In November 2009, a pharmacist working for the Department of Veterans Affairs was checking a patient’s prescription information, using a portal to the Defense Department’s health records system. But something was clearly wrong: The records said the female patient had been prescribed vardenafil — a drug for treating impotence.
Vardenafil is the generic name for Levitra, and women aren’t supposed to use it .
According to the online newsletter “NextGov,” which first reported the story, the VA pharmacist then checked with the medical facility where the drug was supposedly prescribed. The pharmacist’s suspicion was confirmed: The information was wrong. The health-records query had returned another patient’s information.
Now that’s a prescription for catastrophe.
Toronto medical records storage firm draws attention of privacy watchdogs
Telus plans to bring “patient centred” e-health system to Canada
Scary, no? It gets scarier. According to the VA, the pharmacist quickly reported the problem and even sent along a hard-copy printout. But the bug turned out to be very difficult for VA techs to reproduce. And a work-around — repeating the query when suspect results appeared — proved to be unreliable. So on March 1, the VA cut off all remote electronic access to that DOD medical records system.
As of mid-March, that access was still cut off. The first problem has been fixed (it was due to multiple instances of a unique identifier, which only showed up at peak-traffic times). But another, thornier glitch has turned up — and this one yields incomplete patient data, which is almost as dangerous as incorrect data. Until it’s fixed, the portal stays offline.
Fortunately, the health records database itself was not damaged. Medical records are still available to VA doctors by phone, fax and e-mail and on paper. No patients were reported harmed by the glitch, which affected an estimated 1 per cent of medical-records queries through the portal.
Most important, there was no catastrophe — thanks largely to one quick-thinking user.
It’s cases like this one that remind us how much we should love our users. And listen to them. And keep listening, even when we think we’ve heard all they have to say.
Yes, users also burn up a lot of our time with password resets, downloaded malware and simple dumbness. We could cheerfully strangle them for things like that.
But some users, at least, have eyes, ears and brains that can be IT’s first line of defense against problems that we wouldn’t spot ourselves until it was too late.
Users see things we don’t — performance problems, unreproducible glitches, oddball behavior. They know how our systems should work from years of using them. They also know their jobs; they have domain knowledge that lets them spot things that just can’t be right, even if the system seems to be operating to spec.
After all, it wasn’t someone from IT who discovered that the VA-Pentagon portal was delivering the wrong data. It wasn’t a database administrator poring over system logs, or an operations guy alerted by a monitoring system.
It was a user. He likely didn’t know why something had gone wrong with the system. But he knew his job, and he knew that the data the system was giving him didn’t look right.
He checked it out. He confirmed that there was a problem. He raised the alarm.
And for the VA’s IT staff, that paid off big.
Look, even in these budget-strapped days, IT has to maintain some huge, incredibly complex systems. Company survival — even human lives — can depend on keeping them working right. We need all the help we can get.
So use those users. Listen to them. Even encourage them.
Because a user might be the only thing standing between IT and catastrophe.
Frank Hayes has been covering the intersection of business and IT for three decades. Contact him at firstname.lastname@example.org .