Clock reaches midnight hour for Y2K compliance

If at first they don’t respond, try, try again

Most hospital information professionals have at least tried to contact their vendors about their systems’ year 2000 (Y2K) compliance. That doesn’t mean the vendors have responded.

A coordinator for Y2K compliance preparedness processes for health care organizations devised a sample vendor letter and questionnaire that she recommends HIM staff use in both their professional and personal lives.

Laurene West, RN, executive director of Martens-West Year 2000 Consulting in Salt Lake City, sent the letter and questionnaire to her vendors and says the minimum response she has received is a statement about the vendor’s Y2K position. (See sample letter, p. 20, and questionnaire, p. 21.) The letter and questionnaire should be addressed to the president and chief executive officer of each organization.

"Send letters via registered, return-receipt-requested mail and staple the receipts to your copy of the letter," she says. These records could help provide documentation for any future Y2K legal claim.

Editor’s note: This advice is given only as a suggestion based on current information. These documents are not intended to replace advice from your legal counsel, financial advisor, or accountant. Responsibility to prepare for any possible date-related errors or disruptions as a result of the year 2000 is your own.

Laurene West may be contacted through her e-mail address: llw@integrityonline3.com.


Sample Vendor Letter

Your name
Organization
Address

Date

President or CEO
Company
Address

Dear____________________________:

As a concerned consumer of goods and services from your company, I am requesting documentation on your year 2000 certification. The year 2000 virus may affect all products, services, and interactions that depend on date-based calculations for proper operation.

For purposes of this letter, year 2000 certification means that all information systems, applications, macros, spreadsheets, templates, network componentry, microprocessors, plant operation/facility systems, environmental control systems, biomedical devices (including implanted devices), electronic commerce, databases, archives, and related system componentry accurately process date and time data before and after Jan. 1, 2000, and appropriately reflect the year 2000 as a leap year while providing uninterrupted and continued service.

Please respond to the attached questionnaire no later than _________. I am also requesting a statement reflecting the current balance of my account as well as instructions for testing devices with embedded microprocessors, if appropriate, from your organization.

I am encouraging cooperative, community efforts to prepare for the year 2000. Alarm and action now will help to prevent operational disruptions, financial losses, business failures, liability exposure, and civil unrest.

Respectfully,

Your name & organization


Year 2000 Vendor Questionnaire

1. When did your company initiate the process of fixing year 2000 (Y2K) issues?

2. Have you assigned overall responsibility for Y2K efforts to a senior office of your company? yes o no o
If so, please provide: name, title:

3. What is the estimated date of completion for this project?

4. What is the company’s Y2K budget and have these funds been appropriately allocated? yes o no o

5. How long has the company’s chief information officer worked with the company?

6. Has your company lost key information technology or operations staff in the past 12 months? yes o no o

7. Is the year 2000 the top priority for your company? yes o no o

8. Are there other information technology projects in process that may interfere with achieving Y2K certification? If yes, please detail which ones and identify business need. yes o no o

9. Many organizations have chosen to triage mission critical systems for remediation as there is not sufficient time for a complete electronic fix to the Y2K issues. If your organization has adopted this approach:

• What criteria were used to triage mission critical systems?
• Please indicate the name and title of the person making the final triage decision. Is this person Y2K certified?
• Please indicate which systems/products you deem non-critical or insignificant. (It’s possible that your triage decisions will doom systems that are actually mission-critical to external and even internal dependents.)
• Please indicate which products, services, information, jobs, incomes, wages, and payments on which I may depend have been condemned by your triage decisions.

10. Does your business rely on any vendors who may adversely affect operations if there was an interruption in their ability to purchase product or provide service? If yes, what is your company doing to ensure this does not affect your ability to operate? yes o no o

11. Did your inventory process include consideration of systems, embedded microprocessors and manual processes in the following areas:

a) information technology? yes o no o
b) plant operations and facilities? yes o no o
c) biomedical devices? yes o no o
d) real estate leased, owned, and new construction?yes o no o
e) human resources? yes o no o
f) electronic commerce? yes o no o
g) procurement? yes o no o
h) public infrastructure? yes o no o
i) insurance? yes o no o
j) investments, banking, funding positions? yes o no o
k) transportation? yes o no o
l) satellite dependencies? yes o no o

12. On what date is your organization enforcing a lock-down policy, ensuring that no date-related virus is allowed to contaminate your systems?

13. Has the lock-down policy and implementation date been communicated to all data sources and have these sources acknowledged your request and agreed to comply? yes o no o

14. What certification process have you implemented to ensure receipt of only non-contaminated files?

15. Do all of your systems, devices and processes correctly recognize the Y2K as a leap year? yes o no o

16. Do all of your systems utilize the ISO standard date format of yyyy-mm-dd? yes o no o

17. To prevent self-inflicted virus contamination, on what date will your company enforce appropriate field naming conventions, standards, and documentation as well as require Y2K certification on all code, interface, and process walk-throughs prior to implementation?

18. Abruptly advancing a system or device date can terminate usage of the system or device as well as violate warranty and maintenance contracts/agreements. Do all of your test plans require a review of warranty and maintenance language prior to actual testing? yes o no o

19. Are you continually testing your interfaces with local emergency response dispatch (911) systems, verifying that fire, law enforcement, and medical response agencies appropriately respond to your requests for assistance within the time frame recognized as standard 1/1/98? yes o no o

20. What consideration has been given to "worst case" scenarios regarding the value-devaluation of currency and a procedure on what goods and services will be accepted in lieu of cash or credit? What is the implementation date of this procedure?