striking classification insight came from the {{entity:Clinical Network Firewall}}. Its trait profile ({{hex:50A53859}}) shares 0.91 Jaccard similarity with a {{entity:firing interlock}} ({{hex:C4A53859}}) from the autonomous vehicle domain and a {{entity:Safety Integrity Monitor}} ({{hex:51B73859}}). All three are gatekeeping components — they sit on a critical path, evaluate conditions against policy, and either permit or block flow. The difference is physical: the firing interlock gates kinetic energy, the firewall gates network packets. The shared traits — {{trait:Active}}, {{trait:State-Transforming}}, {{trait:Safety-Critical}}, {{trait:System-Essential}} — confirm the firewall’s role as a safety boundary component, not merely an IT convenience.

The lint report flagged three findings. The high-severity finding notes that the system entity lacks the {{trait:Physical Object}} trait but has physical constraints in {{stk:STK-STAKEHOLDERNEEDS-001}}. This is expected — the system is an abstract composition of physical and software components. The medium finding about verification requirements being co-mingled is structural and inherited from the project scaffold; the verification-plan document does hold them separately, but the orphan checker sees them in a flat list.

Requirements

Ten subsystem requirements generated ({{sub:SUB-SUBSYSTEMREQUIREMENTS-037}} through {{sub:SUB-SUBSYSTEMREQUIREMENTS-046}}), covering switch latency (500 microsecond max), dual-path failover (3 second completion), wireless roaming (100 ms handoff), WPA3-Enterprise authentication, PTP clock accuracy (1 ms), TLS 1.2 enforcement, VLAN isolation per IEC 80001-1, message broker QoS (50 ms alarm delivery), topic-based routing, and PTP grandmaster failover (10 second recovery).

Four interface requirements created ({{ifc:IFC-INTERFACEDEFINITIONS-015}} through {{ifc:IFC-INTERFACEDEFINITIONS-018}}) defining VLAN trunk interfaces, firewall trunk bandwidth, pub-sub topic schema, and PTP multicast protocol.

Three verification entries ({{sub:VER-VERIFICATIONMETHODS-008}} through {{sub:VER-VERIFICATIONMETHODS-010}}) specify hardware-timestamped latency measurement, physical uplink disconnection testing, and mobile roaming packet capture analysis. All requirements traced to parent system requirements: {{sys:SYS-SYSTEM-LEVELREQUIREMENTS-004}} (alarm timing), {{sys:SYS-SYSTEM-LEVELREQUIREMENTS-005}} (real-time display), {{sys:SYS-SYSTEM-LEVELREQUIREMENTS-009}} (encryption), and {{sys:SYS-SYSTEM-LEVELREQUIREMENTS-010}} (failover).

Next

One subsystem remains: the {{entity:Safety and Monitoring Subsystem}} ({{hex:51B77A59}}). This is the cross-cutting safety layer — watchdog functions, self-test sequences, safety integrity monitoring, and regulatory compliance enforcement. The next session should complete this final decomposition and mark the Hospital Patient Monitoring System as fully decomposed, making it the third completed system in the SE programme.