The case states no significant harm occurred to

CareGroup Case Study
Daniel Runt
Med Inf 404 – Health Care Operations
Northwestern University
February 23, 2014
What process controls were needed to prevent this event from occurring?
Any changes to the entire computer system needed to be known to others in the IT
department, and approved by supervisors. The specific cause of the issue occurred when a
researcher installed and then abandoned an unconfigured file transfer program, which
overloaded the network. If the researcher had notified and gotten approval from the IT
department, they might have been able to assist with the configuration and optimization of the
software, and monitored it while the researcher left to care for his wife.
Additionally, routine network stress tests would have helped to identify the network
vulnerabilities and out of date hardware. The reason the program was able to overload the
network was because the network had fallen out-of-spec. The Spanning Tree Protocol (STP)
was unable to manage the network since it had had several unapproved network extensions.
Finally, the network expert who was responsible for maintaining the network had left the
organization, and an appropriate replacement had not been procured. No single individual
should be the only one that understands such a complicated aspect of the business. On top of
that, during his tenure he had fallen behind on the latest technologies; technologies that could
have prevented the outage event had he known and implemented them.
The case states no significant harm occurred to any patient, however what do you
believe were the likely relevant impacts to patient care during the event?
While “no significant harm” came to any patient, care was most certainly impacted
(McFarlan & Austin, 2005). The ED was forced to close for over 13 hours on November 15th,
forcing ambulances to divert to other hospitals. While this may have not been out of the ordinary
for any area hospital, there is probably a reason that the ED had to divert patients. The reason
was most likely that the hospital was already operating at their limits. Staff was falling behind
their existing workloads and had to cut off one source of new admissions.
Care was most likely similar to when the hospitals were operating normally, only much
slower. Clinicians and pharmacists did not have access to medication interaction validation
reports, so they had to do medication checks by hand. Since digital imaging software was down,
extra time had to be taken to analyze physical X-ray films. Medical histories had to be fully
reported from patients, since their computerized histories were inaccessible. All of these can be
relied upon in a pinch, but it certainly slows the patient care, and in an industry where time is
often of the essence, CareGroup was lucky that no adverse outcomes were reported due to the
As an IT leader, how would you evaluate the timeline of the response? Too long/short,
too conservative/aggressive in approach to execution?
The outage was very long for what initially seemed to be a simple networking problem.
The problem lied in the size of the network, which was very large and spanned several sites. A
single addition the network – one which the IT department had no knowledge of – was capable
of weakening it to the point where the event in question could occur. If the IT team had known
about the rogue program or the faulty hardware, the issue may have been resolved in a much
quicker time frame.
CISCO’s approach, while conservative, was exactly the right way to do it. If people are
off on their own, making their own changes, it is impossible to know which change had worked
and why. Their philosophy of not allowing the users back on until a 24 hour period passed
without issue was also the correct course of action. Forcing users to switch back and forth
between paper and computerized systems only wastes time, time that they are already losing
due to using non-computerized ways of doing things.
Works Cited
McFarlan, F. Warren, & Austin, Robert D. (2005). CareGroup. Harvard Business Review, 9-303-097.