When Software Failures Create Products Liability
It’s the mid-1980s. The cost of a U.S. postage stamp is 22 cents. Jim McMahon and William “The Refrigerator” Perry do the Super Bowl Shuffle and lead the Chicago Bears to victory over the New England Patriots in 1986’s Super Bowl XX. That same year, Comet Halley visits the solar system for the second time during the 20th Century. Madonna, Whitney Houston and Michael Jackson achieve pop stardom. The era sees life-changing technological advancements. Microsoft Corp. releases Windows 1.0, and the first artificial heart transplant is performed. However, there are also significant technological disasters, namely in the explosions of the space shuttle Challenger and the Chernobyl nuclear power station.
Another awful but less well known technology-related event occurs during this same time period. The Therac-25, a medical device that provides radiation to cancer patients, experiences a software failure and administers as much as 125 times the intended doses of radiation to six patients, killing four and causing serious bodily injury to two. This event, which unfolds between 1985 and 1987, is considered the first major medical device software failure to give rise to products liability. Little is known about the specifics of the plaintiffs’ claims against the Canadian manufacturer of the device, however, as the cases are settled prior to any public litigation.
Given the nature of the malfunction and seriousness of the resulting injuries, the Therac-25 becomes the subject of much conversation in the popular media as well as in the medtech industry in the years following the disaster. By most accounts, the device’s malfunction was attributable to several problems, among them poor protocols for quality control, hazard analysis and testing. Reportedly, software design problems were further compounded by omission of critical hardware safety features that would have prevented overdosing when software controls failed. Nancy Leveson, a software safety expert who researched the Therac-25 extensively for her 1995 book, Software: System Safety and Computers, wrote this about the software problems that plagued the Therac-25. “A common mistake in engineering, in this case and in many others, is to put too much confidence in software,” Leveson wrote. “There seems to be a feeling among non-software professionals that software will not or cannot fail, which leads to complacency and overreliance on computer functions.”
In the years since the Therac-25 disaster and Leveson’s book, the medtech industry has seen increasingly more software-related problems with devices—so many, in fact, that it is questionable whether Leveson’s observation about the confidence of non-software professionals still holds true today. The medical device industry, as a whole, seems to be grappling with software-related quality problems as indicated by recall activity. Software failures are a leading reason that medical devices are recalled by manufacturers. Stericycle ExpertSOLUTIONS is a firm that offers recall management services to the medical device industry and others. It also publishes a quarterly “recall index” that provides data about recalls by industry. According to their recall index for the first quarter of 2017, “software issues” was one of the top four reasons that medical devices were recalled, accounting for 24.4% of all medical device recalls (based on the number of units) conducted during that time period. The pervasiveness of software quality problems may also explain why it has become fairly common to see software problems give rise to products liability claims.
Product Defects & Liability. Quite simply, when software fails and causes bodily injury or property damage, the nature of the products liability claims against the manufacturer is the same as if a mechanical component of the medical device had failed. Imagine, for example, that you are a manufacturer of ventilators, an FDA-cleared Class II medical device that is used by critically ill patients who experience difficulty breathing on their own. Due to a software problem with your device, a diagnostic code (which relates to the functioning of the software) may be triggered while your product is in use with a patient. When this occurs, the ventilator stops functioning and will not alarm properly. You determine that you can fix the software problem through a software update, which you make available through your website (in accordance with FDA’s requirements for conducting a recall). You also send an “Urgent Medical Device Voluntary Field Correction” letter to your hospital-customers, who are instructed to take immediate action to update their ventilators’ software. Around the time that one of your hospital-customers receives your letter—but before it is able to perform the software update—a ventilator in use with a patient shuts off due to the software problem. The patient is unable to breathe on her own, and she suffers severe and irreversible brain injury as a consequence of oxygen deprivation. Not surprisingly, this injury becomes the subject of a products liability lawsuit filed against you.
Given the astounding and transformative impact that software has had on medical device capabilities and the disruption that software-driven products have caused to healthcare delivery, it seems incongruous that any products liability that arises from software is handled according to traditional and well-established legal principles that apply equally to low-tech, simple component parts, such as nuts and bolts. Nevertheless, these same legal principles will determine the outcome of a lawsuit involving medical device software. In making her case against you, your plaintiff will likely assert that your ventilator was defective in its design, warnings and manufacture. It’s important to note that the typical plaintiff will likely assert all three arguments in any lawsuit, as offering alternative theories of what went wrong is permissible. So, what is she really claiming?
The three types of product defects at issue in a products liability case are commonly recognized by courts as follows, though the law may vary slightly between states:
- A plaintiff who claims that he or she was injured as a result of a design defect will attempt to demonstrate that the product failed to operate safely as a result of the product’s inherently dangerous design. Borrowing an example from outside the life sciences industry, it’s perhaps the Ford Pinto from the late 1970s that is the most well known for a design defect. In that litigation, plaintiffs alleged that the poor design of the car’s gas tank caused the vehicle to ignite, causing bodily injury to passengers.
- With respect to a warning defect, a plaintiff who attacks a product’s warning (as well as instructions for use and other labeling and product information) will seek to show that the product posed a hazard, but the manufacturer failed to warn about the hazard or instruct the user about how to avoid it, causing injury as a result. This was one focus of the tobacco litigation of the late 1990s. Plaintiffs claimed, among other allegations, that the product’s warnings were not strong enough to convey the hazards of smoking.
- An allegation of a manufacturing defect, on the other hand, is concerned with how a product was assembled. The plaintiff will argue that an error in the manufacturing process, such as contamination, created a hazard that led to his or her injury. In the early 2000s, for example, certain tires manufactured by Bridgestone/Firestone, Inc. experienced a higher-than-normal failure rate related to “tread separation.” This defect in the product, which was traced to one manufacturing facility in particular, allegedly injured at least one thousand people, and the company became the target of products liability litigation. Plaintiffs claimed that manufacturing defects, among other problems, were responsible for their injuries. Ultimately, these lawsuits cost the company tens of millions of dollars in damages.
Returning to the fictitious example of the ventilator and considering how the plaintiff might allege defects in your product, she may argue that her injuries are the result of a design defect in the ventilator’s software that caused the diagnostic code to be triggered, stalling the operation of the device and depriving her of oxygen. The plaintiff may further allege that you failed to warn healthcare providers about the hazard, either because the device’s alarm failed to sound, your field correction letter wasn’t timely, or you failed to convey the extent of the hazard and urgency of the software upgrade necessary to fix the problem. Finally, the plaintiff may allege that the software was manufactured improperly, causing the software to be corrupted and to malfunction as a result.
Trends, Prognostications and Risk Management. In the above-described scenario, you, the manufacturer, will have defenses available to you, which will become the subject of litigation or which will influence your decision to settle the case. At this point, the actions you took (or failed to take) to mitigate software risks and make your product safer will likely become relevant to the defense of your case. Legal theories aside, however, the purpose of this series is to examine what manufacturers can do before a claim arises to prevent such a scenario from occurring. Accordingly, the remaining articles in this series will discuss common ways in which software can impact a device’s products liability risk profile and what manufacturers should do about it.
The next article in this series, Medical Device Software & Products Liability: The Homefront, looks at the use of software-driven medical devices at use in non-clinical settings; particularly, in the home environment. The article addresses software’s role in the home healthcare trend, explains the software-related risks that arise from home-use products, and discusses what manufacturers can do to mitigate these risks.
References and Notes
- Grand View Research, Inc. is a U.S.-based market research and consulting company that provides syndicated research reports, customized research reports, and consulting services. Access their website here to read more about their 2016 study, Healthcare Cyber Security Market Worth $10.85 Billion by 2022, April 2016.
- Products liability is also concerned with property damage in addition to bodily injury. Less frequently, a lawsuit will arise after a medical device malfunctions and destroys property. For example, certain types of medical devices have been known to ignite and cause fires that result in damage to structures or personal property, losses that may be later addressed in products liability lawsuits.
- See The Vaginal Mesh Scandal Is The “New Thalidomide” – So Where Is The Outcry? by Harriet Marsden in the Independent on July 27, 2017.
- See What The J&J Hip-Replacement Lawsuit Means For You by Jeneen Interlandi in Consumer Reports on December 5, 2016.
- Plaintiffs may also assert products liability arguments that arise from a breach of warranty or by a violation of a state consumer protection statute. This series of articles will focus mainly on strict liability and negligence actions.
- For example, in Computer Servicenters, Inc. v. Beacon Mfg. Co, 328 F. Supp. 653, 655 (D.S.C. 1970), the Court held that a contract for data-processing software was in fact a contract for services, and not for goods, and thus the Uniform Commercial Code did not apply. Also see Winter v. G.P. Putnam’s Sons, 938 F.2d 1033, 1035–36 (9th Cir.1991).
- See Zollers, Frances E., et al. No more Soft Landings for Software: Liability for Defects in An Industry That Has Come of Age, Santa Clara Computer and High Technology Law Journal, May 2005. Also see Tracking The Likelihood of Liability From Health Apps by Kevin M. Henley in Law 360 (subscription required) on March 11, 2015.
- See Leveson, Nancy. Software: System Safety and Computers, Addison-Wesley, 1995, Appendix A, p. 44.
- See Q1 2017 Stericycle Recall Index.
This article does not constitute legal advice.