By: L. Savannah Lichtman

 Introduction

 For the health care industry, the inability of many computers to process date information later than December 31, 1999 is more than just a computer problem. For hospitals and health care systems, Year 2000 problems originating from both internal and external sources are likely to threaten the whole institution, not just those departments that are concerned directly with information technology. Moreover, unrectified Year 2000 problems could compromise patient care, disrupt core business functions and create substantial liability exposure.

The health care industry is at greater risk than most other sectors.

 A colloquy overheard recently illustrates the point. A customer was told that it was going to take 3 weeks to fix his VCR. He began moaning and muttering about the delay. Whereupon, the repairperson said, "its only your VCR, not your dialysis machine."

Well, for the health care industry, it is your dialysis machine -- or your defibrillator, or your infusion pump, or your MRI. Or, it may "only be your information systems;" but Year 2000 problems in information systems can have life-threatening consequences.

Hospital Information Systems

 For hospitals, there are so many information systems - from admissions to discharges, transfers, medical records, inventory and probably most important, billing! That comment is not meant to be facetious. Most hospitals have tight cash flow. Delays in payments from third-party payors could be crippling. We already know that Medicare may not be able to make "timely" payments...especially in light of Medicare's track record. If cash-flow problems result in staffing shortages, patients may suffer the consequences.

Hospital pharmacies and laboratories need to be certain that the computer systems they use every day in their operations continue to be reliable. For example, if a Year 2000-induced "hiccup" causes a piece of equipment to skip a function, or perform a function twice, a patient could get the lab results of the patient who preceded or succeeded him or her. It would be almost impossible for the care giver to know this.

Patient information systems are vulnerable as well. For example, a one-year- old pediatric patient could receive a dosage of medication appropriate for a 101 year-old geriatric patient, with damaging or fatal consequences. Also, many treatment protocols have a chronological component. If chronology is scrambled because of a Year 2000 problem, it may not be obvious to the care giver.

Current Year 2000 Problems

 Many Year 2000 computer problems have begun to manifest already, including the failure of financial systems to accept insurance expirations after December 31, 1999 and the inability to budget past December 31, 1999. Without proper dating systems, inventory reorder dates will be impacted and there will be a risk of running out of inventory of all types of products. This is particularly serious for hospitals, since they maintain minimal depth in inventory for perishables such as sutures, blood products and food.

Resource and scheduling programs already have developed problems. On April 7, 1997, the number of days until January 1, 2000 went from 1,000 to 999, and a corporate-wide resource scheduling system at a network of hospitals and clinics stopped working. The system was used to forecast resource needs and schedule patients up to 999 days in the future. According to the Director of Systems Support, the system terminated across the board because it didn't recognize anything after 1999 as a valid date.

Suppliers

 Fixing in-house systems is a good place to start in the effort to become Year 2000 compliant. But fixing them does not guarantee a smooth transition into the millennium. Assume that you are able to get your in-house computer systems Year 2000 compliant in a timely fashion, but some of your suppliers or customers are not so diligent or fortunate. Every organization depends upon suppliers for goods and services. What if the linen service, food suppliers, ambulance services, power management systems, oxygen suppliers and reference labs have problems in their systems that make it difficult, slow or impossible to take orders, manage inventory and deliver what your hospitals and ancillary systems need? What if the fire alarms are unreliable? Failure or malfunction of any of these systems can result in serious business disruptions and injury or death to patients.

And then, of course, there are the software vendors on whom you must rely to correct the software on which your in-house computer systems depend. Surveys have revealed that for many health care entities, 80% of their in-house computer systems rely on vendor-written software and that many of those vendors do not have a definitive plan in place to test their systems.

Electronic Data Interchange

 For the past few years, the health care industry has been encouraged to enter the 90's and move quickly into electronic communications. Most have done so. Your organization may correct its in-house systems for Year 2000 and your trading partner, supplier or customer may do the same for theirs. However, you need to make sure that the assumptions all of you made in modifying your systems are compatible. There are several approaches for modifying the systems to render them Year 2000 compliant. It is important to coordinate your compliance efforts with the individuals and entities that interface with your systems or, despite your best efforts, you may get bad data. So, in order to achieve a viable fix of your systems, it is essential for you to discuss your plans with the organizations with which you communicate electronically and develop revised agreements with them.

Labor Market

 Preparing for the Year 2000 requires the use of skilled programmers and analysts. The people with the necessary skills already are in short supply and both the demand and cost for them are rising rapidly. This will have two significant ramifications: First, you may not be able to hire or contract for the people you need and second, you may not be able to retain the people you currently employ. Several consulting firms have reported that they are at or approaching capacity and will have to turn away clients looking for Year 2000 assistance. In effect, the shortage has created a bidding war for programmers and analysts. Your current staff will not be immune and may be lured away by huge salaries, bonuses and perks. Unfortunately, due to all of the recent "downsizing" and "rightsizing," employee loyalty towards most health care organizations is low, with the result that you may lose some of the people you need the most. You must take a proactive role now! If you can't hire and retain the people you need to deal with this issue, you won't be prepared for the Year 2000. In anticipation of this, consideration must be given to offering sign-on and "stay-on" bonuses for IS people beginning now through the Year 2000.

Embedded Chips

 The majority of computing processors currently in use do not reside within what one normally considers to be a computer, such as mainframe computers, mini-computers and personal computers. Embedded processors are found everywhere within a health care organization's infrastructure. Some are obvious, such as those in elevators, security, phone and HVAC systems, fax machines, copiers and printers. Less obvious systems include voicemail and back-up power systems for buildings, mainframes and PC's. Many of these systems are expected to fail if uncorrected. The problem is that we don't know which ones will fail or how and when they'll do it. Will they just stop working or will they become unreliable?

This is particularly serious for medical devices.

 The greatest exposure to the health care industry arises from processors embedded in medical devices. Medical devices include over 100,000 products in more than 1,700 categories. Think about all of the places that chips are used in a hospital, laboratory or clinic: infusion pumps, diagnostic equipment, MRI's, CT Scans, dialysis machines intensive care, pacemakers and on and on. How many medical devices do date, age or timing calculations? How many of these are going to fail or give erroneous results?

An example of a device failure that could injure patients is something as simple as the failure of a cancer screening program to recall patients for treatment in the next century.

Something as apparently chip-free as an intravenous drip may have a self-checking program that calculates when it last was calibrated. Infusion pumps and intravenous drips are calibrated to deliver the correct drug and fluid dosage to the patient, but become inaccurate over the passage of time and need to be recalibrated. An embedded chip registers when the last calibration took place and compares it with the current date in its internal time clock. If no calibration has taken place, the pumps issue an alert and shut down all together after a specific period of time on the basis that they probably are dangerous. When the millennium arrives, the date calculation may indicate that the last recalibration took place nearly 100 years ago, causing the pump to shut down. Or, it may fail to recognize that it's time to be recalibrated and deliver an inaccurate dosage. How long do you imagine it will take to recognize that? The problem is relatively easy to fix, but every single infusion pump needs to be checked and every hospital is full of them.

Pacemakers are another example. Every time a heart pacemaker detects an irregular heartbeat, it sends a shock to the system and then records the time the event occurred. This information regularly is downloaded to a computer to be analyzed later by medical personnel. Whenever the information is downloaded, the pacemaker resets itself. If the software on the receiving system starts recording faulty times for the shock deliveries, the cardiologist could misinterpret the results and administer improper care.

Defribrillators use an embedded device that calculates the time since last maintenance, similar to elevators. Like an elevator, if the time since the last maintenance check exceeds a certain time, the defibrillator should cease operating in order to reduce the possibility of malfunctioning on a patient. Or maybe it won't stop operating; maybe it will malfunction instead.

One health care executive recounted the following anecdote. His hospital's biomedical department was educated about the Year 2000 problem and decided to test a ventilator that had been purchased that week. They set the ventilator up for date and time December 31, 1999 at 11:00 P.M. and turned it on. At 12:01 A.M., at what would have been January 1, 2000, the ventilator failed. When the biomedical department called the manufacturer, the vendor was able to instruct the technicians to power down the unit, remove the cover and flip an internal switch, reset and power the machine up again. At that point, the ventilator worked fine. Obviously, the vendor of this product had made some preparations for the Year 2000. But, you wouldn't want to have to do this with every ventilator on New Years Eve 2000.

On the other hand, advance testing is not problem free either. Most hospitals do not have extra ventilators. If you test one and it stops and can't be reset, patient safety can be compromised. This is not to suggest that you should forego testing. The point is that contingency plans must be made to account for failures resulting from testing.

Embedded microchips that aren't coded to recognize dates in the 21st Century pose a thorny problem because it's not simply a matter of re-writing software. The chips often are difficult or impossible to access. Likewise, the code written on them may be difficult or impossible to rewrite. In some cases, a chip can be upgraded, but in others, replacing equipment is the only alternative.

Because chips are a commodity, they may have a date component even where a date is superfluous to the equipment's function. This could cause problems in unexpected places.

It clearly is impossible to quantify the magnitude of the situation. Year 2000 experts estimate the cost to replace non-compliant medical equipment in a 400-bed hospital at $15 million.

But in fact, not everyone even agrees that there is a problem. The Food and Drug Administration has taken the position that while problems may crop up in some devices, they probably won't pose a significant threat. In a statement to a United States House of Representatives Subcommittee in June 1997, an Acting Director in the Office of Science and Technology at the FDA's Center for Devices and Radiological Health said that it's unlikely that devices such as pacemakers, infusion pumps and ventilators would be affected by the Year 2000 problem. Almost none of these devices requires knowledge of the current date to operate safely and effectively. As noted previously, that doesn't mean that the chip is date-function free, however.

The FDA does acknowledge the potential for trouble. In a June 25, 1997 letter, the FDA reminded manufacturers that embedded microprocessors lacking a four digit field to accommodate the Year 2000 may "adversely effect the functioning of some devices" as well as the manufacturers' own computer-controlled design, production or quality control processes.

Standard of Care

 But from the perspective of the patient and risk management, however remote the chance of failure, it is deadly serious. In fact, most Year 2000 project managers and executive directors of health care systems believe that they cannot take any chances with equipment that supports life. They believe that it is necessary to research and test anything with a chip. They believe each institution should query every manufacturer whose devices they use. These people will establish the standard of care.

We suggest that vendors be contacted individually and asked if their products are Year 2000 compliant. But vendors may not be responsive for any number of reasons, including having gone out of business or for some other reason; they may have no Year 2000 compliance plans; they may have a plan but be late in delivering Year 2000 upgrades; they may be directing their attention to higher priority customers.

Testing-A Monumental Task

 It takes hard work, time and money to inventory, analyze and test every piece of medical equipment as well as all aspects of information technology, equipment and software. For example, we understand that upgrades are available for most patient monitoring equipment, but many facilities lack the staff to install the upgrades. It also is necessary to test to verify complete compliance.

We recommend that a risk priority system be implemented, similar to triage, so that the most critical devices, such as life support equipment and others that could seriously harm a patient if they malfunctioned, as well as high volume devices, be tested first.

No Problem?

 Perhaps you believe that the Year 2000 issues are overblown. Perhaps you're right and all you'll experience are a number of small, correctable nuisance problems. But that's improbable and, if you haven't taken steps to address Year 2000 issues, your patients, shareholders, regulators and the media will want to know why.

Vito C. Peraino, Esq. of Hancock Rothert & Bunshoft LLP in Los Angeles, California chairs the firm's Year 2000 Working Group and specializes in 4, Year 2000 legal issues. Reach him at Click Contact Link

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.