The Year 2000 (or "Y2K") computer problem has implications reaching far beyond computers. Y2K relates to the inability of most computers to process data information beyond December 31, 1999. Hospitals, clinics, home care providers, nursing homes and assisted living centers are all potentially at risk from the millennium bug. Y2K problems arising from both internal and external sources pose serious concerns for medical personnel, healthcare facilities and patients, not simply departments dealing directly with information technology. Unresolved, Year 2000 failures could impact severely on patient care, disrupt key business functions and create substantial liability exposure. To effectively address this problem, boards of directors, CEO's and other senior executives must take immediate action to avert a crisis.
In a recent survey of industry responses to the problem, Healthcare ranked near the bottom of all vertical industries with respect to their Year 2000 activity: a huge 88% was still in the "awareness" phase. Failure to mitigate the problem can have a far reaching and negative impact on society.
AREAS FOR CONCERN:
Patient Care/Treatment
Interruptions in critical infrastructure can impact patient care staff's ability to respond to a staffing need. Cellular phones, pagers, security systems, elevators, ambulance services all could e affected by Year 2000 problems.
Medical Equipment and Devices
Medical devices include over 100,000 products in more than 1,700 categories. Specifically, the issue is that many medical devices use computers or software, including: embedded microchips which are part of, or components of, devices; or non-embedded software; or individual software programs which use or process patient data to reach a diagnosis, aid in therapy or track donors and products.
Examples of embedded chip devices include:
- Infusion pumps in intravenous drips
- Heart defibrillators
- Pacemakers
- Intensive care monitors/ life support systems
- MRI's
- CT and PET scans
- Dialysis
- Chemotherapy and radiation equipment
- Laboratory, radiology and other diagnostic systems
- Monitoring and control systems, including environmental and safety equipment
- Business Dependencies
Even if a healthcare facility takes care of its own Year 2000 problems, it may still experience business interruptions if third parties upon which it depends fail to do so. Healthcare systems cannot function effectively without reliable support from medical insurance payers, claims clearinghouses, banks, and suppliers of hundreds or thousands of other goods and services, all of which are potentially vulnerable to Y2K failures.
Public Infrastructure Failures
Hospitals cannot operate without power, water or police and fire protection. Communication links with the fire and ambulance services and even the operation of traffic lights could be affected.
Liability Exposure
Some have predicted that the cost of litigation resulting from the Year 2000 problem will top $1 trillion. Hospitals and their key decision makers may face malpractice claims, personal injury and wrongful death suits, actions against directors and officers, enforcement of licensing, accreditation and other regulations, and, for publicly held corporations, shareholder suits. Directors and officers must be particularly careful to avoid personal liability for failure to exercise due diligence and reasonable business judgment in connection with foreseeable Year 2000 problems.
Year 2000 Risk Assessment
Year 2000 risk assessment requires active executive involvement to provide adequate financial and human resources and sustained effort across the board. Once senior management is secured, hospitals must systematically assess their Y2K business and legal risks and develop comprehensive compliance plans.
A business risk assessment should first inventory internal information technology systems, as well as embedded chips and third party dependencies.
A Year 2000 legal audit should inventory and evaluate existing contractual and other legal rights, obligations and remedies as they relate to the identified business risks, focusing on those that are high risk and mission-critical. The dual objectives of the legal audit are to determine whether vendors, service providers, insurers or other third parties might be responsible for correcting certain Y2K problems or bearing some or all of the costs and to identify where the hospital and its officers might encounter legal exposure.
Healthcare Due Diligence
In order to preserve quality patient care, maintain business operations and avoid liability, hospital directors, officers and executives must develop and implement systematic strategies to meet the Year 2000 challenge. Doing nothing is not an option. Exercising due diligence on all fronts to prevent and minimize Y2K failures should and must become a priority for all healthcare institutions.