BUG OFF
Will the Millenium Bug Screw Up Your Practice?
by Greg Goth, Assistant Managing Editor, LACMA PHYSICIAN
If you’re at all like many Americans, your "Millennium Bug" contingency plan may consist of intending to take out a little more cash than usual from the ATM before midnight on Dec. 31, 1999, and perhaps buying an extra loaf of bread or two, just in case the supermarket register won’t scan or take your credit card. Unfortunately, this probably won’t be enough.
A battery of information technology experts agree that the healthcare industry in general—and physicians, in particular—are woefully unprepared to deal with the ramifications of computer programs and chips that are unable to successfully negotiate the change from 1999 to 2000.
Worldwide, the problem may end up costing $600 billion, according to technology gurus—and that’s not counting the additional hundreds of billions expected in litigation costs resulting from equipment failures.
The reason for the problem?
Computer programmers, to save precious memory space, used to write dates crucial to a computer’s functionality as two digits. When these programs were written, their productive life spans were calculated to be far shorter than they’ve turned out to be (much as the Department of Defense didn’t figure on relying on the B-52 bomber, the last of which was built in 1962, for more than three decades).
Instead, these computers may believe that 2000 is actually 1900, and will produce inaccurate data or, falling back on internal safeguards, simply shut themselves down—hardly what you need, say, when charging a defibrillator that may not work when applied to a New Millenium reveler with an MI.
"I try to be optimistic," says Joel Ackerman, executive director of the Rx2000 Solutions Institute, a Minneapolis-based national clearinghouse for information on the Y2K bug in the healthcare industry, "but I’m still very concerned about the healthcare industry. We got a very late start compared to other industries."
Ackerman says physicians should not be lulled into complacency by believing only older computers will suffer from the Y2K bug. While wholesale purchasing of new computers isn’t necessary, software assessment is probably critical.
"Half the PCs shipped in 1997 were not fully Y2K-compliant," he says. "If they have older computers, such as a 286 or 386, it might be time to consider replacing them."
Apocalypse Now?
Ken Kleinberg, director of healthcare information technology (IT) research for the Gartner Group, a Stamford, CT-based IT company taking the lead in disseminating Y2K news and warnings, is even more apocalyptic in his assessment of the situation.
"We’ve got a scale that runs from 0 to 5, in terms of how prepared industries are concerning this," he says. "In the beginning of 1998, healthcare was at 0, 1 and 2, just beginning inventory and assessment. And midway through the year, we’ve only moved a little bit off that mark. And of all the medical categories, the physician practice groups were the least aware of what they had to do."
Well, Doctor, it’s time to become aware. Failure to deal with the Y2K bug may cost you time and money, lead to litigation and ultimately harm some patients. You may be lucky to escape with little or no disruption to your practice; you may receive some payments or supplies a few days late; or you may find major complications with sophisticated equipment. Nobody really seems to know anything substantial. It is, frankly, a mess, and the information infrastructure of medicine and healthcare, which lags so far behind that of industries like banking and finance, is about to be revealed as the emperor’s new suit.
"All you need is one or two little problems in your practice to happen, and it can cause a lot of headaches," says Kevin Lutz, interim vice president of information technology at the American Medical Association.
Those headaches may extend far beyond what one may think the Y2K bug will affect. Many physicians, if they’ve thought about the bug at all, may believe that, as long as they’ve bought a fairly current billing and data system, the software and hardware manufacturers have solved the problem for them. Or, if they’ve got a trusty old workhorse of a system, that remedial software is just around the corner.
But the problem goes far deeper. It goes to the capabilities of every vendor you deal with, from the company that delivers tongue depressors and sheets to the electric company. Failure to talk with pharmacists about their ability to continue supplying patients with medications, for example, could also leave patients in a dangerous situation. Failure to get information from medical device manufacturers too numerous to mention may result in harm to patients. Already, Lutz says, some LifePak 7 defibrillators manufactured by Physio-Control have been shown to be inoperable when tested for use beyond Dec. 31, 1999.
Ackerman says the estimated failure rate of devices has been placed at anywhere between five and 18 percent; even then, he says, there is no good consensus on whether failure will be a minor date-keeping glitch or a major shutdown, although Food and Drug Administration officials have testified before a Senate panel that they believe most device glitches will not cause a crisis in patient care.
However frightening the sound of malfunctioning devices may be, Lutz also expects the more mundane issues to be the majority of the problem.
"To be honest with you, I would tend to believe practice management problems will be 100 times greater than patient safety issues," he says. Modern management practices, such as "just-in-time" inventory, which relies heavily on low stockpiles and quick shipping, may leave many hospitals in short supply of critical everyday materials.
While there has also been much concern expressed about the ability of the federal government to continue making payments to Medicare providers, Lutz says he is confident the Department of Health and Human Services will either have the Y2K bug fixed in its systems on time, or will have a viable contingency plan to assure the steady flow of information and reimbursements.
Perhaps finally heeding Cassandra’s call, many hospitals and other large organizations have stepped up their Y2K programs in some ways, but the whole industry, right down to solo practitioners, will need to set about assessing risks. You should have started yesterday, Kleinberg says.
"Obviously, they have risks in a lot of different categories, from the mundane items such as ascertaining the utilities will still be running, to finding out whether devices are Y2K-compliant. You just have to be proactive at this point. It’s almost too late. It really is too late for most healthcare organizations."
Contrary to what you may think—that you have almost a year and a half to deal with this—Kleinberg says glitches will start appearing as soon as dates past the Jan. 1, 2000 deadline are entered. This includes contracts, expiration dates, fiscal-year forecasts—a host of items that may give your practice infrastructure future shock.
No Programming Necessary
Solving the Y2K bug does not mean you’ll have to enroll in computer night school and learn how to rewrite lines of 0’s and 1’s in some obsolete programming language. It means, beginning right now, asking questions—and lots of them.
"One of the challenging issues we face," Lutz says, "depending on the size of the practice, is that quite often, the individual physician doesn’t worry about technology. They assign a staff member to handle that aspect of the business.
"We see our mission as making the physician aware enough to ask the right questions of his staff and partners—and making him concerned enough that he asks more than once. Our campaign is trying to put a little fear out there."
Gary Clark, president and CEO of Clark Information Systems, a Los Angeles software firm taking the lead in Y2K compliance program preparation, says there will be three main areas that should be examined by those responsible for their organization’s effort.
"First, they need to do a rapid assessment of potential risks and problems, a survey of their ‘business circle of life’" he says. "They need to talk to suppliers, stakeholders, fiduciaries.
"Second, the real bugaboo in healthcare is the embedded microchip technology problem," he says. "You need to actively test every individual device that contains one, because if you don’t, you’re taking somebody else’s word. And many vendors are not responding to queries, on their attorneys’ advice. Not many organizations are taking the approach that they have to test every single device. It’s time-consuming, it’s boring, and it could cost tens of millions of dollars in capital replacement costs. But what’s the alternative?
"The third thing they have to do is begin construction of a due diligence record. Does a Y2K plan exist? Has everybody in your business circle of life been contacted? You’re going to need to prove what you did and when you told people.
"There’s still enough time for people to make a solid plan, but not enough time to do everything at a leisurely pace and still get everything done."
Clark recommends the triage approach to tackling Y2K compliance, with those devices and programs that most directly affect patient care and safety—and which, subsequently, could mean the most in liability claims should something fail—coming first. One organization already using triage to pare its Y2K risks is the Los Angeles County Department of Health Services. Cecilia Ball is the DHS’ Y2K project manager.
"We are in the middle of our assessment for biomedical devices," she says. "We will certainly not be finished by the end of the year. We are certainly triaging, establishing the number of pieces to be fixed, and the number of man-hours it will take to fix them."
One problem the DHS has had—a sentiment echoed by almost all the experts queried—is vendor reticence to supply information, Ball notes.
"Up until about six weeks ago, most of the biomedical equipment manufacturers were not readily sharing their information," she says. "Many of our hardware and software vendors respond to our queries by telling us, ‘If you buy our latest and greatest, it will be compliant.’" They are also not offering viable alternatives, she says.
If it’s affordable, CIS’ Clark says buying new technology now may be a way to beat the bug and competitors.
"It’s forcing people to do what they should do, anyway," he says. "It’s a golden opportunity to put in place a more advanced technology."
The cost of new technology can be amortized, he says, whereas fixing old equipment must be classified as a one-time expense.
The Gartner Group’s Kleinberg advises caution before jumping on the new-toy bandwagon, however. As the deadline approaches, there may not be enough time to transfer data from an old system to a new one.
Just ascertaining the costs of the Y2K bug is extremely difficult. With so much equipment yet to be analyzed and tested, even ballpark figures are gross estimates, but Kleinberg says it isn’t unreasonable to expect a $5,000-per-physician price tag for making office infrastructure Y2K-compliant. CIS executive Clark says he has heard estimates of $8,000 per bed to create Y2K-compliant hospital systems.
He also cautions that these figures may be very low. In some cases, he says, these estimates may be as much as 10-fold below what the true cost will be.
In addition to auditing equipment and asking vendors which equipment is compliant, Kleinberg also strongly suggests a session with an attorney regarding liability, in the event some aspect of your practice fails.
The FDA has established a Y2K web page on its site (see "Y2K Resources," page 23), intended to serve as a comprehensive database for medical device compliance. Notification, however, is voluntary, and Kleinberg doesn’t set much stock in it yet.
"The FDA web site is almost worthless," he says. "Of the roughly 16,000 manufacturers who may have products affected, only about 10 percent have responded."
FDA figures are even gloomier. The agency estimates that 2,700 manufacturers may be affected, yet only 500 have responded thus far.
Manufacturers who discover that their products have a high risk of malfunctioning due to Y2K noncompliance are required to notify the FDA and take "appropriate action." But there isn’t a lot of disclosure going on right now, Kleinberg says.
"The only place you can go right now with any certainty is to the vendors themselves," he says.
One thing to keep in mind, he says, is that some manufacturers with marginal financial results may use the Y2K problem as an excuse to go out of business, and may leave customers in the lurch; however, for those that wish to continue doing business, the risk of creating ill will should be a huge incentive, on both the vendors’ and the customers’ sides, to work cooperatively in fixing any Y2K bug found.
Collaboration is Key
While individual physicians can certainly begin querying vendors now, Clark recommends working in collaboration with others. Ask the directors of your IPA or medical group what Y2K programs are in place. Even solo practitioners need to start now, he says.
"Every physician needs to begin serious queries of the facilities he utilizes, such as labs and hospitals," he says.
Clark’s own business has been affected to a large extent by Y2K. A developer of custom healthcare software, CIS found that, as people began to worry about the Millennium Bug, they were also showing less interest in other products.
"It’s had a fairly significant impact on our business development," he says. So, CIS developed the Millennium Information Manager, a Y2K compliance product.
"It didn’t make much sense for us to enter the find-it, test-it, fix-it market," he says. "We’ve focused on due diligence."
But the industry response to Y2K products is not as robust as many observers might have predicted, he notes.
"In the last six months, we’ve seen a lot more awareness and activity, but we haven’t seen a lot of coherent thought," he says. "We haven’t seen a huge wave of people wanting to do and buy things like we thought they would." The industry reaction, Clark says, is about six--nine months behind forecasts, and as the deadline approaches, he sees a rapid upward spike in demand for Y2K goods and services, rather than a gradual in crease.
Forewarned is Forearmed
Procrastination in addressing Y2K will also place healthcare providers at risk in another area: relying on the "expertise" of quick-buck artists jumping on the latest technologic gravy train.
"There is great risk," Clark says, not just for businesses looking for outside expertise, but also for those lucky enough to have someone with some knowledge of how to fight the bug. Those workers will be entertaining many recruiting efforts in the coming months.
"People who are Y2K-savvy are very in demand, across the board," Clark says.
There is also no definitive quality standard by which you can gauge a prospective consultant’s expertise. The Rx2000 Institute’s Ackerman says the quickly accelerating nature of the problem is a big factor.
"It’s so new to most people that references are hard to fix on, and there’s not a lot people can point to in terms of experience," he says. The Institute does have a vendor-matching program and performs a cursory background check of vendors listed on its site, but nothing to the extent that it can take a legal stand vouching for a given company’s work.
Gartner Group’s Kleinberg says physicians looking for a Y2K consultant should heed their instincts.
"If it sounds too good to be true, it probably is," he says. "It’s, frankly, an awful lot of common sense. But common sense has to operate on facts. And the healthcare industry came in so late to this that they don’t know what they don’t know."
So, take a good look around at your employees and partners, because they will be the ones who ultimately solve any Y2K problem you may have.
"At the end of the day, the only people who can help healthcare organizations are their employees and themselves," Clark says. "Consultants should be used for project management, guidance, and planning, but when it comes to actually having to go find, and fix, problems, you’re going to have to have knowledgeable employees."
Lutz says the AMA is receiving an increasing number of calls from component societies asking for help with Y2K education. The AMA plans to hold four regional seminars, and Lutz says he’ll conduct as many smaller, local ones as possible. In addition, the AMA is preparing a solutions manual to help guide physicians and office staff through the steps they’ll need to quash the bug.
Rx2000’s Ackerman says no one can afford to let any more time pass before they act: "Once you get past the top-tier organizations, they still haven’t really jumped on the issue. Risk exists—and it’s a significant risk."
In the end, he says, systems’ planned obsolescence may finally be unable to be ignored.
"We’ve leveraged our investment longer than anybody thought we would," he says. "And that was both good news—and bad news."
Frequently Asked Questions
What is Y2K?
Y2K is the designated name for suspected problems that many individual computers and computer networks will face when confronted with data that contains dates beyond Dec. 31, 1999. Many calculations used to determine data such as a person’s age, credit card or insurance policy expiration date, or a company’s delivery schedule may be false.
How did Y2K Begin?
Software programmers used to write dates in their programs using just two digits to save memory space, which was at a premium up until just a few years ago. It was assumed that the first two digits in the year (century) field were 19. A computer unable to detect the year 2000 correctly may subtract 1998 from 1900 instead of 2000 and either tell you that a customer’s account is not calculable, due to its negative result, or that no one has paid his bill in 98 years. Both results are unwelcome.
What Risks Do I Face?
Contract liability: The Y2K failures will not excuse contractual obligations to insurers, payers, patients, partners or the government. Acting now to institute a Y2K plan will go a long way toward showing prudent measures have been taken.
Tort liability: Use of a defective medical device could lead to malpractice suits. Failure to calculate dates correctly may lead to inadequate or nonexistent follow-up care.
What is Y2K Compliance?
To be Year 2000 compliant, a system or process must accept, produce and calculate correct date information before, during and after midnight, Dec. 31, 1999: process 2000 as a leap year; correctly handle date fields containing non-date information and dates held in non-date fields; and correctly process any date with a year specified as "99" and "00," regardless of other subjective meanings attached to these values.
How Do I Reduce My Exposure?
Begin by making sure senior leadership is working on the problem, and that vendors, suppliers, payers and others with whom you do business are aware of your efforts. Ask them to inform you of their efforts also. Next, perform a comprehensive inventory of equipment that may be susceptible to the bug. Then, prioritize your compliance effort by determining the risk to your business, the risk of harm to individuals, and expected failure dates of given pieces of equipment.
Y2K Resources
Want to find out more about Y2K and healthcare? The following World Wide Web sites are either dedicated to the Millennium Bug and its implications for healers, or have significant amounts of healthcare information.
The Food and Drug Administration (http://www.Rx2000.org): The unofficial national clearinghouse for Y2K issues in the industry, the site features discussion groups, a vendor list, supplier reporting services, and articles and other information relating to the bug.
The American Medical Association (http://www.ama-assn.org/y2k): the AMA’s site will include articles and publications, a solutions manual, links to related sites and a discussion forum.
Microsoft (http://www.microsoft.com/year2000/): The ubiquitous software manufacturer’s web site includes information on the compliance status of its major systems and programs.
Clark Information Services (http://www.clarkinfo.com): This West Los Angeles firm offers Y2K compliance program specifically for healthcare providers.
Year 2000 Liability Website (http://www.2000law.com): This site offers information on Y2K, a test prepared to raise awareness regarding issues that revolve around the millenium bug issue, and links to academic/media/non-vendor sites as well as commercial/vendor and Federal, state and local government sites.
Y2K Tax Considerations
A Y2K fix is going to be expensive, in many cases, according to Hannah Carvey, a tax attorney with the Washington, DC-based law firm of Dyer Ellis & Joseph.
With billions of dollars at stake to fix Y2K problems at businesses nationwide, the tax treatment of Y2K conversion costs will become a major issue.
"For federal and state tax purposes, businesses will have to decide whether to deduct or capitalize Y2K-related costs," Garvey says. "Substantial Y2K costs may invite focused IRS scrutiny of tax returns over the next two or more years."
Different cost-recovery rules apply to repairs and improvements.
Y2K-related costs that qualify as a repair should be deductible, Carvey says, while those that enhance or improve a function may have to be capitalized. The proper tax treatment of Y2K computer conversion costs is by no means clear, Carvey notes, and the IRS’ position will not be the last word on the matter, as a case can be made for deducting Y2K-related costs (including hardware and labor costs) as they arise.
Carvey recommends examining the range of Y2K-related expenditures to ensure they’re properly documented and reflected on your financial statements and tax returns.
Copyright © 1998 San Bernardino County Medical Society