Is your facility prepared for year 2000 reality’?

Plans should account for multiple failures

It’s Jan. 3, 2000. The electricity is still on, but some equipment thought to be year 2000 (Y2K) compliant has shut down. Staff are stressing out and running tests by hand. Sterile supplies are low, and another facility is trying to transfer over 20 of its patients.

Then to add more fuel to the fire, the Health Care Financing Administration (HCFA) in Baltimore announces that payments for Medicare and Medicaid patients may not be processed for at least six months.

Welcome to the new millennium.

"More and more executives are wrestling with the following truths,’" says Patricia Okita, a senior systems consultant with Superior Consultant Company, in Southfield, MI, that specializes in year 2000 risk quantification and management, compliance planning, contingency planning, and business continuity planning.

"It is highly unlikely that health care institutions will be able to make all mission-critical, noncompliant systems Y2K compliant. It is highly unlikely that health care institutions will be able to test all replacements and all renovations before the occurrence of Y2K-invoked failures," she warns.

"There continues to be more and more delays, failures, and virtually fruitless attempts to get a good grip, or just a grip, on how to solve the Y2K problems. The reality is that it is highly likely that mission-critical services — patient care, revenue collection, and revenue generation — will be disrupted by predictable and unforeseen year 2000 failures. The reality is that the survival of a health care institution is at risk," she adds.

A contingency plan helps hospitals determine what to do in the event of these failures. "In general, a contingency plan provides a reasonable series of activities to enable mission-critical business processes to be resumed at a minimum or acceptable level’ in the event of predictable and unforeseen year 2000 failures," Okita says. "Contingency planning is simply planning for reality." (For tips on contingency plans, see related story, p. 166.)

Although hospitals are not required by law to have a Y2K contingency plan, more insurance companies and surveyors are asking their providers for one, says Kerry A. Kearney, partner and co-chair of the year 2000 practice group of the firm Reed Smith Shaw & McClay LLP in Pittsburgh. "Within the next quarter, you will start to see more health care entities gearing up to have them."

Envision all scenarios

Providers should look at contingency planning as a process rather than a project, Okita says. "Year 2000 contingency planning is a continuous, dynamic process that assesses risks or liabilities associated with potential failures or disruptions of mission-critical businesses."

The minimum essential components of a contingency plan should answer these questions, she says:

• What could happen if the risk materializes?

• What can be done to mitigate the probability of occurrences?

• What are the essential actions to prevent, control, or eliminate the exposures?

• How much lead time is needed to invoke the contingency?

• Who is operationally responsible for activating a contingency?

• What is the life cycle of the contingency?

"Address year 2000 as a risk-based business challenge," advises Okita. "Consider a risk quantification strategy that enables management to identify, quantify, prioritize, manage, monitor, and minimize year 2000 exposures."

This strategy applies across the board, from deciding what gets fixed (compliance planning), to what gets an emergency backup (contingency planning), and to how to survive in the midst of the Y2K event (business continuity planning).

Contingency planning does not require providers to have alternative plans for every possible failure, Kearney says. Rather, the plan must evaluate what failures are most likely to occur despite providers’ best efforts at remediation. Then those expected failures must be ranked by management according to seriousness.

"Contingency plans should be prepared for the high-likelihood, high-impact failures," Okita says. "The health care [provider] should have written documentation of which contingencies it will plan for, why it chose those contingencies, and why it decided not to plan for other contingencies."

When devising a Y2K contingency plan, hospitals must consider multiple failures occurring at the same time rather than single failures occurring over an extended period of time, says Ginger Campbell, RN, PhD, a consultant who works with a variety of health care organizations. (For a look at Campbell’s Y2K contingency plan outline, see box, below.)

The sum of even minor Y2K failures or problems can debilitate an institution, says Anthony P. Strande, PhD, a regional program manager for Science Applications International Corporation (SAIC) in Falls Church, VA. Strande works with hospitals on Y2K issues.

"In my experience with hospitals, all of the operational procedures are tightly linked to the information systems," he says. "To quickly make a change in an operational procedure in a hospital is difficult because everything is wrapped up together."

Part of the contingency planning process is deciding what would happen if a preferred solution to the contingency also failed, Strande says. "What happens if the power fails and you have to go on emergency generators? What happens if that fails?"

SAIC advises its clients to plan their own programs cooperatively with their neighbor institutions. "What happens if you run into a situation where a skilled nursing facility’s contingency plan is to send all of its patients to the hospital and the hospital’s contingency plan is to send all of its patients to the skilled nursing facility?" Strande asks.

"[Both facilities] are being subjected to the same set of external forces," he continues. "The idea of shipping your patients someplace else is not an alternative because the other facility will be experiencing those same forces. You can’t blindly rely on someone else to solve your problem for you."