archive-org.com » ORG » C » COMPUTINGCASES.ORG

Total: 197

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • CMC Response
    difficulty with Fault Tree Analysis as it is often practiced If the only items considered are failure items e g wear fatigue etc a Fault Tree Analysis really only gives one a reliability for the system AECL s Response to the Accidents In July of 1985 AECL was notified that a patient in Hamilton had been overdosed AECL sent a service engineer to the site to investigate AECL also informed the United States Food and Drug Administration FDA and the Canadian Radiation Protection Board CRPB of the problem In addition they notified all users of the problem and issued instructions that operators should visually confirm hardware settings before each treatment AECL could not reproduce the malfunction but its engineers suspected that a hardware failure in a microswitch was at fault They redesigned the hardware and claimed that this redesign improved the safety of the machine by five orders of magnitude After modifications were made in the installed machines AECL notified sites that they did not need to manually check the hardware settings anymore In November of 1985 AECL heard of another incident in Georgia The patient in that incident Linda Knight filed suit that month based on an overdose that occurred in June There is no evidence that AECL followed up this case with the Georgia hospital Though this information was clearly received by AECL there is no evidence that this information was communicated internally to engineers or others who responded to later accidents In January of 1986 AECL heard from a hospital in Yakima Washington that a patient had been overdosed The AECL technical support supervisor spoke with the Yakima hospital staff on the phone and contacted them by letter indicating that he did not think the damage they reported was caused by the Therac 25 machine He also notified them that there have apparently been no other instances of similar damage to this or other patients In March of 1986 AECL was notified that the Therac 25 unit in Tyler Texas had overdosed a patient They sent both a local Texas engineer and an engineer from their Canada home office to investigate the incident the day after it occurred They spent a day running tests on the machine but could not reproduce the specific error The AECL engineer suggested that perhaps an electrical problem had caused the accident He also said that AECL knew of no accidents involving radiation overexposure with the Therac 25 An independent engineering firm checked out the electric shock theory and found that the machine did not seem capable of delivering an electric shock to a patient On April 11th of 1986 AECL was alerted to another overdose that had occurred in Tyler After communication with the medical physicist at Tyler AECL engineers were able to reproduce the overdose and the sequences leading up to it AECL filed a medical device report with the FDA on April 15 1986 to notify them of the circumstances that produced the two Tyler accidents At this point

    Original URL path: http://computingcases.org/case_materials/therac/case_history/Case%20History.html (2016-04-30)
    Open archived version from archive


  • Therac Table of Contents
    25 Abstract Therac 25 Introduction How Radiation Therapy Works The Machine Basic Principles Machine Design Software Design System Safety The Participants Hospital FDA Operators AECL Accident Accounts Linda Knight Donna Gartner Janis Tilman Isaac Dahl Daniel McCarthy Anders Engman Therac

    Original URL path: http://computingcases.org/case_materials/therac/supporting_docs/therac_case_narr/therac_toc.html (2016-04-30)
    Open archived version from archive

  • Teaching Introduction
    that targeted electron or X ray beams on cancerous tissue to destroy it Electron beams were used to treat shallow tissue while photon beams could penetrate with minimal damage to treat deep tissue Even though operators were told that there were so many safety mechanisms that it was virtually impossible to overdose a patient this is exactly what did occur in six documented cases Leveson These massive radiation overdoses were the result of a convergence of many factors including simple programming errors inadequate safety engineering poor human computer interaction design a lax culture of safety in the manufacturing organization inadequate reporting structure at the company level and as required by the U S government In presenting this case we are not interested in determining who should be blamed for these accidents All the cases have already gone through the courts and have been settled We are interested in helping you learn how to think about the design and use of software in safety critical applications What are the responsibilities of the organizations and individuals involved What design decisions and organizational structures led to the accidents How might different organizational systems or software design have helped avoid or minimize the harm As a computer scientist you will be focussing on the software in this medical linear accelerator And indeed there are some clear coding errors on which we can focus However the more difficult and dangerous problems are those in the design of the entire system and in the way the software plays its part in that design These system safety issues are critical to understanding this case and to understanding what it means to design safe software Structure of the Therac 25 Case Our presentation of the case itself is composed of three parts introductory materials a description of the machine and overviews of the participants in the case Together these sections give one a good idea of the information each actor in the case had at the time of the accidents We reserve any analysis of this case for the teaching section However many of the sections contain broad hints regarding the danger of the machine and the particular ways that inadequate software design might cause harm to patients Introductory materials These provide some background for students to understand the case There is a general introduction to the case explanations of how radiation therapy works and a section on how medical linear accelerators work The machine This section provides an overview of how the Therac 25 machine itself worked This includes a description of the turntable the rooms in which the machine is placed and the role of the operator in setting up the machine There is also a section on the design of the software This is a high level introduction to the issues involved in the design of the software The excerpts from Leveson we provide in the resource section provide much more detail down to two particular coding errors that probably caused some of the accidents

    Original URL path: http://computingcases.org/case_materials/therac/teaching_intro/Teaching_Intro.html (2016-04-30)
    Open archived version from archive

  • Soci-Tech Therac 25
    system In a similar manner an ethical analysis of the issues in this case requires an awareness of the entire socio technical system The Therac 25 Medical Linear Accelerator is a large machine that sits in a room designed just for it We think of the machine itself or the machine in the room as the system But the larger system or the Socio Technical system that we need to think about includes Hardware The mechanics of the machine itself including its associated computer Software the operating system of the computer and the operating system of the machine Physical surroundings the room with its shielding cameras locking doors etc People operators medical physicists doctors engineers salespeople managers at AECL government regulators Institutions AECL FDA each medical facility associations of operators etc Procedures Management models AECL s model of how risk is managed Reporting relationships who was required to report accidents to whom Documentation requirements for the software for the facilities for the FDA Data flow how different parts of AECL shared information how information was shared among agencies and organizations how data was used by the Therac software Rules norms what patients are normally told what operator physicist responsibilities are expectations set for the programmer Laws and regulations Reporting requirements FDA enforcement mechanisms medical liability law Data data was collected in FDA approval process use of data in Therac software The following table presents some of these items in a schematic form The Socio Technical System The Machine Supporting Systems video audio etc Hardware Software Systems Hospitals and Clinics Doctors Medical Physicists Management User Groups Operators Reporting Procedures Atomic Energy Canada Limited Management Reporting Procedures Design Teams Sales Staff Support and Field Engineers Government Medical Device Regulatio n Food and Drug Administration Canadian Radiation Protection Bureau Reporting Procedures A thorough

    Original URL path: http://computingcases.org/case_materials/therac/analysis/SocioTechnical_Analysis.html (2016-04-30)
    Open archived version from archive

  • Using the ImpactCS Grid to Understand Therac-25
    social scientists The point is that any particular computing system can be analyzed from both the perspectives of social analysis and of particular ethical issues The grid you see below was designed by the panel to serve as an analytic tool in thinking about any system The idea is that each of the ethical issues can be analyzed at each of the levels of social analysis For instance in this case safety is the primary concern But we need to think about issues of safety at individual group national and global or international levels Each of these levels brings forth different issues and different ethical concerns In addition the grid reminds us that safety issues are only one of many issues that might concern us in a case We unpack these concerns in a series of documents that you can access by clicking on the highlighted cells in the Framework below For Therac 25 we provide an extensive analysis of safety issues at all four levels But a complete analysis would ask about privacy issues important for reporting systems property rights is the software for Therac 25 a product or a service and all the other issues We provide rudimentary

    Original URL path: http://computingcases.org/case_materials/therac/analysis/Intro_to_Analysis.html (2016-04-30)
    Open archived version from archive

  • Exercises Therac25
    actors some of them representing the same entity at different times There are closely interwoven networks of action and reaction guided by multiple and mixed motives where the real state of the information available to an actor at any one time is unclear This is not however simply the uniqueness of the Therac 25 case it is a property of all cases if they are studied closely enough Finally it is a property of the real life of technology in use We provide here some exercises to help students grapple with the complexity of these situations But first a comment on simple answers We recommend you read the section on pitfalls before teaching this case It outlines ways to approach this case that bring only a shallow level of understanding to the complexities In the Therac 25 case one of these pitfalls single causation leads to the tendency to fix each error one discovers with a local patch This usually increases the complexity of the system provides false confidence in its safety and does not address the design issues that led to the existence of the error in the first place This is clearly the kind of thinking that AECL

    Original URL path: http://computingcases.org/case_materials/therac/exercises/assignments.html (2016-04-30)
    Open archived version from archive

  • Guide to Supporting Docs
    more detail on the software problems the design of the machine and software and the interface on the VT100 terminal Therac History An overview of the history and physical design of the Therac 25 The TurnTable A close look at how the turntable was constructed and how its position was monitored The turntable position was a critical issue in all the overdoses Software Design An overview of the design of the software in Therac 25 Particular attention is given to how real time issues resulted in race conditions Safety Analysis An overview of the several different safety analyses that were done on the Therac 25 system Interface A description of the operator interface on the VT100 operator console Particular attention is given to the difficulties with error messages and with editing Tyler Software Problem A description of the software problem that resulted in overdoses at Tyler TX Yakima Software Problem A description of the software problem that resulted in overdoses at Yakima and possibly Hamilton Ontario Produce Malfunction 54 This is a transcription of the memo that the medical physicist at the Tyler Texas produced upon discovering how to produce the malfunction 54 Malfunction 54 produced in this way would deliver a dose 25 000 rads of 25 MeV electrons in less than two seconds The standard therapeutic dose is about 200 rads at any one time A dose of 500 rads over the entire body is considered lethal to 50 of individuals who receive it Two persons were killed from the malfunction 54 overdose One died in 5 months the other within one month Operator Interview There are two documents in this section Both are derived from an interview we conducted with an operator of a Therac machine This person was trained as a linear accelerator operator just before

    Original URL path: http://computingcases.org/case_materials/therac/supporting_docs/Guide_to_Supporting_Docs.html (2016-04-30)
    Open archived version from archive

  • Machado Case History
    the meeting Machado was charged with knowingly and without permission using computer services Machado s trial was set for November 25 th 1996 Machado then agreed to participate in several public forums in which he apologized for his action He attended these forums and did in fact apologize at them A few days later Richard Machado received a call from his brother asking about an article in the local paper in which Machado was identified as being responsible for an email hate crime Machado denied his involvement claiming that the perpetrator must have been someone else with a similar name Shortly thereafter Machado disappeared On November 14 th 1996 a stolen vehicle report was filed at the Police Department for the City of Irvine The report described Machado as having taken his roommate s car without asking Machado had allegedly told one roommate that he was borrowing the other roommate s car and that the other roommate had approved this The roommate had not in fact given permission nor had he been aware that Machado was using the car On November 18 th 1996 the FBI joined in aiding the investigation of the stolen car An FBI agent appointed to the case went to Machado s residence and was told by roommates that Machado had not been seen since he had left with his roommate s car keys on the 14 th Machado had lived at this residence since October 1 st 1996 In that time Machado had also been suspected of other incidents 1 80 was missing from a third roommate s coin jar 2 154 Visa charges had been made to the roommate s card of which 54 were unauthorized phone calls on November 10 th 11 th and 12 th 1996 Between November 21 st and 23 rd 1996 the FBI investigated the case by interviewing the second roommate and Tammy Machado Richard Machado s sister in law Tammy was told that if Richard did not appear for his court date on November 25 th 1996 a warrant for his arrest would be issued She said that if anyone in the family hears from Richard they would encourage him to show up for court Machado did not appear at the November 25 th court date A warrant was issued for his arrest but the investigation could not proceed in his absence Finally on February 6 th 1997 Richard Machado was arrested A United States Immigrations Inspector caught Machado attempting to cross the border at Nogalas Arizona back into the U S from Mexico where Machado had allegedly been looking for construction work He later testified in court that he had fled to Mexico after hearing that he could receive 10 years in prison for sending the email messages A United States Customs Inspector was also present Machado was reported appearing homeless and without any possessions Following the arrest a new trial date was set for September 16 th 1997 Machado was charged with 10 counts of violating

    Original URL path: http://computingcases.org/case_materials/machado/case_history/case_history.html (2016-04-30)
    Open archived version from archive



  •