Friday, March 25, 2011

IT Strikes Back

I threw out the gauntlet with my last post about IT Follies, which prompted the following comment from an anonymous Australian reader via Telstra:

I'm IT manager for a private practice and used to work for a medical software company.

Problems with the software very rarely get fixed unless it is a show stopper. Mouse trails making your screen flicker? Laughable. Developers won't spend their time trying to fix something like that. It is not a good use of their time, unless the contract is up for renewal. Annoying to you but this is the way it is. And small things like this can be ignored because you're locked into a contract for x amount of years, and changing from a PACS/RIS system is a big investment with many things that can go wrong, and the vendors know this.

With regards to the IT support points, I personally do not lock down radiologists systems heavily as they are my bosses. They do know to consult with me before installing anything as many times before installing software can cause unexpected problems. Things like not changing the background; with our agfa systems the background contains important information. IP address, storage cache levels, etc. It saves us (and you) lots of time when having to deal with support calls. I can only assume that is why they don't let you change the background.

Disabling usb ports is a bit extreme, however I have had a workstation crippled due to a virus that got onto the system and interfered with the RIS and PACS (oh, and the user thought disabling the antivirus was a good idea because "it made the system too slow"). In my job, we are afraid to make any change to a doctors reporting station, because if that f***s up, you won't be able to report. The complaint of not having an RSS reader is minimal compared to not being able to work, for example.

Security risks are always a big concern. We're dealing with people's personal medical records. I highly doubt you understand the seriousness of this, and the amount of vulnerabilities in flaws in todays computer systems. Any preventative measure that can be taken to secure a system/network should be. The moment security is breached in your systems - you will be condemning IT for allowing it to happen. (Had this happen a number of times to myself before also, maybe you yourself will be more understanding but others will not).

I also find your use of words to be rather harsh and are kicking up a storm over trivial matters. You earn ridiculous amounts of money and are complaining about "draconian manners" such as disabling right click on the desktop. My heart goes out to you.

Generally, IT know what they are doing (some have no clue, but they are gone after a month or two usually), and the regular users don't. It doesn't sound like you have any relationship with your IT team, and most likely would come across as an overpaid, arrogant doctor with trivial demands. They won't give you the time of day.

Apologies if this is a bit all over the place, typing paragraphs in between other duties here.

Wow. Darth Croc definitely has an opinion, doesn't he? Rather than lash out in return, I sent the comment to several of my friends and colleagues.

One of my Australian friends said, "Typically, the default answer (of IT) is “no”. Yet in our private practice, I have IT staff who manage a larger PACS system than the whole of the state public system. . .The difference is that they consider themselves (and are regarded by all) as an important part of the practice, and take pride in what they can deliver. The default answer when a doctor or tech asks is usually (as it should be), is “how can we do it, and what else could we do or combine to make it better, simpler, cheaper or useful for more people?”.

Let it be known that I DO consider IT people (both those within my group and those employed by the hospital) a VERY important part of what I do.  Sadly, there are those who don't hold ME and my colleagues in the same regard.  Clearly, Darth Croc resents the arrogant, overpaid docs under whom he toils, those who don't understand the seriousness of security.

Mike Cannavo, the One and Only PACSMan, simply said, "but as they say you can't fix stupid so why bother?" Ah, but I must, I must...

My friend, 23 Skidoo, who also has experience with the software end of things, as well as time as a PACS Administrator, is the author of the very well-written X-Ray Vision Blog.  23 Skidoo has this response:
Wow...Well, he/she has some points with respect to vendors only fixing major items...

It is sloppy coding but when it comes down it, I wonder if the problem is more about the CIO/administrators making the final purchase decision instead of the radiologists who have to use the dang thing.  I couldn't imagine any radiologist picking GE, particularly after using/demo-ing most other pacs systems...

I don't like the "IT knows what's doing and doesn't need your input" attitude that comes from this person because that indicates a lack of willingness to cooperate. "We know best, and that's that" is what I hear coming from him. I think your main point is not the "smallness" or "bigness" of the issues but the lack of desire on IT's part to even consider cooperation. What they dismiss as small, or in his words "trivial" may be truly small at the computer level, but not on your, life and death, or even just work aggravation level. Perhaps if they took the time to see what you have to do to deal with what they consider small, they just might come around. But it sounds like this person has already made up their mind and is patronizingly treating you like the spoiled child he already presumes you must be, because you are a DOCTOR. Perhaps it's an unconscious or even conscious, passive/aggressive way to lash out at people and throw some authority around. Like TSA agents. TSA is what happens when you give a high school dropout a uniform and a clipboard...

Perhaps if there were more of a spirit of cooperation it wouldn't be such an adversarial US vs. THEM atmosphere and real things could be accomplished. Maybe if they explained to the docs about USB's and viruses, and possibly discussed workable alternate solutions...and gave them heads up when changes were being made instead of sneaking the changes in without any warning docs wouldn't phone in furious. But if one day I can do something and the next day I can't occurs, and no one said a word, I'd be livid. That's patronizing, and wrong. IT folks are not generally known for their ability to communicate to anyone other than machines, and while that is a bit of a harsh stereotype, I have found it to be true. They don't see a reason, (because they have no clue clinically) why they shouldn't do something, take a function away and are "surprised" when they get an onslaught of calls regarding the missing function.

So a better willingness to cooperate and communicate will go a long way for them.. They will get greater compliance with the items they feel they do need to restrict, and gain a better understanding about why they shouldn't do other things.

Both sides need to: Cooperate and Communicate... no condescension....leave attitudes at home.
Well said.  My own PACS Guru, who is not at all afraid to say what he thinks, even (especially) if I might disagree with him, comments thusly:
I think the response should be to politely let him know that you do have a higher than normal understanding of both IT and the security risks involved when dealing with patient records. Tell him that IT personnel that understand what is required to deal with and keep a PACS running and secure without putting up roadblocks that inhibit it's functionality and the users ability to do everything needed so they can take care of patients are the EXCEPTION rather than the rule. Most IT departments are only concerned with the security NOT the usability with a system. It's like welding a Porsche into the garage to protect it.

The animosity and arrogance he displayed in his post IS the norm for IT folks and that too is part of the problem. You can also tell him that your group's IT/PACS team doesn't seem to have a problem protecting your machines,servers, or network without locking your machines down to the point of being unusable.
I think we have the proper responses to Darth Croc.  Many thanks to my guest contributors.  When you have friends like mine, it's really easy to write a blog!

As I've said at every opportunity...PACS is a team effort.  We need cooperation and discussion to go forward.  The Rads, the Vendors, and IT all need to work together to HELP OUR PATIENTS.  That's what it's all about, folks.  I've tried to spread this message everywhere from Perth to the Deep South, but I'm not sure everyone is listening.

Still, saving a life does take precedence over saving the integrity of a computer, at least in my book.

I await Darth Croc's angry response.



Martin P said...

There's clearly a balance to be struck and historically the schism between Radiology and IT hasn't helped acheive that balance. I do think its getter better though - albeit slowly perhaps. Sometimes there does need to be movement on both sides of the coin.

I do know of an IT department that refuses to allow Apple Macs on the network because they dont have the skills to support them. Thats one extreme side of the balance that is clearly unacceptible.

On the other side - I'm aware of a situation where a small handful of machines were infected by a virus and flooded the network with garbage - effectively clippling a whole hospital. Thats another extreme.

I know of a situation where major decisions were made by Radiology staff without input from software professionals (note: specifically software rather than just IT) resulting in a major mis-alignment. It does happen (still).

You do have contributions there that say IT can, and do work well with Radiology (and all the other departments if not in a dedicated Rad practice). But might I suggest the success stories don't get as much exposure as the converse? There are good eggs along with the bad ones.

I recall working for a large multinational once that issued a dictat that all electric plugs were not to be used unless they were tested by the electricians once a year. Whether they had time to do it or not. Equipment was left idle for days waiting for a new 'tested' label to be issued. Thats also the wrong side of the balance although the sentiment behind the dictat can be readily appreciated.

Just a few thoughts.

Anonymous said...

Speaking as a vendor, reading Darth Croc's comment made me cringe slightly. This may be the way it is for large software companies, but I and my team have always tried to address the software issues customers have, even if we consider them minor or trivial. From a software engineering perspective, mouse trails making your screen flicker offends me - it should not be the case, and small things like that can bother you much more than yet another feature.

The concerns of security must not be completely gone from your mind when dealing with IT. We work hard to ensure that patient data is not leaked, and IT does the same. You, as a responsible doctor, exercise discretion in your dealings with patients, and not allowing patient data to be distributed to the wider world through virus infection or hacking is part of that.

I further note that some PACS vendors lock down user accounts by default; it's not so much an IT choice as it is the default (and difficult to override) for the PACS system.

If your software vendor won't listen to your concerns, though, and you would rather deal with one that does, we'd be happy to hear from you!

Anonymous said...

Being in IT, here are my 2 cents...

I agree whole heartedly that open dialogue between IT and users is critical. Especially when it comes to system implementations.

Security is a combination of Technology, Policy, and Users. What saddens me is that across all professions there are those who simply don't care to do their part. Those that willfully circumvent security because they are (insert whatever 'better than thou' phrase here). Those of us that are really trying, more often find a few rotten apples spoil the gains that we have accomplished. Something happens, management drops a bomb on IT and its all down hill.

Thankfully in the recent few years I have been lucky to work with some excellent customers who understand and participate. It makes my life and theirs so much better.

Can't we all just get along? :-)