Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internal Bug: Code Flaw May Lead to Wrong Dose From Infusion Pump

Posted by timothy on from the clippy-thinks-you're-injecting-insulin dept.

chicksdaddy writes "The steady drumbeat of disturbing news about vulnerable, IP enabled medical devices continues this week, after medical device maker Hospira said it has issued a voluntary recall of its Symbiq-brand drug infusion pumps after discovering a software error that may cause touch interfaces on the pumps to not respond to user touches or to display dosage information that is inaccurate. The problem was detected in around 1.5% of Symbiq One Channel and Two Channel Infusers (model numbers 16026 and 16027), but could potentially affect 'all Symbiq infusion systems currently in the field.' The software bug could result in 'a delayed response and or the screen registering a different value from the value selected by the user,' the company said in a statement."

17 of 86 comments (clear)

  1. Interesting by colinrichardday · · Score: 3, Interesting

    How do you teach that to nursing students?

    1. Re:Interesting by h4rr4r · · Score: 2

      I would assume they would already know that tools are not infallible and if things are looking right get another source of data.

      On the other hand personal experience teaches me some Nurses and Doctors seem to prefer conjecture to actual testing.

    2. Re:Interesting by colinrichardday · · Score: 2

      I would assume they would already know that tools are not infallible and if things are looking right get another source of data.

      Even if it is a correct assumption, what feedback would they receive that the pump is infusing at the wrong rate?

    3. Re:Interesting by autocannon · · Score: 5, Informative

      You have no clue what you're talking about. Patients get PISSED when they need to be stuck with needles more often than necessary. Especially when you go tell them it's because we don't know if that IV device actually works right.

      People just love to be guinea pigs.

      On top of who's paying for that? Health insurance companies sure as shit don't pay for device diagnostic tests. Nor does it cover the fact that every patient's different based upon their size, composition, metabolism, etc. All those factors play a big role in drug absorption and metabolism. There's no way to get an established set of values to determine a precise numeric value for infusion.

      Not to mention, exactly what blood test are you going to use to test for a straight up saline drip?

      Your statement is incredibly misinformed. You'd get better results just by standing next to the pump and listening to it to determine approximately how much it's infusing. Of course that requires one be experienced with the pumps to be able to gauge that by ear.

  2. Therac-25 by Anonymous Coward · · Score: 5, Informative

    Does this remind anyone else about the issues with the Therac-25 radiotherapy machine?

    User interface was able to go out of sync with the model. Causing incorrect dosage to be administered. Deaths were caused and I think we all hoped lessons had been learnt!

    https://en.wikipedia.org/wiki/Therac-25

    1. Re:Therac-25 by deKernel · · Score: 4, Interesting

      The statement about how the lesson can't be taught to profit seeking enterprises is a load of crap. I have worked in both the area of distributed control systems as well as financial transaction processing (which are both self regulated), and we ALWAYS took situations like this VERY serious. We tested and tested and tested and tried to cover all conditions BEFORE we hit the market. Did the testing cut into our sinister profits, yes, but we knew that peoples lives and livelihoods were on the hook. Are there some companies that don't care, sure, but they will always exist regardless of operating environment.

    2. Re:Therac-25 by ColdWetDog · · Score: 2

      An 'external monitor' for an IV pump? Exactly how would you do that? Gang another pump in series (with concomitant added complexity, chances for infection vectors, operator error and other issues)?

      From the fairly useless blurb it sounds like on some (but not all) pumps the user interface can't keep up with the user. Suggests that there was a problem in understanding the manufacturing tolerances of the touchscreens or some other timing issue in the system. While concerning, I don't think anyone really thinks you can get 'perfect' devices. Certainly the smarter pumps have the advantage that they can do some simple arithmetic calculations (which humans are notoriously buggy at) and have many more failsafes than the old 'dropper' method of determining IV flow rates (1 drop every 10 seconds = 100 cc / hr or some similar).

      I'm more interested in how they determined an error in 1% of their pumps. Did somebody look carefully? Did their QA processes find it? Did the FDA find it?

      --
      Faster! Faster! Faster would be better!
    3. Re:Therac-25 by h4rr4r · · Score: 2

      The issue is the moment it becomes more expensive to prevent or insure against than the value of the company everyone becomes one of those sinister companies.

      If I have a $3 billion company why would I insure against a $4 billion problem more than a $3 billion dollar one?

      By its very nature limited liability limits the liability and thus the incentive to not fuck up.

  3. Nothing to do with 'vulnerable IP enabled' by Anonymous Coward · · Score: 5, Insightful

    and everything to do with bad code. Why imply that the connectivity is somehow at fault here?

  4. Interesting, but IP related? by PieEye · · Score: 5, Insightful

    I don't see any mention in the article that having the device connected to IP is causing the issue. Sounds like a touchscreen / code issue. The FDA's article also doesn't specify anything other than that.
    Hospira has completed an investigation into customer reports and has found the major contributor to be software related. Other contributing root causes that have been identified include damaged connections, physical damage and other touch screen defects.

    It would be nice if the article would stick to the point and not confuse issues.

    --
    ... in bed.
  5. This happens all the time by ahabswhale · · Score: 4, Insightful

    Seriously, medical devices are recalled ALL THE TIME. Not really interesting info.

    I used to date a girl who handled recalls for a medical device company.

    --
    Are agnostics skeptical of unicorns too?
  6. Re:bacteria....is why by h4rr4r · · Score: 2

    Wouldn't separating the controls from the device just be easier?

    Nothing complicated just a pogopin connection or similar. That way you can wipe down the whole device and it can be sealed.

  7. Re:no moving parts, easy to clean by serviscope_minor · · Score: 3, Informative

    As soon as you introduce physical keys you have moving parts that can get gummed up, are hard to sterilize, and wear out.

    lolwut?

    http://en.wikipedia.org/wiki/Membrane_keyboard

    Also, resistive and capacative touch screens won't work well with the sterile gloves that many medics wear.

    They almost certainly did it because it is cheap and/or looks cool. Cool seems to sell even in places where it really reall shouldn't.

    --
    SJW n. One who posts facts.
  8. Re:no moving parts, easy to clean by h4rr4r · · Score: 2

    Capacitive buttons work fine with latex gloves. I used one that way frequently due to an injury for the last week or so.

  9. accountability... by schlachter · · Score: 2

    Seems like there ought to be multiple third party code audits and product testing before these go to market. How liable is a company for software bugs that cause significant damage or kill? To what degree to third party audits remediate the level of liability? Scary stuff.

    --
    My God can beat up your God. Just kidding...don't take offense. I know there's no God.
  10. My own medical device software mistake. by deathcow · · Score: 4, Interesting

    I wrote all the "C" code which controlled a robotic bone lengthening device. (Read up on the ilizarov procedure.) At the most basic, it is used to make your legs or arms longer, a tiny bit per day, just over an inch per month of growth. The doctors would break the bone, after having installed an external mechanical frame holding you together. They would slowly lengthen the mechanical frame by 1mm every day. They would use wrenches and do it four times a day, 1/4mm per lengthening. Our machine would do it once per minute (growing your bone at 604 nanometers additional length per minute.) I used a table in ROM of how many pulses to do, how often. A couple of the entries were wrong and resulted in the wrong amount of bone lengthening.

  11. Re:no moving parts, easy to clean by Americano · · Score: 2

    Capacitive touchscreens generally work fine with the latex gloves medical personnel wear. Thin, little-to-no insulation, no seams... there's really very little issue getting them to work.

    Also, moving keys can have corners and edges that can snag and tear gloves, as well - touchscreens do not.

    They're moving to touchscreens because touchscreens work, and work well, plus are easier to keep clean.