Summary
CareGroup was formed in a three way merger of hospitals in 1996, becoming a health-care team dedicated to providing personalized care to patients through a broad spectrum of available services. The merger was precipitated by increased need for negotiating and contracting power to respond to the HMOs, the possibility of developing integrated services to improve quality of care while driving down costs and the need for a strong balance sheet. The hospitals involved in the merger had experienced recent losses under their own separate management and the merger brought financial stability and central leadership. Another success of the merger was the development of an integrated technology system to link the entire group. In 1998, when John Halamka became CIO of CareGroup, the possibility of problems arising from the turn of the century was on the front burner. A backup system was developed in an attempt to mitigate possible damages resulting from the event. By 2002, the issue of the decentralization of the systems of the hospitals had been addressed through the creation of a common system for all hospitals. By 2003, CareGroup believed its systems were among the most advanced in healthcare and had cut capital budget expenditures. By the end of the year a massive problem would force members of the major hospitals to revert to the backup systems designed and forgotten about in the nineties to face the Y2K problem.
Issues: …show more content…
• A single researcher who was experimenting with an application caused huge data transfers, which monopolized the services of the systems causing a domino effect of system problems.
• Employees attempting to take steps to quickly fix the problem were instead exacerbating the dilemma.
•Backup systems formed the 1990s had not been updated and components were missing or difficult to
find.
• Issues brought to management attention after a Cisco study highlighted possible areas of problems for the company but were not considered immediate problems.
• The “networking guru” left the company and no replacement had been located.
Suggestions:
A lesson to be learned certainly includes the need to constantly evaluate and address the systems a company depends on, which includes consideration of backup systems and any and all possible risks facing the system
“All computing systems are vulnerable to a wide variety of potential threats. Viruses are a constant threat; new and more dangerous versions appear on the Internet daily, and they are capable of wreaking havoc in hospital systems. Internal "attacks" — whether unintentional, as in the Beth Israel Deaconess case, or malevolent — are particularly hard to guard against, since the attackers have legitimate access to the network.” Peter Kilbridge, M.D., Computer Crash — Lessons from a System Failure, NEJM, Volume 348:881-882, March 6, 2003, Number 10
Similar to an auditor’s assessment of risks associated with their client, IT departments must feel responsible for acting with due care to avoid or minimize possible negative outcomes by staying current, monitoring employees, brining in help when needed, instituting controls over risky procedures and adapting to changes within and outside of the company. The idea of bringing in external help when needed also involves having a clear procedure for internal specialists to follow in attempting to address problems so as to avoid creating additional problems. CareGroup has taken steps since this problem to address the critical areas of risk. This consideration is owed to the employees, patients, vendors and customers who rely on information systems daily.