Saad Chaudhry, Associate Chief Information Officer and Executive Director, Anne Arundel Medical Center
The challenge for CIOs in today’s world of network-enabled micro-computing devices is two-fold: the need for information access coupled with airtight security and privacy. In healthcare, the need to push our boundaries of medical data sharing, information transparency and system interoperability—while maintaining the highest levels of cybersecurity and protecting sensitive health information—has never been more apparent than now.
"With most organizations moving to a BYOD model for staff and patients, higher-level network architecture becomes pivotal"
With the onset of IoT (Internet of Things), bio-medical devices are becoming network enabled as well. And most device implementations now assume integration with hospitals’ local EHR (Electronic Health Record) systems, allowing them the ability to feed data directly into the aforementioned. This, of course, adds a layer of complexity for the IT infrastructure. Secure, segmented networks must be architected specifically for clinical devices, along with strict device management policies and tools. Data integration in itself is no small task. With a wide variety of protocols and standards in the industry, it requires a dedicated integration team with a broad spectrum of capabilities just for the devices, but also for the larger information systems as a whole.
Device management in general, however, does not stop with hospitals’ biomed departments. With most organizations moving to a BYOD (Bring Your Own Device) model for staff and patients, higher-level network architecture becomes pivotal. It calls for layered and segmented networks for employees using their own devices to access web and organization systems, while allowing for firewalled internet access for patients and families. This requires not just modern hardware (switches, access points, controllers, firewalls, etc.) but also organizational policies to govern usage.
All the access and networks in the world won’t help you, however, if your cybersecurity policies, technology and training aren’t up to snuff. Modern-day healthcare organizations are a constant target for cyberattacks. From phishing attempts to ransomware, it is no longer enough to just have a firewall and update it once in a while. Information security staff must continuously run active scans, test for and fix gaps in their own perimeter defenses, do educational campaigns, and simulate cyberattacks across their organization to gauge readiness.
The healthcare industry is changing. Our tech must evolve with it. As the popularity of consumer-driven services grows, from health plans to urgent care centers, our technical capabilities to allow for instant and up-to-date health data access for both the provider and the patient must also metamorphose. We must allow for more access and more data transparency without creating barriers for care or leaving ourselves open to cyber intrusion. And we must do this all quickly, to keep up with the changing times. After all, the complexity of securing our current health-tech ecosphere pales in comparison to what we will soon face with the proliferation of medical implants and vital trackers and their eventual integration into everyone’s Personal Health Records.