Monday, September 16, 2013

Software recalls

The IEEE Spectrum web site reports that a software package was recalled. United Healthcare recalled something called "Picis ED Pulsecheck"; the problem relates to notes made by physicians (who would be the users).

I recognize that software for medical records is important. Defects in "normal" software can lose information, but defects in medical records can lead to incorrect diagnoses, incorrect treatments, and complications to the patient -- even death. Software in the medical domain must be correct.

Yet the idea of a "recall" for software seems primitive. Unusual, also; the is the first time I heard of a recall for software.

Recalls make sense for physical products. Physical products that pose some danger to the owner, like automobiles with faulty brake systems or lamps with incorrect wiring.

A recall forces the owner to return the product, or bring the product to a service center where it can be repaired.

Software is different from a physical product. It doesn't exist in a tangible form. For recalls, manufacturers must keep careful records of the repairs made to each unit. I can install software on several computers; do I bring in each copy?

But more than the number of copies, the basic idea of a recall for software seems... wrong. Why force someone to remove software from their location and :bring it in for repair"?

Why not send an update?

In software, we don't think of recalls. Instead we think of updates. (Or "patches", depending on our software subculture.)

All of the major software manufacturers (Microsoft, Apple, Adobe) send updates for their software. Today, those updates are delivered through the internet. Now, perhaps the medical software is on systems that are not connected to the internet (a reasonable security precaution) but updates can be delivered through means other than the internet.

Now, maybe United Healthcare has a good reason for issuing a recall and not sending out updates. Maybe their product is covered by federal or state laws that mandate recalls. Or maybe their corporate mindset is one of products and liability, and they choose to issue recalls. I don't know. (United Healthcare chose not to consult with me before issuing the recall.)

It's not important what United Healthcare does, or why. It's important what you do with your software and your customers. You can issue recalls (if you want) or updates (if you want) or both -- or neither. I encourage you to think about the choices you make. That's the important item here.

No comments: