Heathcare.Gov: How Disaster Could Have Been Averted

The recent NY Times article - From the Start, Signs of Trouble at Health Portal tells an all too familiar tale of governance and execution failure. It reports:

"For the past 12 days, a system costing more than $400 million and billed as a one-stop click-and-go hub for citizens seeking health insurance has thwarted the efforts of millions to simply log in.

Interviews with two dozen contractors, current and former government officials, insurance executives and consumer advocates, as well as an examination of confidential administration documents, point to a series of missteps -- financial, technical and managerial -- that led to the troubles."

Although many things have changed over the years, the fundamentals of execution, management, and governance remain the same. The industry (both private and public sector) is littered with failed complex business and technology initiatives such as the Healthcare.gov launch.

In 2002, I wrote in the Wall Street Journal:

"With rare exceptions, then, the so called strategic application of technology is little more than a grand experiment which demonstrates a disconnect between business and technology.

....it seems logical that people who are actually going to use a system would have a major role in designing it. But logic can be elusive; few project teams reach out as broadly as they should in their work."

Over the last 20 plus years I have seen way too many of these failures up close. I have worked on complex roll-outs in both the private and public sectors, studied them, written page after page about them, and created companies and research think-tanks in the hopes of fixing similar management disconnects.

For complex projects such as Healtcare.Gov, first, you have to break the broad goal down into a set of execution capabilities enabled with cohesive governance procedures and risk mitigation.

Managing Execution Risk

Attempting to successfully conceptualize, implement and deploy technology to achieve operational excellence and strategic advantage can leave an organization vulnerable. Unless the leadership team is vigilant about risks and are willing to implement governance strategies, the ultimate value of a strategic initiative may be lost altogether.

Risks can be classified into three broad categories: systems, sourcing and strategy.

Some risks, such as systems and strategy, are predominantly intra-enterprise; others, notably sourcing, reflect inter-organizational challenges. Although, I have not seen the Healthcare.gov project implementation from up close, I can confidently say that the project has suffered from every single one of those risks.

The following is an executive agenda for managing business-technology risk (based on several of my past books and management research projects) that may help in future projects as ambitious as Healthcare.gov:

Step 1: Build strong partnerships between technology and users at operational, tactical and strategic levels. Provide forums for frequent interaction to raise levels of trust and understanding. Strong partnerships serve multiple risk-mitigation objectives: They promote organization involvement, permit requirements to be defined in an amicable and cooperative climate, ensure that business-technology investments are aligned with business priorities and goals, and facilitate ownership of projects.

Step 2: Educate executives, managers and other knowledge workers about the unique environment and challenges of business technology. Expectations are often not consistent with reality, leading to an expectation-fulfillment gap and overall dissatisfaction with the technology organization. An improved understanding of what it takes to extract value from business technology will contribute significantly to an improved technology-business relationship, thereby reducing the overall implementation risk.

Step 3: Craft a comprehensive sourcing strategy that articulates the desired mix of insourcing, domestic outsourcing and offshoring. Too often, sourcing decisions are made in an ad hoc fashion without a systemic view of the overall goals of the technology organization and the level of long-term capability necessary to meet strategic objectives.

Time and significant firm-specific learning are needed to ramp up a technology organization. Ensure that critical capabilities exist within the organization. A technology group that is too lean and highly outsourced inhibits communication and becomes overly complex to manage. But a technology organization that's too large is unlikely to deliver desired business value in the form of cost economy.

Step 4: Nurture vendor management capabilities and develop vendor management expertise that includes knowledge about location constraints, vendor performance and vendor abilities. Such capabilities will facilitate vendor selection and mitigate the multiple risks associated with both domestic and offshore outsourcing. Using pilot projects related to applications that are not mission-critical is an effective low-risk mechanism for learning about the strengths and weaknesses of offshore locations.

Step 5: Instill an investment management culture and imbue the technology organization with investment-management expertise. As with any skilled activity, business-technology investment management is both a science and an art, and must be formally learned and practiced on the job.

Poor investment management is one of the most significant risks technology organizations face. In fact, it can differentiate firms that can exploit technology for business value from those that can't.

Step 6: Develop and institute a metrics program for articulating risk management and control objectives, and for monitoring progress against these objectives. Any business-technology management or development activity can be evaluated against information criteria such as effectiveness, efficiency, confidentiality, integrity, availability, compliance and reliability. Setting appropriate targets for these criteria--targets that are widely understood and agreed upon--will ensure that the efforts of all stakeholders are collectively geared toward managing risk.

Pitfalls and Challenges

None of these things will happen overnight. There are pitfalls and challenges attached to all of them:

  • There will be scope expectations, and more than one critic will say, "Why are we doing all this? Where's the return?"

  • Realize that some budget owners are going to resist increased scrutiny over investment proposals: "It's my budget, and I am going to spend it as I see fit!"
  • There is a very real possibility that the first communications will be greeted with, "Who cares?"
  • For many, the inclusion of compliance and risk issues into their world is going to be a complicating matter, and they simply are not going to want to go beyond a certain point.
  • And, particularly in times of economic stress, making decisions on the future design of the organization will cause a chill among employees. These decisions must be handled deftly. The important thing to remember is that there will be a future and that effective planning will make it just that much more profitable.
  • An organization setting out to improve the way it manages business technology initiative such as Healthcare.gov must realize that changing its governance and the organization requires time and attention.

    Related Posts by Faisal Hoque:

    For more by Faisal Hoque, click here.