Skip to Main Content


Make midstream project changes a walk on the beach: The change control process


Some days, social media seems nothing more than a blur of easily forgettable memes. Yet certain memes keep reappearing to the point where we have no choice but to remember them. Remember the one that displays various images of oceans or forests or mountains with the words “Relax. Nothing Is Under Control”? I do.

Wise words, if you’re on vacation and actually relaxing near an ocean, forest, or mountain. Yet they don’t necessarily apply to the day-to-day world of IT administration and management, particularly when undergoing a system implementation or upgrade. IT directors and staff must have at least some control. One of the best ways to do that, and keep IT chaos at bay, is to apply the change control process.

The Core of Change Control
Before we go any further, let’s clarify one thing: Change control is not change management, the general management of change and development within an organization. Change control refers to the systematic approach of handling midstream changes made during the course of an organization’s project, such as during a new system implementation.

In the world of local government, midstream IT project changes occur both suddenly and regularly due to a variety of factors, including new regulations, modifications to project scope, schedule, budget, and funding. Because many government departments use integrated systems to share data, these changes can have unintended downstream effects, including decreased productivity and revenue, and increased frustration and cost — especially if other departments within the organization don’t know what is going on.

At its core, change control helps you communicate and make decisions to avoid midstream project changes being made in a “vacuum.” It also helps ensure approval from all departments affected by the changes.

When to Use the Change Control Process
There are many types of changes that require change control. These include:

  • Billing changes
  • Mandate changes
  • Operational changes
  • Compliance changes
  • System interface changes
  • Quality assurance changes
  • Changes dictated by grants
  • Revenue management changes
  • Electronic Data Interchange (EDI) changes
  • Changes dictated by external agency requests
  • Electronic Health Records (EHR) or Electronic Resource Planning (ERP) program changes

You can also create an expedited process for time-sensitive changes, based on your organization’s unique needs.

How to Use the Change Control Process
The change control process generally consists of three phases:

Change Request: An individual who wants to make a change to an ongoing project completes a Change Control Request Form. The individual should provide the following information to their supervisor or director, who then determines whether or not to consider the change:

  • The due date of the requested change
  • The affected business lead, if known
  • The description of the requested change
  • The justification/benefit of the requested change
  • The impact of not implementing the requested change
  • Individual(s) who need to be notified and/or trained

Change Response: The CCB informs the requestor of its decision. If the request is approved, the requestor completes a Change Control Implementation Plan. Next, the requestor submits the completed Change Implementation Plan to their supervisor or director for review. Once the supervisor or director approves the Change Control Implementation Plan, they email the approval to both the requestor and a representative of the CCB.

Change Review: If the supervisor approves the change, a governing entity (the Change Control Board, or CCB) reviews the Change Control Request Form. The CCB either approves or declines the proposed change.

The Benefits of Change Control
The benefits of change control are many. Change control:

  • Ensures that midstream changes to IT systems and operations are vetted by all stakeholders
  • Provides opportunities for ongoing business process improvement and staff development
  • Improves training and communication
  • Helps avoid unnecessary changes that can disrupt services
  • Improves resource efficiency

Ultimately, each midstream project change — especially an IT project change — is a bit of a journey. With the change control process, the journey can feel more like a walk on the beach. This blog provides a simple summary of the process, as there are many other things to consider when implementing. But relax: It’s all under control!

Over the course of its day-to-day operations, every organization acquires, stores, and transmits Protected Health Information (PHI), including names, email addresses, phone numbers, account numbers, and social security numbers.

Yet the security of each organization’s PHI varies dramatically, as does its need for compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Organizations that meet the definition of a covered entity or business associate under HIPAA must comply with requirements to protect the privacy and security of health information.

Noncompliance can have devastating consequences for an organization, including:

  • Civil violations, with fines ranging from $100 to $50,000 per violation
  • Criminal penalties, with fines ranging from around $50,000 to $250,000, plus imprisonment

All it takes is just one security or privacy breach. As breaches of all kinds continue to rise, this may be the perfect time to evaluate the health of your organization’s HIPAA compliance. To keep in compliance and minimize your risk of a breach, your organization should have:

  • An up-to-date and comprehensive HIPAA security and privacy plan
  • Comprehensive HIPAA training for employees
  • Staff who are aware of all PHI categories
  • Sufficiently encrypted devices and strong password policies

HIPAA Health Check: A Thorough Diagnosis

If your organization doesn’t have these safeguards in place, it’s time to start preparing for the worst — and undergo a HIPAA health check.

Organizations need to understand what they have in place, and where they need to bolster their practice. Here are a variety of fact-finding methods and tools we recommend, including (but not limited to):

  • Administrative, technical, and physical risk analyses
  • Policy, procedure, and business documentation reviews
  • Staff surveys and interviews
  • IT audits and testing of data security

Once you have diagnosed your organization’s “as-is” status, you need to move your organization toward the “to-be” status — that is, toward HIPAA compliance — by:

  • Prioritizing your HIPAA security and privacy risks
  • Developing tactics to mitigate those risks
  • Providing tools and tactics for security and privacy breach prevention and minimization
  • Creating or updating policies, procedures, and business documents, including a HIPAA security and privacy plan

As each organization is different, there are many factors to consider as you go through these processes, and customize your approach to the HIPAA-compliance needs of your organization.

The Road to Wellness

An ounce of prevention is worth a pound of cure. Don’t let a security or privacy breach jump-start the compliance process. Reach out to us for a HIPAA health check. Contact us if you have any questions on how to get your organization on the road to wellness.

How healthy is your organization's HIPAA compliance?

Success is slippery and can be evasive, even on the simplest of projects. Grasping it grows harder during lengthier and more complex undertakings, such as enterprise-wide technology projects—and requires incorporating a variety of short- and long-term strategies. Yet focusing only on the technological aspects of these projects is not enough. Here are 10 non-tech strategies for success in tech projects.

1. Gain leadership support.

An enterprise-wide technology project can transform an entire organization. Therefore, the first step toward success is to ensure your leadership makes the project an organizational priority. Projects described as "IT projects” in the past must now be seen as strategic business solutions that meet the needs of the organization, prioritized in sync with goals and objectives of the organization. Executives and management need to be on board and demonstrate solid commitment to the project. This dramatically improves the likelihood of project success, and your team knows that leadership is supporting their efforts.

2. Develop and promote a shared vision.

To start a successful project, members across the organization must understand and embrace a shared vision. One way to encourage this is to hold “vision sessions” where key stakeholders meet to talk about how they see the new technology improving operations. Building consensus early on allows your staff to be fully open to change, in turn helping generate positive and creative ideas.

3. Establish project tenets. 

Project leadership must develop a set of project goals and expectations, or tenets, which help staff understand the rationale for the project. They should be clearly defined, meaningful, and when possible, measurable, so the organization knows what success is—and how to achieve it. Tenet examples include:

We will collect and share information across the organization, subject to appropriate security and privacy compliance.

The use of standard business processes across the organization will minimize variations.

We will not design the new system based on existing workflows, and instead will use industry best practices.

4. Create a governance structure.

Early on in the project, identify a clear decision-making structure for resolving issues that arise and preventing delays. Although the project team should address issues first, having an agreed-upon process for issue escalation to leadership will be valuable when you can’t reach consensus.

5. Set realistic timelines.

Set realistic timelines, communicate them clearly, and refer to them often. An easily accessible visual timeline helps maintain project momentum and enthusiasm. It also helps you manage expectations and prevent scope creep. It’s important for the leadership team to inform staff of any changes that will impact their daily responsibilities or affect the timeline or scope of the project.

6. Engage key stakeholders early and often.

Change—even positive change—is stressful. Change management is an essential cornerstone to project success. Building sustainable collaboration and project buy-in from stakeholders at project onset and maintaining it throughout the project life cycle is critical to meeting deadlines and a successful outcome. In the case of a new system selection or implementation project, your operational leads should design and champion new workflows supported by enabled technology. Staff members need to work in sync with your IT department to translate their operational needs into technology requirements.

7. Develop a comprehensive communication plan.

A comprehensive communication plan is vital to the success of any project. It keeps stakeholders engaged and project teams motivated. It also includes the use of visual graphics, website videos, and/or social media for targeting the right groups with the right message at the right time, and in the right manner.

8. Don’t skimp on resources.

Adequate finances, technical infrastructure, and “people” resources must be committed for the long haul—project success is a journey, not a destination. Give your staff enough time to participate in planning, workflow redesign, and ongoing education. In order to help ensure key staff are available for system design and testing work, identify backfill resources for peak time periods in the project.

9. Practice change management for cultural considerations.

Your organization must prepare, support, and sustain all employees through effective change management in order to effect a culture of change. Pre-planning will help to identify potential roadblocks and areas of resistance, and facilitate embracing change.

Resistance comes from the degree of change required, and when staff members believe new technology is just a passing fad. It will take time—and commitment—for your staff members to learn how to use the new technology efficiently and understand its benefits.

10. Develop an effective and sustainable training plan.

An effective and sustainable training plan can’t be overemphasized. It should identify training resources, including personnel, locations, and equipment. In addition, a comprehensive training plan addresses different learning styles of various staff members and multiple training models, such as face-to-face classroom, virtual labs, and online learning. You can supplement these training models with “just in time” 1:1 role-based scenario trainings as needed. The plan should include the development of various training aides, including playbooks, scripts, quick-tip reference sheets, and FAQs. Finally, the plan should include methods for assessing staff proficiency, such as competency assessments and follow-up incremental trainings after go-live.

Additional strategies for tech project success

Ultimately, 10 is an arbitrary number. There are more non-tech strategies you can deploy to achieve tech project success. And of course, there are some tech-specific approaches you should know. If you would like to discuss these strategies—and the concrete tactics your organization can use to implement them on a day-to-day basis—please reach out to me.

10 non-tech strategies for tech project success