To: year2000-discuss@year2000.com Subject: Re: Journalist Article: Health care community
This is a first-hand account of a problem that happened at the University of Utah Medical Center some twenty years ago. It was *not* a year 2000 problem, but the chain of events was something like the kind of thing that we may see a lot of in a couple of years. I worked at the UUMC at the time of this occurrence, and was on site for the clean-up. It's been well over a decade since I've been in Utah (except the airport), so much of the physical layout may have changed in the intervening years.
At the time, around 1975, the UUMC had two distinct electrical systems: one for non-critical areas, and one for critical areas. The electical outlets tied to the critical system circuits were all red so that you would know not to plug your coffee maker into one of them. All of the patient areas were on the critical system, while all of the office areas and most of the medical school were on the non-critical system. Power came into the facility from a sub-station to a main switch. During normal operation, the switch routed power to both the critical and non-critical circuits. If there was an interruption in power from the sub-station, the switch automatically switched over so that the critical circuits were now being fed by a diesel generator, while the non-critical circuits were left off-line.
The UUMC sits high on the east bench of Salt Lake City, with the foothills continuing on up above it. Below the medical center is the rest of the University of Utah campus. Above the medical center is a reservoir. The reservoir had an overflow alarm. The alarm sounded in a facility on campus and would trigger (I don't know whether it was automatic or manual) the pumping of water out of the reservoir. Because it was important that the overflow alarm always be functional, it was tied in to the UUMC critical circuits.
One fateful day, there was a momentary interruption in power from the sub-station. The main switch at the UUMC kicked over to the generator. However, at that same instant, the power came back on-line from the sub-station. The result was that the main switch caught on fire. When the fire was out, we found that we had power from the sub-station to the non-critical circuits, but when the switch was destroyed, we lost our ability to route power to the critical circuits. Therefore, life support systems were non-functional, but the coffee makers were up and running just fine.
To make matters worse, since the critical circuits were all down, the overflow alarm for the reservoir was non-functional, and, you guessed it, the reservoir overflowed. Since it was directly uphill from the medical center, we ended up with about a foot of water in our medical records department. Fortunately, most of our patient areas were on the upper floors.
As far as I know, there were no casualties or patient complications from this episode. It was, however, a very expensive way to find out that even well-laid emergency plans can backfire when the disaster doesn't occur just the way you had planned it. When unanticipated Y2K application glitches team-up with embedded system failures, we may find stories like this to be commonplace.
--Bob Braddock braddob@hlthsrc.com