Incident Details

Incident: Organ Transplant System Failures: Oversight Lapses and Organ Mix-ups

Published Date: 2022-08-03

Postmortem Analysis
Timeline	1. The software failure incident happened in June 2020 [131179].
System	unknown
Responsible Organization	1. The United Network for Organ Sharing (UNOS) was partly blamed for the software failure incident due to lax oversight of organ procurement organizations (OPOs) [131179].
Impacted Organization	1. United Network for Organ Sharing (UNOS) [131179] 2. Organ Procurement Organizations (OPOs) [131179]
Software Causes	1. unknown
Non-software Causes	1. Mistakes in the screening of organs, including failures to identify diseases in donor organs, mix-ups in matching blood types, and delays in completing necessary tests before transplant surgeries occurred [131179]. 2. Lax oversight of organ procurement organizations (OPOs) by the United Network for Organ Sharing, leading to careless treatment of donated organs, organs lost in transit, and technological issues [131179]. 3. Errors in communication and coordination between different entities involved in the organ transplant process, such as mislabeling of organs, miscommunication of test results, and failures in following proper procedures [131179].
Impacts	1. The software failure incident led to mistakes in the screening of organs, resulting in 70 deaths and 249 individuals developing diseases after receiving transplants [131179]. 2. The errors included failures to identify diseases in donor organs, mix-ups in matching blood types, delays in completing necessary tests before transplant surgeries, and technological issues [131179]. 3. The software failure incident caused confusion over organ donor blood types, leading to four separate transplant surgeries with incompatible recipients, resulting in the death of a lung transplant recipient and the removal of a heart from another patient due to rejection [131179]. 4. Undetected infections due to the software failure incident affected multiple patients, with one kidney transplant recipient in Nevada dying from a rare bacterial infection and another patient in California being infected but surviving [131179]. 5. The software failure incident also led to undetected cancer in a donor, resulting in a liver transplant recipient discovering a mass on the transplanted liver during a follow-up appointment, which originated from testicular cancer in the donor [131179].
Preventions	1. Implementing a more robust and modern technology system for the organ transplant network to replace the aged software and address periodic system failures, mistakes in programming, and overreliance on manual data input [131179]. 2. Increasing transparency and accountability for the chain of custody and transportation of organs through software solutions to track and monitor organ movements more effectively [131179]. 3. Enhancing the oversight and monitoring of organ procurement organizations (OPOs) and their operations through the implementation of software tools for better tracking and compliance management [131179].
Fixes	1. Implement a complete overhaul of the technology powering the transplant system to address aged software, periodic system failures, mistakes in programming, and overreliance on manual input of data [131179]. 2. Increase transparency and accountability for the chain of custody and transportation of organs to prevent errors in handling and tracking organs [131179]. 3. Enhance accountability for lost, damaged, and delayed organs to ensure proper handling and timely delivery of organs for transplant surgeries [131179]. 4. Create competition for the United Network for Organ Sharing (UNOS) to introduce more oversight and potentially improve the efficiency and effectiveness of the transplant system [131179]. 5. Award a separate contract for the transplant system's technology to potentially bring in new expertise and technologies to modernize the system [131179].
References	1. United Network for Organ Sharing (UNOS) [131179] 2. Centers for Medicare and Medicaid Services [131179] 3. Department of Health and Human Services [131179] 4. National Academies of Sciences, Engineering, and Medicine [131179]

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	one_organization	(a) The software failure incident having happened again at one_organization: The Indiana Donor Network, which procures organs across the state, was involved in a software failure incident where two healthy kidneys were accidentally thrown in the trash at an Indiana hospital in June 2020. This incident led to UNOS issuing a noncompliance order to the Indiana Donor Network [131179]. (b) The software failure incident having happened again at multiple_organization: There is no specific mention in the provided article about the software failure incident happening again at multiple organizations.
Phase (Design/Operation)	unknown	The articles do not provide information about a software failure incident related to the development phases, specifically design or operation. Therefore, it is unknown whether the reported incidents were caused by contributing factors introduced during system development, system updates, or procedures to operate or maintain the system.
Boundary (Internal/External)	within_system	(a) within_system: The software failure incident related to the organ transplant system was primarily due to contributing factors that originated from within the system. The failures included mistakes in screening organs, mix-ups in matching blood types, delays in completing necessary tests before transplant surgeries, errors in identifying diseases in donor organs, and oversight issues within the organ procurement organizations (OPOs) and the United Network for Organ Sharing (UNOS) [131179]. These internal system failures led to serious consequences such as deaths, diseases, canceled transplants, and organ losses. (b) outside_system: There is no specific mention in the articles of the software failure incident being primarily due to contributing factors that originated from outside the system. The failures and deficiencies highlighted in the organ transplant system were mainly attributed to internal issues within the system itself, such as errors in screening, matching, and oversight [131179].
Nature (Human/Non-human)	unknown	(a) The software failure incident occurring due to non-human actions: The articles do not provide information about the software failure incident occurring due to non-human actions [131179]. (b) The software failure incident occurring due to human actions: The articles do not provide information about the software failure incident occurring due to human actions [131179].
Dimension (Hardware/Software)	software	(a) The software failure incident occurring due to hardware: - The articles do not mention any specific software failure incident occurring due to contributing factors originating in hardware. Therefore, there is no information available in the provided articles related to a software failure incident caused by hardware issues [131179]. (b) The software failure incident occurring due to software: - The articles extensively discuss failures, errors, and mistakes in the organ transplant system that were primarily attributed to software issues. These software failures included failures to identify diseases in donor organs, mix-ups in matching blood types, delays in completing necessary tests before transplant surgeries, and technological issues [131179].
Objective (Malicious/Non-malicious)	non-malicious	(a) The software failure incident related to the organ transplant system was non-malicious. The failures were attributed to mistakes, errors, oversights, and deficiencies in the screening and matching of organs, as well as delays in completing necessary tests before transplant surgeries occurred. These issues led to the transmission of diseases, mix-ups in blood types, organs being lost in transit, and technological problems [131179]. The failures were not intentional acts to harm the system but rather resulted from systemic weaknesses, lack of oversight, and errors in processes within the organ transplant system.
Intent (Poor/Accidental Decisions)	unknown	The articles do not mention any software failure incident related to poor decisions or accidental decisions.
Capability (Incompetence/Accidental)	accidental	(a) The software failure incident occurring due to development incompetence: The articles do not mention any software failure incident specifically attributed to development incompetence. (b) The software failure incident occurring accidentally: The incident where two healthy kidneys were accidentally thrown in the trash at an Indiana hospital in June 2020 is an example of a software failure incident occurring accidentally. The incident was a result of human error and miscommunication, leading to the kidneys being discarded instead of being used for transplant surgeries [131179].
Duration	unknown	The articles do not provide information about a software failure incident related to the duration of the failure being permanent or temporary.
Behaviour	omission, timing, value, other	(a) crash: The articles do not mention any specific instances of a software crash as the cause of the failures reported in the organ transplant system. [131179] (b) omission: The failures reported in the organ transplant system include instances of omission, such as failures to identify diseases in donor organs, mix-ups in matching blood types, and delays in completing necessary tests before transplant surgeries. These omissions led to serious consequences for the recipients. [131179] (c) timing: The articles do not specifically mention failures related to timing, where the system performed its intended functions but at incorrect times. However, delays in completing blood and urine tests before transplant surgeries occurred, which could be considered a timing issue. [131179] (d) value: The failures in the organ transplant system included instances where the system performed its intended functions incorrectly, such as failures to identify diseases in donor organs and mix-ups in matching blood types. These incorrect performances led to adverse outcomes for the recipients. [131179] (e) byzantine: The articles do not describe the failures in the organ transplant system as exhibiting a byzantine behavior with inconsistent responses and interactions. [131179] (f) other: The failures in the organ transplant system also included incidents where healthy organs were accidentally thrown away, organs were lost in transit, and organs were misplaced during shipping, leading to canceled transplant surgeries and discarded organs. These incidents could be categorized as other types of software failure behaviors. [131179]

IoT System Layer

Layer	Option	Rationale
Perception	None	None
Communication	None	None
Application	None	None

Other Details

Category	Option	Rationale
Consequence	death, harm	The consequence of the software failure incident related to the organ transplant system failure described in the articles is primarily related to harm and death: (a) death: The software failure incident led to severe consequences, including deaths of individuals who received organs with undetected diseases or infections [131179]. (b) harm: Individuals were physically harmed as a result of the software failure incident, such as developing diseases after receiving organs with testing errors and overlooked communications [131179]. These consequences of harm and death were directly linked to the failures in the organ transplant system, which were exacerbated by software failures and oversight deficiencies.
Domain	health	The software failure incident reported in the news article is related to the health industry [131179]. The incident involved mistakes in the screening of organs for transplants, leading to deaths and diseases among recipients. The failures included errors in identifying diseases in donor organs, mix-ups in matching blood types, delays in completing necessary tests before transplant surgeries, and oversight issues in the organ procurement organizations (OPOs) responsible for collecting donated organs. Additionally, the incident highlighted deficiencies in the organ transplant system, including lax oversight, technological issues, and failures in communication and coordination among the various entities involved in the transplant process. The failures in the system led to canceled transplants, organ removals, and instances where organs had to be discarded due to errors in screening and matching. Furthermore, the incident exposed the need for improvements in the transplant system's technology, transparency, accountability, and chain of custody for organs. The failures in the system had significant consequences for patients, including infections, undetected cancer in donors, and mismatches in blood types, which resulted in adverse outcomes for transplant recipients. In summary, the software failure incident in the article is directly related to the health industry, specifically the organ transplant system, highlighting critical issues in organ screening, coordination, and oversight within the healthcare sector.

Sources

Senate committee releases details of transplant mistakes, deaths - The Washington Post - Published on: 2022-08-03
Article ID: 131179

Back to List