Hi, my name is AnMei Little and I am a senior majoring in biomedical engineering at Yale. In this module, we will present examples of what happens when software development goes wrong. When this class is taught at Yale, the students are assigned to present these and other case studies in small groups. We follow this tradition for the online class as the case studies will be presented by the four Yale undergraduate students who worked as student assistance in the creation of this course. The goal of this module is to give you some real-world examples of software failures. The case of Therac-25 was particularly important in the development of the medical device regulations in place today. All four of the case studies demonstrate a failure to follow appropriate procedures. Whether in the actual process of coding and testing, the adherence to the selected lifecycle model, the failure to account for the real-world environment that the software will operate in or even the consequences of a simple failure to install appropriate software updates in time. Here's the outline for the four vignettes. I'll be presenting the first and my peers will present the other three. For more information on some of these and other similar cases, see Chapter 17-22 at the textbook. The basics of Therac-25 are covered in the first lecture video in Week 2. My goal for this vignette is to provide more details of the situations and decisions that lead to the incidence. The following details about Therac-25, come from these two sources by Nancy Levison from 1993 and 1995. As a reminder, Therac-25 was a machine used for radiation therapy. Radiation therapy uses localized high-energy radiation to treat cancer. The common practice is to apply doses of radiation in multiple increments in order to avoid killing healthy normal tissue since normal cells can recover faster than the cancer cells. There are different forms of radiation. Electrons can be used to treat tumors near the skin surface, while X-rays, which have 100 times more energy are used to treat tumors deeper into the body. Direct exposure to X-rays can cause serious harm to patients. Therac-25 was a dual-mode treatment machine, meaning it had both electron and x-ray treatment capabilities. You can see where there could be a potential problem here. The figure on the left shows the turntable setup, which has both the X-ray and the electron treatment regions. Notice the flattener that must be aligned with the X-ray source in order to prevent direct exposure and the skin magnet that aligns with the electron source to direct those beams. A computer adjusts the turntable position. This machine derived from an earlier Therac-20 model but Therac-25 replaced mechanical safety mechanisms with software which supposedly would check the turntable settings. Failures within this software cause several incidents of radiation poisoning when the electron magnets were wrongly aligned with the X-ray, leading to severe injuries and death. Let's walk through an operator's interaction with the software. The operator first positions the patient on the table in the treatment room. He or she manually sets the treatment field sizes and attaches the necessary accessories to the machine. The operator then leaves the room and controls everything from a console room. The patient's info and treatment plan are entered into the software system and the computer checks to make sure that manually set values match the values typed into the console. If the values match treatment begins. Operators then began complaining that it was redundant and time-consuming to reenter the data into the console system. The Atomic Energy of Canada Limited, or AECL, modify the software to copy treatment data from the manually set values. Here's an example of a time when things went wrong. In March 1986 at the East Texas Cancer Center, a male patient came in for skin cancer electron radiation treatment on his back, he was going in for his ninth treatment. After sending the patient into the treatment room, the technician incorrectly set the machine on X-ray mode, but quickly changed it to electron mode using the up arrow key to edit. The parameters displayed as verified on the screen and she hit the key to begin treatment. The software did not detect the last-minute change and left the beam on X-ray mode even though the computer read electron mode on the screen. The machine quickly shut down and displayed malfunction 54 on the screen. There was no indication in the instruction manual as to what this malfunction indicated and accustomed to the frequent stops and problems with the machine, the operator press the P key to proceed with treatment. It was later revealed that the patient had received a massively concentrated overdose of up to 155 times more radiation than planned. The patient died from resulting complications five months later. There were a total of six reported incidents involving Therac-25. The first at Kennestone Regional Oncology Center, one at Ontario Cancer Foundation, two at Yakima Valley Memorial Hospital, and two at East Texas Cancer Center. All of the instances had similar storylines as the East Texas Cancer Center incident that we just discussed. It took far too many instance for the manufacturers to even acknowledge the possibility of error. After the first incident, no action was made to investigate the safety or to warn other physicians using Therac-25. After the second incident, the clinic asked AECL to include additional safety checks, but AECL did not comply. After the first Texas incident, the engineer told the hospital that it was "impossible for Therac-25 to overdose the patient." The second East Texas incident involved the exact same operator, as before she used the edit-up key to quickly change the mode from X-ray to electron. Again, the malfunction 54 error popped up and the operator heard the patient moaning for help in the treatment room. The patient describe the feeling of fire on the side of his face where he was receiving treatment. After this incident, a physicist at the hospital began his own investigation. He worked with the operator and retraced all of her steps. There are lots of experimentation and button pressing. They discovered that a quick data entry edit from X-ray to electron mode could recreate this malfunction sequence and overdose. Without the effort of these two individuals, it may have taken much more time and many more instance for the Therac-25 bug to be found. We can learn a lot from the failures of the manufacturer to respond to complaints. There were complacent and design and fail to accurately check safety, assuming that since prior versions were safe, that new version was safe as well. They used cryptic error messages and confusing user interfaces. They were overconfident in their software failing to conduct adequate investigations following hospital incidents. These failures led to severe injury and death for several individuals. Because of these incidents, companies are now required to have a process for receiving and responding to complaints. For the regulatory response, minimal investigation was conducted by regulatory agencies prior to 1987, allowing the machines to continue operating. In February 1987, the FDA recommended all Therac-25 Machines to be shut down and forced AECL to notify all hospitals of this. The FDA required the manufacturer to implement comprehensive safety improvements. After five back and forth revisions the Therac-25 was finally approved for safety and implementation. Since these incidents the FDA has taken a much more cautious approach in approving software. They now highly emphasize proper documentation and testing. In conclusion, we learned that software can fail just like hardware. In many cases, it's hard to detect where and how it will fail, because this requires very thoughtful testing. Software failure, just like hardware failure can cause serious harm as seen by the sticks reported patient incidence. Again, proper documentation and testing is crucial for developing medical software. Finally, the failures of Therac-25, provide guidance on what not to do. Thus shaping modern medical software regulation through agencies such as the FDA. Thank you.
