Monday, December 29, 2014

“Is your computer working?”

As promised, that other hospital tech incident.  I was leaving a friend’s room right after the nursing shift changed and the new nurses were beginning their rounds.  As I was preparing to leave I heard the nurse outside my friend’s room call down the hall “Is your computer working?”.  I paused in saying my goodbyes and we listened to the nurse muttering and typing ever louder on the mobile cart keyboard.  Not good.  Especially since that computer stood between my friend, and every other patient, and medications.  The nurse popped in, said they were having computer issues, and that she was going to pull his medications manually- the delay would only be a few more minutes.  And true to her word, his meds arrived only about 20 minutes late thanks to a manual backup routine for checking out medications.

As I left I saw that two of the cart computers were displaying “unable to authenticate” errors.  I don’t know what the problem was, and my friend never found out.  I guess he was too busy being seriously ill to diagnose authentication failures.

Not bad, eh?  There was a system failure, but backup procedures were in place to prevent serious problems.  High fives for all?

Not so fast.  That 20 minute delay doesn’t seem significant, unless of course you were the one waiting for medication.  Most critical meds would be administered intravenously so… wait, those are behind the same system.  But still, only a 20 minutes delay… except the process had to be repeated for each patient until the error was resolved, and the manual paper records had to be transferred into the computers when they were restored- so at the end of their shift the nurses were further distracted from patient care to do data entry. 

I’m not repeating these medical computer issues to throw stones at the medical profession, or at technologists working in healthcare- but to illustrate some fundamental issues with technology and security.

In the first tales of poor communication, there seemed to be be a few symptoms and causes, but one crucial result.  Data input was inconsistent and maybe not as easy for medical professionals to use as it could have been.  Probably related since there often wasn’t timely info available in the computer system, people relied on it less, and thus input less frequently- a classic “chicken and egg” situation.  The critical end result was delayed patient information,  but there was also the sadly familiar case of a system becoming a burden (and possibly even a liability) when it should have been an asset.  Usability, user buy-in, and management oversight all needed to improve to move this forward.  I’m sure that sounds familiar, although hopefully in different contexts.

Today’s tale is a bit different, it is about a failure to understand the consequences of operating on backup procedures.  “We have a plan for when things go wrong” is great and all, but if it doesn’t let people do their jobs in a reasonable manner without undue consequences your fail-safe is a failure.  Granted, these are extreme conditions; delayed email is not the same as delayed patient care, but there are still lessons to learn.

Oh, and you’ll note I didn’t mention compliance, that wasn’t an oversight.  I’m not an expert on healthcare compliance (unlike many who pontificate on it but can’t spell HIPAA) and I don’t want to blindly speculate on things like what perversions to pain management are imposed by the “war on drugs” and what that means for procedures for dispensing controlled substances.  If potential impact on patient care doesn’t get you thinking, I hope you aren’t working in healthcare.