Security Solutions in Healthcare: Case Studies - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Security Solutions in Healthcare: Case Studies

Description:

Minimizes risk of unauthorized activity/access to EHRs ... Enables wide-ranging access to EHRs - within a structured risk control ... – PowerPoint PPT presentation

Number of Views:75
Avg rating:3.0/5.0
Slides: 17
Provided by: karenc59
Category:

less

Transcript and Presenter's Notes

Title: Security Solutions in Healthcare: Case Studies


1
Security Solutions in Healthcare Case Studies
Rosa Caputo Managing Director KeyData
Associates Inc. Toronto, Ontario October 5, 2005
2
Background
CA
  • Worlds fourth-largest independent software
    vendor
  • The global leader in identity and access
    management security with 20 world-wide market
    share (Ref IDC Aug/05)
  • More than 15,000 employees in over 50 countries
  • Market cap approximately 60 billion
  • Revenues gt 3 billion
  • 1,200 software solutions
  • Scalable, open, standards-based solutions
  • eTrust security solutions solutions endorsed by
    AHA for HIPAA compliance
  • SC Magazine Global Award 2005 for Best
    Security Solution for Healthcare

Solutions
Source Principal interview, kindergarten teacher
interview
3
Security and Privacy
  • Paramount to realizing Canadas EHR Vision
  • Enabler for
  • Enhanced quality of care and patient safety
  • Improved access to health services
  • Improved efficiency of healthcare services
  • Vital to ensuring integrity, confidentiality and
    continuous availability of electronic health
    records (EHRs)
  • Addresses privacy concerns associated with highly
    accessible personal health information
  • Minimizes risk of unauthorized activity/access to
    EHRs
  • Builds trust essential for widespread adoption

Why Security and Privacy
Source Principal interview, kindergarten teacher
interview
4
Security and Privacy
Why Security and Privacy
  • Paramount to realizing Canadas EHR Vision
  • Enables wide-ranging access to EHRs - within a
    structured risk control/management framework
    which addresses
  • people, process, technology
  • eg. staff training, access controls, event
    logging, active monitoring/ response, risk
    assessment processes, culture, tone-at-top
  • regulatory requirements across jurisdictions
  • all networks, systems, data and user repositories
  • consistency and repeatability of control
    processes
  • Framework must be
  • uniformly applied across spectrum
  • auditable
  • top-down

Source Principal interview, kindergarten teacher
interview
5
Security and Privacy
Deployment Considerations
  • Access control to many applications, varying
    identities
  • Federated trust models
  • Technology incompatibility
  • Errors and omissions
  • Staff training
  • Varying jurisdictional privacy regulations
  • Wireless security
  • Scalability millions of users
  • Uninterrupted, continuous availability of
    facilities

Source Principal interview, kindergarten teacher
interview
6
HIMSS Survey
7
TODAYS DISCUSSION
Agenda
  • Health Care Sector Case Studies
  • Saskatchewans Health Information Solution Centre
  • Franciscan Missionaries of Our Lady Health
    Systems
  • REX Healthcare

8
Saskatchewans Health Information Solution Centre
Background
  • Branch of Saskatchewan Health Ministry
  • Province wide mandate to assist health regions in
    integrating health service delivery across the
    province
  • Integrate network infrastructure and clinical
    applications
  • Facilitate access to electronic health
    information
  • Issue ER physician and pharmacist PIP
    registration took 3 hours of admin labour and 2-3
    weeks elapsed time
  • Implementation of multi-phased EHR initiatives
  • Process inefficiency
  • Insufficient admin resources creating bottleneck
  • Physician/pharmacist frustration
  • Less than optimal patient care (drug interactions
    and medical errors)

Drivers
Source Principal interview, kindergarten teacher
interview
9
Saskatchewans Health Information Solution Centre
  • Implemented online self-registration process and
    automated user provisioning to pharmacy
    application
  • Within 1 hour of dispensing, data enters online
    pharmacy system
  • Pharmacist scans online drug profile to look for
    drug interactions or misuse before dispensing the
    drug
  • As part of triage at Hospital ER, physician also
    checks online drug profile of patient
  • Currently 46 pharmacies and hospitals ERs in
    Regina and Saskatoon (3,000 users)
  • First phase of multi-phased EHR initiatives
  • Next phases are physician online order/entry
    system diagnostic imaging and lab tests for
    patients followed by prescription medication
  • CA Solutions eTrust SiteMinder, eTrust
    IdentityMinder, eTrust Admin

Solution
Source Principal interview, kindergarten teacher
interview
10
Saskatchewans Health Information Solution Centre
  • Reduced service desk calls for account creation
    and password resets
  • Improved operational efficiencies through reduced
    admin costs and reduced development costs
  • Improved service level to physicians and
    pharmacists from 2-3 weeks to 2-3 minutes
  • Enhanced health care delivery and improved
    patient care
  • Ease of access to other web-based applications

Benefits
Source Principal interview, kindergarten teacher
interview
11
Franciscan Missionaries of Our Lady Health Systems
Environment
  • Four Non-Profit Hospitals in Louisianna
  • St. Francis Medical Center in Monroe
  • Our Lady of the Lake Regional Center in Baton
    Rouge
  • Our Lady of Lourdes Regional Centre in Lafayette
  • St. Elizabeth Hospital in Gonzales
  • Over 50,000 in-patients and 400,000 out-patients
    treated annually
  • 10,000 employees
  • PACS, CPOE, EMR, wireless networks, dozens of
    online clinical applications
  • Improve patient care
  • Improve physician retention
  • HIPAA compliance
  • Efficiency improvements in admin processes and
    help desk calls

Drivers
Source Principal interview, kindergarten teacher
interview
12
Franciscan Missionaries of Our Lady Health Systems
Solution
  • Physicians given single sign-on solution for
    access to all web and non-web based clinical
    applications and electronic patient data
  • Physicians given secure access to patient data
    from any device and ability to suspend sessions
    securely eg. Nursing workstations, doctors
    office, wireless Point of Care
  • Automated processes for provisioning/de-provisioni
    ng of users
  • More granular levels of access control to
    implement segregation of duties
  • CA technology solutions implemented
  • eTrust Admin
  • eTrust Single Sign-on
  • eTrust Access Control
  • Ease of access to many clinical applications from
    anywhere
  • Improved patient care
  • Reduced medical errors, improved patient safety
  • Improved operational efficiencies
  • Increased physician satisfaction

Benefits
Source Principal interview, kindergarten teacher
interview
13
REX Healthcare
Environment
  • Private, not-for-profit healthcare system,
    Raleigh NC
  • Part of University of North Carolina Healthcare
    System
  • Services acute care, cancer centre, family
    birth centre,
  • surgery centres, convalescent care centres,
    heart and vascular and wellness centres and more
  • 22,00 inpatients annually
  • 3,500 employees
  • Windows, AIX, and Java-based platforms
  • Dozens of healthcare applications
  • Implementation of digital imaging for diagnostics
    eg. X-ray, U/S, etc. for improved patient care
  • Implementation of computerized physician
    order/entry system to reduce medical errors

Source Principal interview, kindergarten teacher
interview
14
REX Healthcare
  • Regulatory compliance (HIPAA)
  • Confidentiality, integrity and availability of
    electronic health information
  • Physician encumbered by too many user-ids/
    passwords
  • Concerns with data integrity due to computer
    viruses and malicious threats
  • Security of health information with the rapid
    growth of wireless use by physicians and nurses

Drivers
Source Principal interview, kindergarten teacher
interview
15
REX Healthcare
Solution
  • Implemented single sign-on solution for
    physicians and healthcare workers for single
    point of access to vital patient data
  • Automated user provisioning/de-provisioning of
    users for quick access to patient data
  • Improved event logging and automated violation
    notifications
  • Anti-virus software with 24X7 updates and support
  • CA technology implemented eTrust Admin, eTrust
    SiteMinder, eTrust Access Control, eTrust
    Security Command Centre
  • Convenient access by healthcare works to online
    applications and patient data
  • Improved quality of patient care
  • Improved operational efficiency and reduced help
    desk calls
  • Improved physician satisfaction
  • Enhanced systems security automated real time
    alerts and notification of policy violations and
    systems exposures

Benefits
Source Principal interview, kindergarten teacher
interview
16
  • Questions
  • Rosa Caputo
  • rosa.caputo_at_keydata.ca
  • 416 614-3259
Write a Comment
User Comments (0)
About PowerShow.com