More interesting though is how the story came to light. Justin Deal, a 22 year-old Kaiser employee was incensed at the waste and problems the system was causing and took it upon himself to send an email to 120,000 Kaiser employees. The Wall Street Journal quoted the email in part:
"In a blistering 2,000-word treatise, Deal wrote: “We’re spending recklessly, to the tune of over $1.5 billion in waste every year, primarily on HealthConnect, but also on other inefficient and ineffective information technology projects.” He did not stop there. Deal cited what he called the “misleadership” of Kaiser Chief Executive George Halvorson and other top managers, who he said were jeopardizing the company’s ability to provide quality care.
“For me, this isn’t just an issue of saving money,” he wrote. “It could very well become an issue of making sure our physicians and nurses have the tools they need to save lives.”"Wow... How would you respond if you saw an email like that in your inbox?
Was Justin Deal right? Was he wrong? After reading his blog, I would have smacked him. He sounds like an immature, arrogant, self-righteous kid. [PLEASE NOTE Retraction of this comment] Although... I must admit I was once like that myself.
The issue here is how do we deal with whistleblowers.
Like Kaiser's system, many of our eHealth systems will have MAJOR problems. So much so that some people will feel compelled to expose waste, mismanagement, fraudulent acts, and errors that hurt people. We tacitly support the notion of whistleblowing, but as organizations we fail to provide a legitimate outlet or channel for people to voice concerns. They then turn to the media or other methods of exposing what they believe to be misdeeds.
I personally have experience with two whistleblowing episodes. In the first case the person, frustrated with the organization, went to the media with allegations of wrongdoing. This ended up badly for everyone. In the second case the person approached a trusted member of the organization's management. The trusted manager took the matter seriously, thoroughly investigated the matter and protected the whistleblower's confidence and identity. Issues were brought to the executive team's attention for action. This case ended up well.
In each of these two cases the whistleblowers had only part of the information and reported issues which, to the outside observer seemed troublesome, but upon investigation were found to be explainable and without malfeasance. The second case did point out some procedural issues that were easily resolved.
In both cases the whistleblowers were acting in what they believed to be the best interests for the organization and its clients. They knew the risks and put their jobs and reputations on the line. That's the challenge with whistleblowers. You're dealing with people who want to help and who care deeply for the organization and its mandate.
A risk management system must have a mechanism for people to report safety issues, privacy and security breaches, project and operational risks, conflicts of interest and wrongdoing. Most important: the person doing the whistleblowing must believe that following the right channel will result in a positive outcome, that their concerns will be taken seriously, and that they will not face retribution. Otherwise we force them to look for other avenues to expose wrongdoing.
Set up a whistleblower reporting system in your organization. A good starting point is Shaping Your Whistleblower System by Gerald Bloch. Don't waste your 15 minutes of fame on a headline or broadcast email subject line like the ones that Kaiser faced.
Check out the Wall Street Journal Health Blog for more discussion on the Kaiser incident.