Friday, December 30, 2011

UNINTENDED CONSEQUENCES (Lessons Learned when Poor Process Management Leads to a Serious HIPAA Violation)

A panicked former client contacted me late last week to solicit my advice on a recent technology system implementation "train wreck" that occurred during the week of the Thanksgiving holiday -- (thankfully, VeNí Consulting was not involved!)  As the result of an unfortunate series of events, a serious HIPAA privacy violation had been committed and his organization was currently under investigation.  For those of you not familiar with the specific consumer rights covered by HIPAA (and I think its extremely important to understand the laws governing OUR personal information during this age of increased information sharing and its security implications), it is the Health Information Portability Accountability Act, a Federal law that provides protections for personal health information held by covered entities and it gives patients (i.e., you and me) with an array of rights with respect to their information.  Specifically, there are two rules:
  1. Privacy Rule:  A Federal law, gives you rights over your health information and sets rules and limits on who can look at and receive your health information.  It applies to all forms of individuals' protected health information, whether electronic, written, or oral.
  2. Security Rule:  A Federal law that protects health information in electronic form, and requires entities covered by HIPAA to ensure that electronic protected health information is secure.
It was the Security Rule violated in my client's case, but let me provide you with a little more background to his story.  His company (a leading Health Care technology provider) is currently in the painful "throes" of a very complex, poorly planned and poorly managed post merger integration initiative (there is SO much to say on this point, that I will reserve my opinions for a future "Mergers Gone Bad" blog entry).  Well, adding to this "recipe for disaster" is a culture of general apathy for business process rigor including, but not limited to, limited formal process and standard operating procedural documentation, and where documentation exists, there are no clear consequences when established processes and procedures are not properly followed (i.e., managing non-compliance).  Sadly, senior executives contribute this culture of apathy by strongly encouraging staff members to usurp critical business processes when attempting to "shave off some time" when running toward a looming project deadline (painful symptoms of poor upstream planning upstream and a major cause of quality problems resulting in dissatisfied customers).

In my client's unfortunate incident, several organizational risks lurked in the shadows awaiting the perfect opportunity to POUNCE!  After several years of painstakingly developing, documenting and managing the end-to-end business processes implemented in his organization (including a disciplined approach to tracking their performance based upon internal and external customer requirements -- very impressive), he received an "eleventh hour" request (a.k.a. "red-hot emergency") from a distraught and ill-prepared Product Implementation Manager, who sneakily carbon copied several senior executives (a common CYA tactic exercised by individuals with a track record of poor planning, missed deadlines, cost overruns, product defects, customer complaints, etc.).

This services and materials requested were actually the responsibility of the Implementation Team, but due to the extreme time constraint, additional esources were being recruited in a desperate attempt to meet the looming deadline.  Oh, did I mention this all happened on the day BEFORE the customer system was scheduled to "go live" which also happen to be the first day of the Thanksgiving holiday week (INSANE).  For those of us who have spent any time working in a corporate office, we ALL know the buildings become "ghost towns" during the weeks containing the Thanksgiving and Christmas holidays due to employees taking vacation time at the end of the year.

Needless to say, the bad timing posed an obvious resource constraint for all parties involved and certainly did not provide the remaining with the required amount of lead time to effectively perform the tasks requested and deliver quality outputs (and lead requirements were clearly spelled out in the publicly distributed business process documentation provided by my client's organization).

CONSEQUENTLY, my client took the prudent and wise action of PUSHING BACK, noting his concerns associated with:  1) the amount of risk induced by the poor and late timing of the request, 2) a severe lack of resource availability due to the pending holiday, and 3) an obviously poor project planning effort performed by the Implementation Manager, and if this emergency was allowed to occur, what else has been overlooked?  Well, much to his chagrin, his phone rang and it was one of the senior executives who had been copied on the lengthy email exchange (BTW... Try to avoid lengthy email exchanges, particularly with several senior executives carbon copied.  It never ends well).  I digress... Said Senior Executive referenced my client's reputation as "the person you go to get things done" and his very successful track record of consistently delivering high quality and value-added services (clearly a positive result of the business processes he enforces and has to defend daily).

Well... I wish I could say my client stood his ground.  However, we certainly all have our vulnerabilities, weakness, soft-spots... For some it is Hersey's dark chocolate kisses, for others it is being called upon to play "Super Hero" and save the company from eminent destruction!!!  Unfortunately, after too many years of seeing these  scenarios play out in organizations, there is rarely a winner (even the Executive loses over time).  Typically, the "Super Hero" is set up for failure due to unrealistic expectations, timeline and limited resources.  If, due to extraordinary measures, the designated Super Hero "adverts the disaster" or "extinguishes the fire" a very dangerous precedence is set giving team members a false sense of security that if another emergency arises, there are Super Heroes on the organization that can be called upon to "save the day."  Over time, it results in a culture of "firefighter" employees who passively await the "burning platforms" to motivate them into action, instead of focusing on the measures necessary for "fire prevention."

So, the "call to arms" issued from the senior executive proved to be my client's "kryptonite" and he was now perilously taking on the enormous amount of "risk" being thrown over the wall by that very crafty Product Implementation Manager (who I'm sure knew actually what they were doing).

Well, as you know from the opening of this blog entry, this story does not have happy ending... The misdirected pressure/confidence sadly aimed at my client's organization who had a well-deserved and hard-earned proven track record for consistent delivery verses holding the Product Implementation Manager "accountable" for their poor planning, poor execution and unwillingness to follow established business processes, is a treacherous road to travel and it certainly penalizes the star performers who are willing to go above and beyond the call of duty, while poor performance is overlooked and, indirectly, rewarded.  This convergence of unfortunate circumstances resulted in a nasty HIPAA violation when customer and internal technology training sessions (and materials) were provided referencing the WRONG database containing LIVE customer billing data (ironically, an Implementation Team member sent out the wrong link).  This mistake exposed thousands of personal patient records to session attendees leading to the following HIPAA violations (a.k.a. "unintended consequences"):

  1. Formal complaints filed on the covered entity with the Federal Office for Civil Rights (OCR)
  2. Incident investigation conducted by the OCR (and covered entities are required by law to cooperate with complaint investigations).  This also includes the determination if the action could be a violation of the criminal provision of HIPAA (42 U.S.C. 1320d-6), whereupon, the OCR may refer the complaint to the Department of Justice for investigation
  3. Notification of EVERY customer who's health care data was exposed, along with their respective patients
  4. Imposition of civil money penalties (CMPs) on the covered entity
  5. Potential lawsuits from exposed customers and/or their patients

Experience has shown accidents tend to be a result of a perfect storm of consequences stemming from a series of poor choices.  Something to remember as we confronted with a barrage of daily decisions and the need to carefully weigh our options.


~ ~ ~ ~ ~ ~
By: Venae Sears-Ellis, CEO & Senior Partner, VeNi Consulting, LLC (c)2011

~ ~ ~

Tuesday, December 20, 2011

A Night at the Ballet (A Lesson in Quality)

My 10-year old daughter has been taking ballet classes with the Atlanta Ballet Center for Dance Education for six years. Last year, she auditioned and won the role as a mouse in the Atlanta Ballet's annual production of Tchaikovsky's "The Nutcracker." Similarly, this year, she auditioned again and won the role of one of the party children in "The Nutcracker."

Many of you are familiar with the story of the girl who receives a nutcracker in the shape of a toy soldier, which comes to life in the middle of the night to do battle with the Mouse King and his army of mice. The Atlanta Ballet has been staging this production since the late 1950's and this is believed to be the longest continuously run production in the United States. To make this work, the child actors are assigned to one of five casts that perform the 20 shows during the month of December (each cast appears in four shows).

As good parents, my wife and I are quick to grab front row tickets for the four shows in which my daughter appears. Even though each ticket costs close to $100.00, I love sitting in the front row because I have an unobstructed view of the stage and the orchestra pit where the Atlanta Ballet Orchestra performs the music for the show live. I love classical music and Tchaikovsky happens to be one of my favorite composers and "The Nutcracker" is undoubtedly his most well-known composition, since it is basically the soundtrack for Christmas.

Last year, I was completely mesmerized when the music began as the curtain came up on my daughter's scene; I would watch intently as she hit her spot, perform the synchronized routine with the other mice, and then scamper off on stage right. For four shows, I was completely impressed with my nine-year old's ability to know exactly what to do and when to do it!

This year, once again we have front row center aisle seats for all four of my daughter's performances. She has a different role this year, but like last year, she knows exactly where to go, when to enter the stage, when to exit, and how to interact with the other child and adult performers on the stage. Someone else is playing the role of her mouse character from last year, but that little girl is hitting the same spots on stage, performing the same synchronized routines, and exiting at precisely the right moment. As a matter of fact, all of the performances this year are exactly the same as the performances last year. The music sounds the same. The costumes are the same. The sets are the same. Everything is the same, except for the child actors; as they get older, they move on to different roles and younger actors come along and take their place.

~ ~ ~

So my night at the theater has become a lesson in quality! The Atlanta Ballet must select five sets of children actors, with over 20 children per show, to perform in 20 shows per season. And since patrons of the Atlanta Ballet are paying close to $100.00 to enjoy "The Nutcracker," each performance must be as perfect as the one before it and the one after it; it doesn't matter whether you come to the opening night performance, or a Saturday matinee performance, or the last performance, every performance must be the same!

How does the Atlanta Ballet control the quality of this production so well, that over 3,000 people will pay a premium to attend each of the 20 annual performances of "The Nutcracker" for more than 50 years?

Does your organization control the quality of its services as well as the Atlanta Ballet? Are there standardized processes in place to ensure the quality of the services your organization delivers? During these tough economic times, can you control cost and risk to ensure quality service for your customers?

VeNí Consulting has a solution to help our clients improve service delivery by analyzing the quality, cost, and risk of their services. Go to veniconsulting.com for more information.

~ ~ References ~ ~
Read about the history of the Atlanta Ballet.

Read about Atlanta Ballet's "Nutcracker".

Read the Wikipedia article about the history of Tchaikovsky's "The Nutcracker".

~ ~ ~ ~ ~ ~

By: Plez A. Joyner, CIO & Managing Partner, VeNi Consulting, LLC (c)2011

~ ~ ~

Tuesday, December 13, 2011

A Lesson in (the Lack of) Cost Control: Plant Vogtle Construction Cost Overruns

The Alvin W. Vogtle Electric Generating Plant, also known as Plant Vogtle, is a 2-unit nuclear power plant located in Burke County, near Waynesboro, Georgia.  Units 1 and 2 were completed in 1987 and 1989, respectively.

During Vogtle's initial construction, costs skyrocketed from an estimated $660 million to $8.87 billion. This was typical of the time due to increased regulations after the Three Mile Island accident. In 2009, the NRC renewed the licenses for both units for an additional 20 years, to the 2040s.

On August 15, 2006, Southern Nuclear (a division of Southern Company that runs the plant) formally applied for an Early Site Permit (ESP) for two additional units.  On April 9, 2008, Georgia Power Company reached a contract agreement with Westinghouse (owned by Toshiba) and the Shaw Group (Baton Rouge, LA) to construct two AP1000 reactors. The contract represents the first agreement for new nuclear development in the United States since the Three Mile Island accident in 1979, and received approval from the Georgia Public Service Commission (PSC) on March 17, 2009.

On November 21, 2011, AJC.com reported construction costs for Georgia Power’s planned expansion project at Plant Vogtle are $42 million over budget, and delays in getting federal approval to build the two reactors may push back the construction schedule roughly five months. The rise in construction costs are related to, among other things, a change in what labor may cost over the long term for the project.

The estimated cost of the project is $14 billion. Georgia Power is responsible for roughly $6.1 billion, 75 percent of which is construction costs and the balance is financing costs. The first reactor is scheduled to start producing power in April 2016, and the second one a year later.  Based upon the monthly construction monitoring report, that the first reactor may not start producing electricity until September 2016.

~ ~ ~

How many of you think this $42 million cost overrun will never show up in their electric bill over the next 10 years? And if you believe that, I have a bridge in Brooklyn to sell you!  As a matter of fact, AJC.com reports that “a utility consultant says Georgia Power wants to charge customers too much when the company starts buying significantly more electricity from other places.” Nothing would prevent Georgia Power from going to the Georgia Public Service Commission (PSC) to start charging their customers for the increased cost of Plant Vogtle construction.

~ ~ ~

Something can be done…

Not too long, VeNí Consulting had the opportunity to analyze a client’s cost overruns on a $200 million construction project very similar in scope to the Plant Vogtle Nuclear Plant Construction Project: an infrastructure construction project in which the client had very little expertise.  The client was required to outsource all of the engineering design and construction work to contractors.

One of the contractors apparently took advantage of our client’s lack of expertise in this area by low-balling early estimates (which quickly rose as the design phase began) and by providing poor quality engineering drawings (requiring re-work on engineering and construction which led to much higher project costs).  The price tag for poor quality was more than $50 million in increased project costs (close to 25% of the total cost of the project)!

Further analysis revealed that almost $15 million of the cost overrun could have been avoided had a rigorous contract administration and management system been in place.  VeNí Consulting was engaged to implement a Performance-based Service Contracting (PBSC) System with this client. PBSC will help to correct problems commonly associated with services contracts and identified in numerous audits, including cost overruns, poor quality deliverables, schedule delays, failure to achieve specified results, and other performance problems.

Performance-based Service Contracting (PBSC) requires the contractor to understand all project deliverables, to agree on the cost of all project deliverables, and most importantly, to conform to agreed upon standards of quality for all project deliverables.  All of these contract terms are in place PRIOR to the selection of the contractor!

PBSC is a standard which has been in use by most US Government agencies for over 10 years.  In converting from a traditional Statement of Work (SOW) contract to a PBSC Performance Work Statement (PWS) contract, some government agencies reported an increased initial up-front investment. However, the resulting savings to these agencies through the use of PBSC quickly offset the initial up-front costs. In addition, the quality improvement from this type of contract and the resulting reduction in overall contract administration costs again offset the initial up-front costs.

If your company does not have a contract management process to control project costs and deliverables quality, visit VeNí Consulting for more information about the right solution for your company.

~ ~ References ~ ~
Read the AJC.com article about how costs rise by $42 million for Plant Vogtle construction before construction begins.

Read the AJC.com article about how Georgia Power is asking for high rate increases.

Read the Wikipedia article about the history of Georgia Power's Plant Vogtle.

Read the US Office of Management & Budget (OMB) memorandum about the implementation of Performance-based Service Contracting (PBSC) in the Federal Government.

Watch the VeNí Consulting video about the implementation of Performance-based Service Contracting (PBSC) in the utilities industry.

~ ~ ~ ~ ~ ~
By: Plez A. Joyner, CIO & Managing Partner, VeNi Consulting, LLC (c)2011

~ ~ ~


Wednesday, September 7, 2011

An Introduction to VeNí Consulting



Business Challenges and Proven Solutions:


Due to rapid economic fluctuations, uncertain market conditions, and the challenges posed by global competition, today’s executives are faced with the challenge of getting the most out of their limited resources. Consequently, executives need solutions to effectively address these business obstacles with proven solutions that will influence their specific industry during a bull market or during a down economy.


VeNí Consulting provides high-impact, high-value advice to our clients and our extensive background in quality assurance, specifically in the areas of Lean, Six Sigma, Total Productive Maintenance, and ISO 9001 enable us to assess the business problems our clients need to address, align their organizations with corporate strategic imperatives, empower their team members to take ownership to “steady the ship,” and implement the right solution in order to improve productivity and ROI. 


The VeNí Consulting perspective empowers our clients to improve their organizational efficiency and get the most out of their current resources in order to:

  • Improve Productivity by Recognizing Value-added Activities
  • Reduce Costs by Driving Out Waste
  • Mitigate Risk by Optimizing Business Processes
  • Increase Profitability by Concentrating on Sustainable Outcomes

For more information, go to VeNi Consulting.