Case analysis module therac-25, college study notes - Case analysis, Study notes of Software Engineering

Online Reading. This module, designed for the EAC Toolkit (NSF SES 0551779) will test the Toolkit and Connexion's ability to network dierent online and oine sources for ethics across the curriculum. It consists of four components designed to provide students with tools for carrying out an in-depth analysis of the cases found at www.computingcases.org; it also makes substantial references to the draft manuscript of a textbook in computer ethics entitled Good Computing. Case Analysis Module: The

Typology: Study notes

2011/2012

Uploaded on 10/12/2012

hollyb
hollyb 🇺🇸

4.8

(44)

431 documents

1 / 7

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Connexions module: m13765 1
Case Analysis Module: Therac-25
William Frey
This work is produced by The Connexions Project and licensed under the
Creative Commons Attribution License
Abstract
This module, designed for the EAC Toolkit (NSF SES 0551779) will test the Toolkit and Connexion's
ability to network dierent online and oine sources for ethics across the curriculum. It consists of
four components designed to provide students with tools for carrying out an in-depth analysis of the
cases found at www.computingcases.org; it also makes substantial references to the draft manuscript of
a textbook in computer ethics entitled Good Computing: A Virtue Approach to Computer Ethics. (The
book will consist of the cases displayed at Computing CasesTherac-25, Hughes Aircraft, and Machado
plus seven additional cases all developed through NSF projects DUE-9972280 and DUE 9980768.) The
module presents the case abstract and timeline. It then refers students to Computing Cases where
they will nd the case narrative, history, and supporting documents that provide background necessary
for analysis. The case abstract and timeline introduce students to the basic outlines of the case. The
accompanying decision point taken from the case provides students with the necessary focus to carry out
an in-depth analysis. Students respond to the decision point by working through four stages: problem
specication, solution generation, solution testing, and solution implementation.
Computer Ethics
Case Module Template
By William J. Frey
Module Introduction:
The Therac-25 case is what Hu and Frey call a thick, historical, evaluative, big news and bad news case.
Tackling cases of this complexity requires both careful thought and considerable skill. Especially important
is the ability to sift through the case details, documents, and conicting narratives. The purpose of this
module is to provide students with a structure to tackle big, long, and complicated cases. Students will receive
frameworks to help them structure the case's ethical and social problems. They will also be provided with
decision points that will help them to enter into the case and take up the standpoint of a participant. The
module presented below can be linked to materials that can be found at www.computingcases.org. Nancy
Leveson, in Safeware:System Safety and Computer (515-553), also provides an excellent and comprehensive
account. Excellent advice on how to teach the case, updated information, and clear explanations of the
programming errors are provided by Chuck Hu and Richard Brown in "Integrating Ethics into a Computing
Curriculum: A Case Study of the Therac-25." The materials posted at Computing Cases were all developed
through NSF projects DUE-9972280 and DUE 9980768.)
The module presents the case abstract and timeline. It then refers students to computingcases.org where
they will nd the case narrative, history, and supporting documents that provide background information
necessary for analysis. The case abstract and timeline introduce students to the basic outlines of the case.
The accompanying decision point taken from the case provides students with the necessary focus to carry out
Version 1.8: Oct 10, 2011 7:08 am GMT-5
http://creativecommons.org/licenses/by/3.0/
http://cnx.org/content/m13765/1.8/
pf3
pf4
pf5

Partial preview of the text

Download Case analysis module therac-25, college study notes - Case analysis and more Study notes Software Engineering in PDF only on Docsity!

Case Analysis Module: Therac-

William Frey

This work is produced by The Connexions Project and licensed under the Creative Commons Attribution License †

Abstract This module, designed for the EAC Toolkit (NSF SES 0551779) will test the Toolkit and Connexion's ability to network dierent online and oine sources for ethics across the curriculum. It consists of four components designed to provide students with tools for carrying out an in-depth analysis of the cases found at www.computingcases.org; it also makes substantial references to the draft manuscript of a textbook in computer ethics entitled Good Computing: A Virtue Approach to Computer Ethics. (The book will consist of the cases displayed at Computing CasesTherac-25, Hughes Aircraft, and Machado plus seven additional cases all developed through NSF projects DUE-9972280 and DUE 9980768.) The module presents the case abstract and timeline. It then refers students to Computing Cases where they will nd the case narrative, history, and supporting documents that provide background necessary for analysis. The case abstract and timeline introduce students to the basic outlines of the case. The accompanying decision point taken from the case provides students with the necessary focus to carry out an in-depth analysis. Students respond to the decision point by working through four stages: problem specication, solution generation, solution testing, and solution implementation. Computer Ethics Case Module Template By William J. Frey Module Introduction: The Therac-25 case is what Hu and Frey call a thick, historical, evaluative, big news and bad news case. Tackling cases of this complexity requires both careful thought and considerable skill. Especially important is the ability to sift through the case details, documents, and conicting narratives. The purpose of this module is to provide students with a structure to tackle big, long, and complicated cases. Students will receive frameworks to help them structure the case's ethical and social problems. They will also be provided with decision points that will help them to enter into the case and take up the standpoint of a participant. The module presented below can be linked to materials that can be found at www.computingcases.org. Nancy Leveson, in Safeware:System Safety and Computer (515-553), also provides an excellent and comprehensive account. Excellent advice on how to teach the case, updated information, and clear explanations of the programming errors are provided by Chuck Hu and Richard Brown in "Integrating Ethics into a Computing Curriculum: A Case Study of the Therac-25." The materials posted at Computing Cases were all developed through NSF projects DUE-9972280 and DUE 9980768.) The module presents the case abstract and timeline. It then refers students to computingcases.org where they will nd the case narrative, history, and supporting documents that provide background information necessary for analysis. The case abstract and timeline introduce students to the basic outlines of the case. The accompanying decision point taken from the case provides students with the necessary focus to carry out

∗Version 1.8: Oct 10, 2011 7:08 am GMT- †http://creativecommons.org/licenses/by/3.0/

an in-depth analysis. Students respond to the decision-point by working through the four stages: problem specication, solution generation, solution testing, and solution implementation. Module Activities:

  1. Instructor introduces the case based on the abstract and timeline found at www.computingcases.org^1
  2. Students read case abstract, timeline, case decision point, and case analysis exercises.
  3. Students do further research into the case by consulting ComputingCases materials which include narratives, histories, supporting documents, and ethical analyses.
  4. Students carry out the activities outlined in the accompanying case exercises by (a) specifying the problem raised in the decision point, (b) generating solutions, (c) testing solutions using ethics tests, and (d) developing plans for implementing the solution over situational constraints.
  5. Students prepare their case analyses working in small groups.
  6. These groups present their completed analysis to the class in a case-debrieng session.
  7. The instructor concludes by discussing the problem-solving issues and intermediate moral concepts raised by the case.

1 Therac-25 Abstract

Therac-25^2 was a new generation medical linear accelerator^3 for treating cancer. It incorporated the most recent computer control equipment. Therac-25's computerization made the laborious process of machine setup much easier for operators, and thus allowed them to spend minimal time in setting up the equipment. In addition to making setup easier, the computer also monitored the machine for safety. With the advent of computer control, hardware based safety mechanisms were transferred to the software. Hospitals were told that the Therac-25 medical linear accelerator had "so many safety mechanisms" that it was "virtually impossible" to overdose a patient. Normally, when a patient is scheduled to have radiation therapy for cancer, he or she is scheduled for several sessions over a few weeks and told to expect some minor skin discomfort from the treatment. The discomfort is described as being like a mild sunburn over the treated area. But in this case on safety critical software, you will nd that some patients received much more radiation than prescribed Therac - 25 Timeline This time line is largely adopted from the Computing Cases website. The website developer, Charles Hu, has provided this module's author with a more detailed unpublished version (that provides the real names of the patients left out in Computing Cases) that the author has adopted here. Readers should note that this time line also overlaps with that provided by Leveson and Turner. (See below for two references where the Turner and Leveson time line can be found.)

(^1) http://www.computingcases.org/ (^2) http://www.computingcases.org/case_materials/therac/teaching/therac/supporting_docs/Therac%20Glossary.html#tr (^3) http://www.computingcases.org/case_materials/therac/teaching/therac/supporting_docs/Therac%20Glossary.html#tr

Table 1: Chronology closely paraphrases chronology in Computing Cases. The major dierence is that it replaces ctional names with real names of participants since these were eventually publicized. Most of these events were originally uncovered by Leveson. (See citations below)

Scenario: You are an engineer working for AECL sent to investigate an alleged overdosing incident at the Ontario Cancer Foundation in Hamilton. Ontario. The following is the description provided to you of what happened: On July 26, 1985, a forty-year old patient came to the clinic for her twenty-fourth Therac-25 treatment for carcinoma of the cervix. The operator activated the machine, but the Therac shut down after ve seconds with an HTILT error message. The Therac-25's console display read NO DOSE and indicated a TREATMENT PAUSE Since the machine did not suspend and the control display indicated no dose was delivered to the patient, the operator went ahead with a second attempt at a treatment by pressing the Proceed Command Key, expecting the machine to deliver the proper dose this time. This was standard operating procedure, and Therac-25 operators had become accustomed to frequent malfunctions that had no untoward [bad] conse- quences for the patient. Again the machine shut down in the same manner. The operator repeated this process four times after the original attemptthe display showing NO DOSE delivered to the patient each time. After the fth pause, the machine went into treatment suspend, and a hospital service technician was called. The technician found nothing wrong with the machine. According to a Therac-25 operator, this scenario also was not unusual. After treatment, the patient complained of a burning sensation, described as an electric tingling shock to the treatment area in her hip.. ..She came back for further treatment on July 29 and complained of burning, hip pain, and excessive swelling in the region of treatment. The patient was hospitalized for the condition on July 30, and the machine was taken out of service. (Description taken from Nancy Leveson, Safeware, pp 523-4) You give the unit a thorough examination and are able to nd nothing wrong. Working with the operator, you try to duplicate the treatment procedure of July 26. Nothing out of the ordinary happens. Your responsibility is to make a recommendation to AECL and to the Ontario Cancer Foundation. What will it be?

  1. Identify key components of the STS

Part/Level of Analy- sis

Hardware Software Physical Surround- ings

People, Groups, & Roles

Procedures Laws & Regula- tions

Data & Data Structures

Table 2

  1. Specify the problem: 2a. Is the problem a disagreement on facts? What are the facts? What are cost and time constraints on uncovering and communicating these facts? 2b. Is the problem a disagreement on a critical concept? What is the concept? Can agreement be reached by consulting legal or regulatory information on the concept? (For example, if the concept in question is safety, can disputants consult engineering codes, legal precedents, or ethical literature that helps provide consensus? Can disputants agree on positive and negative paradigm cases so the concept disagreement can be resolved through line-drawing methods?

2c. Use the table to identify and locate value conicts within the STS. Can the problem be specied as a mismatch between a technology and the existing STS, a mismatch within the STS exacerbated by the introduction of the technology, or by overlooked results?

STS/Value Safety (free- dom from harm)

Justice (Equity & Access)

Privacy Property Free Speech

Hardware/software Physical Sur- roundings People, Groups, & Roles Procedures Laws Data & Data Structures

Table 3

  1. Develop a general solution strategy and then brainstorm specic solutions:

Problem / So- lution Strategy

Disagreement Value Conict Situational Constraints Factual Conceptual Integrate? Tradeo? Resource?Technical?Interest

Table 4

3a. Is problem one of integrating values, resolving disagreements, or responding to situational constraints? 3b. If the conict comes from a value mismatch, then can it be solved by modifying one or more of the components of the STS? Which one?

  1. Test solutions:

Alternative / Test

Reversibility Value: Jus- tice

Value: Re- sponsibility

Value: Re- spect

Harm Code

A

A

A

Table 5

  1. Implement solution over feasibility constraints
  • For time line see: http://computingcases.org/case_materials/therac/supporting_docs/therac_resources/Timeline.html
  • Leveson in Safeware provides an excellence summary of the literature on system safety. For two further excellent resources consult the next two references.
  • Perrow, C. (1984) Normal Accidents: Living with high-risk technologies. Basic Books, NY,NY.
  • Reason, J. (1990/1999) Human Error Cambridge University Press: London.