Security Solutions in Healthcare: Case Studies

1
Security Solutions in Healthcare Case Studies
Rosa Caputo Managing Director KeyData
Associates Inc. Toronto, Ontario October 5, 2005
2
Background
CA

• Worlds fourth-largest independent software
  vendor
• The global leader in identity and access
  management security with 20 world-wide market
  share (Ref IDC Aug/05)
• More than 15,000 employees in over 50 countries
• Market cap approximately 60 billion
• Revenues gt 3 billion
• 1,200 software solutions
• Scalable, open, standards-based solutions
• eTrust security solutions solutions endorsed by
  AHA for HIPAA compliance
• SC Magazine Global Award 2005 for Best
  Security Solution for Healthcare

Solutions
Source Principal interview, kindergarten teacher
interview
3
Security and Privacy

• Paramount to realizing Canadas EHR Vision
• Enabler for
• Enhanced quality of care and patient safety
• Improved access to health services
• Improved efficiency of healthcare services
• Vital to ensuring integrity, confidentiality and
  continuous availability of electronic health
  records (EHRs)
• Addresses privacy concerns associated with highly
  accessible personal health information
• Minimizes risk of unauthorized activity/access to
  EHRs
• Builds trust essential for widespread adoption

Why Security and Privacy
Source Principal interview, kindergarten teacher
interview
4
Security and Privacy
Why Security and Privacy

• Paramount to realizing Canadas EHR Vision
• Enables wide-ranging access to EHRs - within a
  structured risk control/management framework
  which addresses
• people, process, technology
• eg. staff training, access controls, event
  logging, active monitoring/ response, risk
  assessment processes, culture, tone-at-top
• regulatory requirements across jurisdictions
• all networks, systems, data and user repositories
• consistency and repeatability of control
  processes
• Framework must be
• uniformly applied across spectrum
• auditable
• top-down

Source Principal interview, kindergarten teacher
interview
5
Security and Privacy
Deployment Considerations

• Access control to many applications, varying
  identities
• Federated trust models
• Technology incompatibility
• Errors and omissions
• Staff training
• Varying jurisdictional privacy regulations
• Wireless security
• Scalability millions of users
• Uninterrupted, continuous availability of
  facilities

Source Principal interview, kindergarten teacher
interview
6
HIMSS Survey
7
TODAYS DISCUSSION
Agenda

• Health Care Sector Case Studies
• Saskatchewans Health Information Solution Centre
• Franciscan Missionaries of Our Lady Health
  Systems
• REX Healthcare

8
Saskatchewans Health Information Solution Centre
Background

• Branch of Saskatchewan Health Ministry
• Province wide mandate to assist health regions in
  integrating health service delivery across the
  province
• Integrate network infrastructure and clinical
  applications
• Facilitate access to electronic health
  information
• Issue ER physician and pharmacist PIP
  registration took 3 hours of admin labour and 2-3
  weeks elapsed time
• Implementation of multi-phased EHR initiatives
• Process inefficiency
• Insufficient admin resources creating bottleneck
  
• Physician/pharmacist frustration
• Less than optimal patient care (drug interactions
  and medical errors)

Drivers
Source Principal interview, kindergarten teacher
interview
9
Saskatchewans Health Information Solution Centre

• Implemented online self-registration process and
  automated user provisioning to pharmacy
  application
• Within 1 hour of dispensing, data enters online
  pharmacy system
• Pharmacist scans online drug profile to look for
  drug interactions or misuse before dispensing the
  drug
• As part of triage at Hospital ER, physician also
  checks online drug profile of patient
• Currently 46 pharmacies and hospitals ERs in
  Regina and Saskatoon (3,000 users)
• First phase of multi-phased EHR initiatives
• Next phases are physician online order/entry
  system diagnostic imaging and lab tests for
  patients followed by prescription medication
• CA Solutions eTrust SiteMinder, eTrust
  IdentityMinder, eTrust Admin

Solution
Source Principal interview, kindergarten teacher
interview
10
Saskatchewans Health Information Solution Centre

• Reduced service desk calls for account creation
  and password resets
• Improved operational efficiencies through reduced
  admin costs and reduced development costs
• Improved service level to physicians and
  pharmacists from 2-3 weeks to 2-3 minutes
• Enhanced health care delivery and improved
  patient care
• Ease of access to other web-based applications

Benefits
Source Principal interview, kindergarten teacher
interview
11
Franciscan Missionaries of Our Lady Health Systems
Environment

• Four Non-Profit Hospitals in Louisianna
• St. Francis Medical Center in Monroe
• Our Lady of the Lake Regional Center in Baton
  Rouge
• Our Lady of Lourdes Regional Centre in Lafayette
• St. Elizabeth Hospital in Gonzales
• Over 50,000 in-patients and 400,000 out-patients
  treated annually
• 10,000 employees
• PACS, CPOE, EMR, wireless networks, dozens of
  online clinical applications
• Improve patient care
• Improve physician retention
• HIPAA compliance
• Efficiency improvements in admin processes and
  help desk calls

Drivers
Source Principal interview, kindergarten teacher
interview
12
Franciscan Missionaries of Our Lady Health Systems
Solution

• Physicians given single sign-on solution for
  access to all web and non-web based clinical
  applications and electronic patient data
• Physicians given secure access to patient data
  from any device and ability to suspend sessions
  securely eg. Nursing workstations, doctors
  office, wireless Point of Care
• Automated processes for provisioning/de-provisioni
  ng of users
• More granular levels of access control to
  implement segregation of duties
• CA technology solutions implemented
• eTrust Admin
• eTrust Single Sign-on
• eTrust Access Control
• Ease of access to many clinical applications from
  anywhere
• Improved patient care
• Reduced medical errors, improved patient safety
• Improved operational efficiencies
• Increased physician satisfaction

Benefits
Source Principal interview, kindergarten teacher
interview
13
REX Healthcare
Environment

• Private, not-for-profit healthcare system,
  Raleigh NC
• Part of University of North Carolina Healthcare
  System
• Services acute care, cancer centre, family
  birth centre,
• surgery centres, convalescent care centres,
  heart and vascular and wellness centres and more
• 22,00 inpatients annually
• 3,500 employees
• Windows, AIX, and Java-based platforms
• Dozens of healthcare applications
• Implementation of digital imaging for diagnostics
  eg. X-ray, U/S, etc. for improved patient care
• Implementation of computerized physician
  order/entry system to reduce medical errors

Source Principal interview, kindergarten teacher
interview
14
REX Healthcare

• Regulatory compliance (HIPAA)
• Confidentiality, integrity and availability of
  electronic health information
• Physician encumbered by too many user-ids/
  passwords
• Concerns with data integrity due to computer
  viruses and malicious threats
• Security of health information with the rapid
  growth of wireless use by physicians and nurses

Drivers
Source Principal interview, kindergarten teacher
interview
15
REX Healthcare
Solution

• Implemented single sign-on solution for
  physicians and healthcare workers for single
  point of access to vital patient data
• Automated user provisioning/de-provisioning of
  users for quick access to patient data
• Improved event logging and automated violation
  notifications
• Anti-virus software with 24X7 updates and support
  
• CA technology implemented eTrust Admin, eTrust
  SiteMinder, eTrust Access Control, eTrust
  Security Command Centre
• Convenient access by healthcare works to online
  applications and patient data
• Improved quality of patient care
• Improved operational efficiency and reduced help
  desk calls
• Improved physician satisfaction
• Enhanced systems security automated real time
  alerts and notification of policy violations and
  systems exposures

Benefits
Source Principal interview, kindergarten teacher
interview
16

• Questions
• Rosa Caputo
• rosa.caputo_at_keydata.ca
• 416 614-3259