Title: Security Solutions in Healthcare: Case Studies
1Security Solutions in Healthcare Case Studies
Rosa Caputo Managing Director KeyData
Associates Inc. Toronto, Ontario October 5, 2005
2Background
CA
- Worlds fourth-largest independent software
vendor - The global leader in identity and access
management security with 20 world-wide market
share (Ref IDC Aug/05) - More than 15,000 employees in over 50 countries
- Market cap approximately 60 billion
- Revenues gt 3 billion
- 1,200 software solutions
- Scalable, open, standards-based solutions
- eTrust security solutions solutions endorsed by
AHA for HIPAA compliance - SC Magazine Global Award 2005 for Best
Security Solution for Healthcare
Solutions
Source Principal interview, kindergarten teacher
interview
3Security and Privacy
- Paramount to realizing Canadas EHR Vision
- Enabler for
- Enhanced quality of care and patient safety
- Improved access to health services
- Improved efficiency of healthcare services
- Vital to ensuring integrity, confidentiality and
continuous availability of electronic health
records (EHRs) - Addresses privacy concerns associated with highly
accessible personal health information - Minimizes risk of unauthorized activity/access to
EHRs - Builds trust essential for widespread adoption
Why Security and Privacy
Source Principal interview, kindergarten teacher
interview
4Security and Privacy
Why Security and Privacy
- Paramount to realizing Canadas EHR Vision
- Enables wide-ranging access to EHRs - within a
structured risk control/management framework
which addresses - people, process, technology
- eg. staff training, access controls, event
logging, active monitoring/ response, risk
assessment processes, culture, tone-at-top - regulatory requirements across jurisdictions
- all networks, systems, data and user repositories
- consistency and repeatability of control
processes - Framework must be
- uniformly applied across spectrum
- auditable
- top-down
Source Principal interview, kindergarten teacher
interview
5Security and Privacy
Deployment Considerations
- Access control to many applications, varying
identities - Federated trust models
- Technology incompatibility
- Errors and omissions
- Staff training
-
- Varying jurisdictional privacy regulations
- Wireless security
- Scalability millions of users
- Uninterrupted, continuous availability of
facilities -
Source Principal interview, kindergarten teacher
interview
6HIMSS Survey
7TODAYS DISCUSSION
Agenda
- Health Care Sector Case Studies
- Saskatchewans Health Information Solution Centre
- Franciscan Missionaries of Our Lady Health
Systems - REX Healthcare
8Saskatchewans Health Information Solution Centre
Background
- Branch of Saskatchewan Health Ministry
- Province wide mandate to assist health regions in
integrating health service delivery across the
province - Integrate network infrastructure and clinical
applications - Facilitate access to electronic health
information - Issue ER physician and pharmacist PIP
registration took 3 hours of admin labour and 2-3
weeks elapsed time - Implementation of multi-phased EHR initiatives
- Process inefficiency
- Insufficient admin resources creating bottleneck
- Physician/pharmacist frustration
- Less than optimal patient care (drug interactions
and medical errors)
Drivers
Source Principal interview, kindergarten teacher
interview
9Saskatchewans Health Information Solution Centre
- Implemented online self-registration process and
automated user provisioning to pharmacy
application - Within 1 hour of dispensing, data enters online
pharmacy system - Pharmacist scans online drug profile to look for
drug interactions or misuse before dispensing the
drug - As part of triage at Hospital ER, physician also
checks online drug profile of patient - Currently 46 pharmacies and hospitals ERs in
Regina and Saskatoon (3,000 users) - First phase of multi-phased EHR initiatives
- Next phases are physician online order/entry
system diagnostic imaging and lab tests for
patients followed by prescription medication -
- CA Solutions eTrust SiteMinder, eTrust
IdentityMinder, eTrust Admin
Solution
Source Principal interview, kindergarten teacher
interview
10Saskatchewans Health Information Solution Centre
- Reduced service desk calls for account creation
and password resets - Improved operational efficiencies through reduced
admin costs and reduced development costs - Improved service level to physicians and
pharmacists from 2-3 weeks to 2-3 minutes - Enhanced health care delivery and improved
patient care - Ease of access to other web-based applications
Benefits
Source Principal interview, kindergarten teacher
interview
11Franciscan Missionaries of Our Lady Health Systems
Environment
- Four Non-Profit Hospitals in Louisianna
- St. Francis Medical Center in Monroe
- Our Lady of the Lake Regional Center in Baton
Rouge - Our Lady of Lourdes Regional Centre in Lafayette
- St. Elizabeth Hospital in Gonzales
- Over 50,000 in-patients and 400,000 out-patients
treated annually - 10,000 employees
- PACS, CPOE, EMR, wireless networks, dozens of
online clinical applications - Improve patient care
- Improve physician retention
- HIPAA compliance
- Efficiency improvements in admin processes and
help desk calls
Drivers
Source Principal interview, kindergarten teacher
interview
12Franciscan Missionaries of Our Lady Health Systems
Solution
- Physicians given single sign-on solution for
access to all web and non-web based clinical
applications and electronic patient data - Physicians given secure access to patient data
from any device and ability to suspend sessions
securely eg. Nursing workstations, doctors
office, wireless Point of Care - Automated processes for provisioning/de-provisioni
ng of users - More granular levels of access control to
implement segregation of duties - CA technology solutions implemented
- eTrust Admin
- eTrust Single Sign-on
- eTrust Access Control
- Ease of access to many clinical applications from
anywhere - Improved patient care
- Reduced medical errors, improved patient safety
- Improved operational efficiencies
- Increased physician satisfaction
Benefits
Source Principal interview, kindergarten teacher
interview
13REX Healthcare
Environment
- Private, not-for-profit healthcare system,
Raleigh NC - Part of University of North Carolina Healthcare
System - Services acute care, cancer centre, family
birth centre, - surgery centres, convalescent care centres,
heart and vascular and wellness centres and more - 22,00 inpatients annually
- 3,500 employees
- Windows, AIX, and Java-based platforms
- Dozens of healthcare applications
- Implementation of digital imaging for diagnostics
eg. X-ray, U/S, etc. for improved patient care - Implementation of computerized physician
order/entry system to reduce medical errors -
Source Principal interview, kindergarten teacher
interview
14REX Healthcare
- Regulatory compliance (HIPAA)
- Confidentiality, integrity and availability of
electronic health information -
- Physician encumbered by too many user-ids/
passwords - Concerns with data integrity due to computer
viruses and malicious threats - Security of health information with the rapid
growth of wireless use by physicians and nurses -
Drivers
Source Principal interview, kindergarten teacher
interview
15REX Healthcare
Solution
- Implemented single sign-on solution for
physicians and healthcare workers for single
point of access to vital patient data - Automated user provisioning/de-provisioning of
users for quick access to patient data - Improved event logging and automated violation
notifications - Anti-virus software with 24X7 updates and support
- CA technology implemented eTrust Admin, eTrust
SiteMinder, eTrust Access Control, eTrust
Security Command Centre - Convenient access by healthcare works to online
applications and patient data - Improved quality of patient care
- Improved operational efficiency and reduced help
desk calls - Improved physician satisfaction
- Enhanced systems security automated real time
alerts and notification of policy violations and
systems exposures
Benefits
Source Principal interview, kindergarten teacher
interview
16- Questions
- Rosa Caputo
- rosa.caputo_at_keydata.ca
- 416 614-3259