Year 2000 Issues Facing the Health Care Industry

By Michael E. Clark, J.D., LL.M. in Taxation, candidate for LL.M. in Health Law

The health care industry faces tremendous litigation risks and operational exposure from the Year 2000 (Y2K) problems. Although an estimated 80,000,000 personal computers will not properly handle the date change from December 31, 1999, to January 1, 2000, the Y2K problems facing the health care industry involve much more than just mainframe and desktop computer failures. The problems potentially involve life-and-death situations because many medical devices use embedded microprocessors or "chips." Supplies of drugs could be destroyed in error because computer software mistakenly identifies them as outdated. Medical records, including payment and billing records, could also be adversely affected for the same reasons.

The Y2K problems developed years ago, when it was common for computer programmers to conserve computer memory by using a shortcut in which only two digits, rather than four, were used to represent each calendar year. Y2K problems can occur whenever date-sensitivity is involved. With the two digit limitation, a computer may erroneously convert 99 + 1 to equal 00 or 98 + 4 to equal 02. Other dates which programmers used for "testing" computers may likewise trigger Y2K problems. A commonly-cited example is the date of September 9, 1999 (9-9-99).

Computers, software programs and embedded microprocessors are the essential components of many medical devices and pieces of business equipment, and many medical devices use multiple embedded chips from multiple manufacturers. Unfortunately, if any one of these embedded chips is Y2K sensitive, the device may not operate normally or may not function at all. Unlike desktop or mainframe computers, embedded systems are not always easy to recognize, check, or fix. Even when these chips are located, another problem in determining if they and the device are Y2K compliant arises because many manufacturers have apparently used different embedded chips for the same model of devices. As the House Subcommittee on Government Management, Information, and Technology recently noted in its October 8, 1998 report, entitled "The Year 2000 Problem," http://www.house.gov/reform/gmit/y2k/y2k_report/Issumary.htm, of the estimated 25 billion microchips being used throughout the world, two to five percent (about fifty million) are believed to have the Y2K problem and depend on date calculations. It is for these and other reasons that most experts now think that the embedded chips are the larger Y2K problem. The Institution of Electrical Engineers provides very helpful information about embedded chips and the related Y2K problems at http://www.iee.org.uk/2000risk/.

As a result of the Y2K problem, equipment may operate abnormally or may quit functioning altogether. For example, an X-ray machine may erroneously compute the patient's age and deliver too high or too low a dose of radiation therapy or a computerized office system may erase all data held in memory. Even when the computer chip identified in a device is found to be compliant, dangerous problems could result if the device communicates with a non-compliant computer through telemetry to provide mathematical calculations.

The Food and Drug Administration (FDA) has been calling upon Medical Device Manufacturers to voluntarily identify those devices which they have determined to be compliant, those that have been determined to be non-compliant, and those that have yet to be fully tested. While the FDA has issued several letters explaining to the approximately 13,000 identified medical device manufacturers that, as part of their continuing obligation to ensure that their products are safe and effective, they must provide this information, only about 12% had responded as of the July 1998 deadline according to a critical Government Accounting Office (GAO) report issued in September 1998. This report and other reports focusing upon Y2K issues involving the health care industry are found at http://www.gao.gov/y2kr.htm.

While several Y2K-related, health care class action lawsuits have now been filed, they have only focused upon the damages incurred in remediating (upgrading or replacing) purportedly non-compliant medical software that was sold to doctors and hospitals as being Y2K compliant. The more frightening suits for the health care industry, however, will involve patient injury and wrongful death suits. Plaintiffs' attorneys may ask juries to hold hospitals, software companies, attending doctors, medical device manufacturers, and equipment suppliers responsible for patient injuries. Their claims will be that many of these defendants breached their fiduciary duties owed to patients to use reasonable care in locating and correcting dangers associated with Y2K problems. Such patient dangers are not imaginary. Even with the limited responses provided to the FDA by the medical device manufacturing industry, among the already identified, non-compliant devices are:

Beyond the problems health care providers face in determining which devices and equipment may be non-compliant, there is also the very real threat that payments will be delayed because many government systems have yet to be remediated. The Department of Health and Human Services and the Health Care Financing Administration (HCFA), which administers the Medicare program, recently received an "F" for their progress in resolving Y2K problems. Providers in Texas and around the country who participate in Medicaid likewise face Y2K problems. A November 1998 GAO report entitled, "Year 2000 Computing Crisis: Readiness of State Automated Systems to Support Federal Welfare Programs," found at the GAO link provided above, paints a particularly dismal picture: overall, only about one-third of the systems in the forty-nine states that responded are reported to be currently compliant.

01/20/99