In October 2001, the state awarded the contract to CNSI, giving the company 12 months to build and deploy a new high-end processing system by the HIPAA deadline of October 1, 2002. As head of procurement, Thompson signed off on the contract.

Almost immediately, it became evident that the state was not going to meet the deadline. To begin with, the 65-person team composed of DHS IT staffers and CNSI representatives assigned to the project had difficulty securing time with the dozen Medicaid experts in the Bureau of Medical Services to get detailed information about how to code for Medicaid rules. As a result, the contractors had to make their own decisions on how to meet Medicaid requirements. And then they had to reprogram the system after consulting with a Medicaid expert, further slowing development.

The system also was designed to look at claims in more detail than the old system in order to increase the accuracy of payments and comply with HIPAA security requirements. The legacy system checked three basic pieces of information: that the provider was in the system, the eligibility of the patient and whether the service was covered. The new system checked 13 pieces, such as making sure the provider was authorized to perform that service on the date the service was provided, and the provider's licence. "There were a lot more moving parts," Thompson explains.

Looking back, Thompson says the DHS team was seriously understaffed. But Thompson says he was afraid to ask for more resources. "That is a significant problem in government," Thompson says. "If I say I need 60 to 70 percent more staff because we need to work this project for two years, the response would be: 'What, are you crazy?' So, we just couldn't make the turnaround times."

In late 2002, just months away from the HIPAA deadline, the DHS team got a reprieve. The federally run Centre for Medicare and Medicaid Services pushed back the deadline to October 1, 2003.

For the next two years, CNSI and Maine's DHS IT shop worked long hours writing code. Errors kept cropping up as programmers had to reprogram the system to accept Medicaid rule changes at the federal and state levels. The changes created integration problems. The developers also had to add more storage capacity and computing power to accommodate the increase in information generated by the new rules, and that further delayed the development.

In January 2003, John Baldacci was inaugurated governor. One of Baldacci's campaign promises was to streamline state government, and part of the plan called for merging Maine's Department of Behavioural and Developmental Services with the Department of Human Services to create the Department of Health and Human Services (HHS). That meant consolidating systems and databases that had resided in both departments and creating new business processes, diverting crucial resources from the development of the claims system. Thompson says the merger also diverted executives' attention. Meanwhile, the cost of the project rose, increasing 50 percent to more than $US22 million.

The IT staff could not meet the extended HIPAA deadline. In an attempt to catch up, they began to cut corners. For example, testing the system from end to end was dismissed as an option. The state did conduct a pilot with about 10 providers and claims clearinghouses, processing a small set of claims. But the claims were not run through much of the system because it was not ready for testing. Beyond a few fliers announcing the new system and new provider ID codes, HHS offered little or no guidance to providers on the use of the system. And there was no training for the staff who would have to answer providers' questions.

"We kept saying: 'Gosh, let's keep our head down; we can work through this'," Thompson recalls. Instead, he acknowledges, he and other top officials should have taken a step back and analyzed the risks that the new system might pose for the state's Medicaid providers and their patients.