The Y2K bug affects not only software, but embedded chips as well.
Year 2000 (Y2K) date processing issues in embedded systems have the same general causes and processing characteristics as the more widely known computer processing Y2K issues, which involve primarily software code processing and calculation problems. Embedded systems that display or record date information may experience problems with actual dates; however, such systems generally suffer different or additional consequences, which are usually the principal cause of concern over the Y2K impact.
From a health care perspective, both software and embedded system Y2K issues must be considered of equal importance, for both patient safety and health. Embedded systems are processor chips containing software. This software is referred to as “firmware,” and in most cases it cannot be reprogrammed; the chip itself must be replaced with an updated processor chip that contains new firmware. These chips exist in nearly every electronic device, from satellites to cars. They are installed in elevators, phone systems, microwave ovens, VCRs, ships, trains, offshore drilling rigs, nuclear power plants, and airplanes, just to name a few major areas. Embedded systems are also found throughout health care organizations, in hospitals, laboratories, intensive care, and clinics. Laboratory equipment, MRIs, CT scanners, defibrillators, electrocardiography recorders, dialysis and chemotherapy equipment, and many other embedded system-supported equipment within health care facilities may cause interruptions of services and a threat to patient safety and well-being.
Many leading Year 2000 authorities agree that the embedded system inventory is 70 billion plus in the world and that 7 percent to 8 percent of the systems containing embedded chips and/or individual hardware units may fail. The task of determining which of these embedded systems is likely to fail is a monumental task in that every chip must be checked for potential Y2K problems. Further exacerbating the replacement of these chips is the fact that many are impossible to reach, or that the original manufacturers of the chips are no longer in business.
The Y2K Problem
The Y2K problem can potentially arise in any system that incorporates “date-sensitive” software or firmware, or an internal electronic real-time clock (RTC). It may affect some specific items of medical equipment. It arises mainly because dates are sometimes stored with only the last two digits of the year, so “00” may be treated as meaning 1900 rather than 2000. Another possible cause is failure to recognize the year 2000 as a leap year.
While the use of four digits for the year is considered preferable, displaying or printing dates with only two year digits is not a issue in itself, if the century is obvious, as it is in many cases. Various problems may arise in the year 2000 or thereafter, if corrective action is not implemented in these situations:
- Calculations may be made incorrectly, such as a treatment that depends on a patient’s date of birth or the date when a device becomes due for servicing;
- Devices that check the date before or while running may treat some dates as being invalid and therefore refuse to function or execute properly;
- An embedded system device or a computer may transmit spurious or ambiguous dates or calculated values to other equipment, that, in turn will malfunction;
- Events such as treatments delivered or the occurrence of alarms may be incorrectly recorded;
- The leading zero in a two-digit year may not be printed, precipitating ambiguity, eg, as to whether a date such as 1/2/3 is year-month-day or day-month-year.
Some malfunctions could even present an immediate risk to life or health, for instance, if a device delivers an incorrect treatment (such as a wrong radiotherapy dose resulting from an incorrect calculation of the decay of a radioactive source) or a life support device ceases to function. Additionally, malfunctions that would not usually be hazardous for an individual patient could seriously disrupt health care if they are widespread. For example, if a single x-ray machine or a single infusion pump ceases to work, the immediate risk to patients may not be great, but if all the x-ray machines in a hospital, or all the infusion pumps, stop working on January 1, 2000, then the risk is much more serious. Although medical devices that are “date-sensitive” are mostly of recent design, and might therefore be expected to deal correctly with the year 2000, some of them may incorporate software or hardware components that were designed before this issue was recognized as a problem.
The possibility of malfunctions associated with the year 2000 can be foreseen and, therefore, it is mandatory to organize remedial action as soon as feasible. However, the resources do not exist, nationally or globally, to investigate every item of hardware and software in use throughout industry and commerce, let alone to put right all those that have not been correctly designed for the year 2000. As with other risks, prioritization is needed, having due regard to competing demands. Medical equipment manufacturers also need to address their own company systems to ensure that they can continue to provide support to users, eg, scheduled servicing of devices, etc. Supply-chain vendors also must be checked to determine if they are engaged in an internal Y2K effort to ensure that they can continue to supply medical services and materials after the century transition.
Inventory and Assessment Phases
Because most medical devices are off-the-shelf products, the organizations that are best qualified to establish whether or not they will function correctly in and after the year 2000 are the manufacturers themselves, who also bear a responsibility for the safety of the products they have supplied. The Medical Doctors Association (MDA) and other health care organizations therefore expected medical equipment manufacturers to assess all their products, to identify any affected by year 2000 problems, and to make this information available to users and other interested parties, with an indication of the appropriate remedial action.
A reasonable date by which to expect notification of models that need to be upgraded or replaced would have been the beginning of 1998; however, this date was not met by many manufactures. As a result, many health care organizations have been faced with conducting internal Y2K inventory and assessment activities in an attempt to determine the extent of their Y2K problem. The inventory phase involves taking a 100 percent inventory of date-sensitive equipment, recording information as to the manufacturer, the model number of the equipment, presence of firmware and its version or revision level, and the version of computer software operating systems and applications, etc.
On completion of the inventory phase, the assessment phase is begun by starting to contact the manufacturers of all date sensitive hardware equipment and software products. Through phone contacts, Web site access, and letters to the manufacturers, the assessment team must attempt to determine the Y2K compliance status of each item of date-sensitive hardware and software. The US Food and Drug Administration (FDA) Y2K Compliance Definition is cited below with respect to medical devices and scientific laboratory equipment:
“For the purpose of this product status reporting, Year 2000 compliant means, with respect to medical devices and scientific laboratory equipment, that the product accurately processes and stores date/time data (including, but not limited to, calculating, comparing, displaying, recording and sequencing operations involving date/time data) during, from, into, and between the twentieth and twenty-first centuries, and the years 1999 and 2000, including correct processing of leap year data.”
The assessment phase may prove to be extremely frustrating as reflected in this statement issued by the Veterans Health Administration and posted on its Web site: “Biomedical equipment that relies on computers or computer chips, from cardiac monitoring systems to electronic imaging machines, may be adversely affected by the Year 2000 problem. Although this situation has serious implications for the delivery of health care to the nation’s veterans, the Veterans Health Administration (VHA) still does not know the full extent of its Year 2000 problem or the cost to overcome it.
Assessment Testing
The possibility of facing a lack of support from manufacturers in determining the Y2K compliance of health care hardware and software inventory items may necessitate that your organization implement its own compliance testing program. A subject test program will also be mandated for those items of hardware and software that the manufacturer is no longer supporting, or when the manufacturer is no longer in business.
The average hospital, for example, has anywhere between 1,400 and 5,000 separate functions that are directly related to Year 2000 compliance. For the majority of hospitals, prioritizing this list of operations is an overwhelming task. At a minimum, the following operational tasks should be categorized, assessed, and tested:
If organizations do need to carry out their own testing, because malfunction would present a significant risk and either the device has been made in-house or no information can be obtained from the supplier, they should exercise due caution, particularly to avoid risks to patients. Attention should be paid to hardware, software, firmware, and operating systems, because any of these (or the interactions between them) could be the source of a malfunction. Attention should also be paid to the possibility that, if a device’s clock is set to a time in the future such as 1-1-2000, it may subsequently refuse to accept the real date and/or stored data may be lost or corrupted. If users identify a problem that could affect the safety of patients, users, or other persons, they should report it to the MDA Adverse Incident Center. After a device has been tested, users should ensure that the current date and other settings are correctly restored and that the device then functions normally.
Other Y2K Phases
Traditionally, the Inventory and Assessment Phases are followed by the Remediation or Renovation Phase during which noncompliant software and firmware are modified or updated to be Y2K compliant. However, in the health care area, few organizations have developed their own software code or written their own firmware code. Most software is purchased from a commercial vendor. Thus, remediation activities will involve only the replacement of noncompliant computer operating systems, applications, and utility programs on their local computer support systems. In the case of many software vendors, Y2K software patches may be available on vendor Web sites for free download and installation on existing computer support systems.
From a hardware perspective, remediation may consist only of the replacement of non-Y2K compliant hardware that is date sensitive. However, when deciding to replace non-Y2K compliant hardware equipment, one must consider the Y2K internal and external interface issues associated with the purchase of new Y2K compliant equipment. Should the new equipment interface with other hardware and/or software systems that may still have date-sensitive problems, then a potential Y2K issue may still exist within your facility or organization. The detailed assessment of internal and external interfaces is essential to avoiding a future turn of the century Y2K problem.
It is during the verification or validation phase that any remaining potential Y2K issues are discovered. The verification phase involves the repeated, in-depth testing of your facility or organization for all documented Y2K date-sensitive test dates. These dates may be found on any credible Y2K Web site. It is also during this phase that interface testing is performed, advance-the-clock testing beyond the year 2000 is initiated, and database data are tested on remediated hardware and software systems. Verification testing normally consists of 40 percent or more of the entire Y2K effort. The goal is to test, test, and retest.
The transition to 1999
For those who deny potential Y2K problems for the December 31, 1999 transition or rollover to January 1, 2000, they should investigate the events that occurred throughout the world on the rollover to January 1, 1999. Australian government officials reported a third of the computer related equipment in South Australian hospitals, including cardiac monitors and drug distribution systems, failed to operate properly after midnight of December 31, 1998. These potentially disastrous results forced the state government to boost funding by $19 million to combat the impact of Y2K, where computer systems may fail to recognize the date January 1, 2000. Australian Health Minister Dean Brown stated that the investment was needed because serious noncompliance problems had been discovered in several hospitals.
The cause of the worldwide 1999 roll-over problems was with the initial “99” series date. Software programmers in the past had used a series of “9s” to indicate “end of file” or “cease operating” commands in code that can halt or suspend computer processing functions or embedded system calculations:
- January 1, 1999, the beginning of the last year in the century (the two nines issue);
- April 9, 1999, the 99th day of the last year in the century (the three nines issue);
- September 9, 1999, the four nines issue for “9-9-99.” This will be the most prevalent problem.
Roger Patrick is the Year 2000 (Y2K) Services Program Manager, TRW Systems and Information Technology Group Electromagnetic Systems Division, Sunnyvale, Calif. He has been actively involved in managing numerous TRW Y2K government contracts since 1996.