In all parts of our lives there are processes don’t always fit every situation and tools that don’t always work as they should. So we invent workarounds. We all do this every day. I had one all figured out last weekend. My wife and I had left a house key for my cousin, Reed, hidden near our front door. He was going to stop by to walk the dogs while we were downstate for our niece’s seventh (!) birthday. My cousin regularly babysits for us so we told him he should keep the house key. I had a workaround in mind. Since I work from home and my wife Beth doesn’t, we’d give the guy her key because more likely than not I would be home and be able to let her in. I took the key off my key-chain and put it in the bowl by the door to remind me that I needed to go the hardware store and to have more keys made. That was the plan.
As you can expect from a situation described after one writes “that was the plan”, the reality of my workaround woke me up with the click of the front door lock and the lightening-fast, multifaceted look reflected back to me by my wife to the question “Do you have the house key?” (a look containing an equal mix of anger, resigned disappointment in a chore not completed, and worry about how we were going to get back into the house) as we loaded the kids into her car to go run some errands. Luckily, Beth had her car keys so we changed our plans and headed to the ‘burbs to pick up a spare key from my parents. We ran our errands on the way back, no nap time schedules were monkeyed with, and my wife promptly made eight copies of the key at the hardware store. No injury beyond my fragile male ego and the need to sheepishly respond to my wife about my screw-up.
Not all workarounds result in such minor outcome.
This is Denise Melanson. A mother of two, a teacher’s assistant from Rainbow Lake, Alberta. In 2007, she was receiving care at an Edmonton, Alberta hospital for a nasalpharyngeal carcinoma, described as an advanced, but treatable case in an article by Catharine Paddock the same year in Medical News Today. As the article describes
“(Melanson) was given an electronic pump containing a four day dose of two chemotherapy drugs, 5-fluorouracil and cisplatin, to administer to herself at home. But unfortunately the pump was programmed to dispense the dose in four hours and not four days. Melanson herself noticed that the medication had run out before it should have and quickly returned to the hospital where the error was discovered. She died 22 days later.”
The Institute for Safe Medication Practices Canada investigated Denise’s death. Among their findings, the report stated “The nurses who programmed the pump and verified the settings carried out complex calculations at the bedside to determine the infusion rate (mL/hour). Both omitted a step in the calculations, forgetting to divide the daily dose by 24 hours. The mL/hour infusion rate did appear on the label of the infusion bag, although not prominently. The nurse did not notice that the infusion would last only 4 hours at her calculated rate of infusion. The nurse who was asked to double-check the initial infusion rate calculation was distracted and on the way to perform another task at the time. She could not find a calculator, so she performed the calculation mentally and on a scrap of paper. The checking process was informal and unstructured, and there was no requirement to perform calculations independently or to document calculations or any other aspects of a checking process.”
I learned about Denise’s tragic story from Ann Blandford, Dominic Furniss & Chris Vincent’s stellar paper “Patient Safety & Interactive Medical Devices: Realigning Work as Imagined and Work as Done“. A statement of stark and brutal honesty stuck with me from that paper about why workarounds need to be treated as urgent wake-up calls that the user experience & usability of a healthcare product or process needs to be reexamined more carefully. The authors state “workarounds typically arise because, in the here-and-now of work, they offer a timely solution to delivering care, and they are overcoming some mismatch between the design and the needs of use.”
In Deborah Debono’s important work on the subject, “Workarounds: Straddling or Widening Gaps in the Safe Delivery of Healthcare?”, Debano and her fellow authors explore how senior management can either be unaware of the workarounds taking place within the organization or give tact approval through absence of proper compliance requests. Debano find this problematic “when management decisions are based on expectations that there is complicit conduct in their organisation. “
HIMSS Analytics and Intel recently investigated the trend of workarounds in healthcare as it relates to security compliance in January of 2014. According to their research report “Curbing Healthcare Workarounds: Driving Efficient Coworker Collaboration” they surveyed “433 healthcare workers, 90 percent of whom practice in North America and 60 percent of whom work in organizations of 500 or more employees. Forty-seven percent of physicians, nurses, Information Technology directors, administrators and other healthcare employees surveyed said workarounds occur in their organizations “sometimes” or “every day,” while only 15 percent said they never occur.
The research report continues, declaring “at 55 percent, “frustration with the current system” was the most common reason respondents cited for employee workarounds, and “workarounds make the job easier” was a close second at just under 50 percent. When asked which specific frustrations were driving the use of workarounds, respondents listed multiple log-in layers, slow IT departments and restrictive sets of approved applications as their primary causes of concern.”
David Houlding, CISSP, CIPP, Healthcare Privacy and Security Lead at Intel Health and Life Sciences framed the findings of the report well, also with the same stark and brutal honesty from Blandford et al.
“What this survey is telling us is that if a solution is lacking in usability, workers will still pursue workarounds. Usability was seen as a ‘nice to have’ 10 to 15 years ago, but it’s more important today because users have so many other tools. If the official solution is lacking in usability, or if security around it is too cumbersome, then workers will pick up alternative devices.”
In a post-Anthem breach environment, workarounds in security procedures should be viewed as a wake-up call that your data security user experience is in need of review.
Today, spend moment thinking about the words of David and Deborah, of Ann, Dominic and Chris. And think of Denise. Think about her when you are scanning a piece of paper with a bar code taped to it instead of the bar code on the pill bottle. Think about her when you are using an unencrypted device to review a client’s PHI. Think about her when you do the math on scratch paper instead of with a calculator. Think about each of those moments as a wake-up call that something needs to change at your organization and change immediately. Wake up. Wake up. Wake up.