Tuesday, March 11, 2008

Update on the 2008 Keep Me Awake Projects

Now that Spring is around the corner, it's time for an update on the "keep me awake at night projects" for 2008. Here's the first quarter progress on these 10 challenging issues:

1. Electronic Health Records for non-owned doctors - We've spent the first few months of 2008 planning the project, refining the budget, building partnerships, and establishing project management. I believe this extra up front time (and investment) will enhance our likelihood of success and avoid major time/budget overruns in the future. Each week I post a blog entry about some aspect of this project and the entire 11 article "pre-golive" series will be done by April. We're on track for a pilot this Summer, but there are still many unknowns because few hospitals in the US have offered Software as a Service Electronic Health Records to their non-owned clinicians. This project will still keep me up at night until our pilot sites are completed and we've secured all the funding needed for full production rollout.

2. Storage as a utility - After a 2 year journey, we've completed our storage as a utility designs, creating 3 tiers of storage using EMC SAN, SATA NAS, Data Domain de-duplication storage and Acopia file virtualization. I am now confident that we can store, archive, backup and retrieve the institution's data in two geographically distant data centers, providing the rapid recovery times mandated by our disaster recovery plan. I can remove this issue from my keep awake list.

3. e-Prescribing - BIDMC recently completed its latest release of e-Prescribing functionality within our home-built enterprise ambulatory electronic health record. Now a clinician can view payer formularies, retrieve community drug history with allergy/drug interaction checking, do medication reconciliation , route prescriptions to retail/mail order pharmacies and check patient insurance eligibility while writing for a medication. This leverages the state-wide electronic prescribing gateway built by MA-Share which connects payers, pharmacies, RxHub, Surescripts, and providers. In early March, Massachusetts was recognized as the number one e-Prescriber in the country . Although I will work very hard to continue the rollout and adoption of ePrescribing in Massachusetts, I can remove this issue from the keep awake list.

4. Data sharing for clinical care among a community of caregivers - We've recently gone live with the notion of pushing standards-based clinical summaries among caregivers throughout the state . This early stage is a pilot and although it has been technologically successful, the real success will be increasing the number of providers and hospitals using it. This keep awake project has gone from a technology issue to an education/communication issue, building a community of users sending summaries for patient care coordination. It's still on my list.

5. Security - Security will always be on my keep awake list. Over the first quarter of 2008, we've implemented a pilot of host-based intrusion detection from Third Brigade. The idea is that we have software running on each server which prevents common attacks such as buffer overflow, cross-server scripting and SQL Injection. This adds a layer of protection that defends us against attacks even if the operating system or application is vulnerable. Our plan is to rollout this technology throughout the data center and eventually across all our desktops. As fast as we innovate, hackers and spammers innovate, so we'll vigilantly keep adding more security projects every year.

6. RFID and Bar coding - We recently completed our enterprise rollout of Cisco Location Based Services and Pango Networks active RFID tags for tracking mobile assets such as wheelchairs, IV pumps, and EKG machines. Today we have about 350 tagged assets and recently acquired 900 tags to deploy in the upcoming weeks. Our FY08 operating budget includes an additional 500 tags to be purchased by the end of September. For bar coding, we recently completed our pay for performance goal of a bar coded wrist band on every ED/inpatient/ambulatory surgery patient and by June we will have bar coded our unit dose medications, enabling us to develop an electronic medication administration record (eMAR) system by next year. Once that eMAR system is live, I will remote this one from my keep awake list.

7. Providing decision support - I recently provided an update on our Performance Measurement activities and Decision Support tools . The keep me awake portion of this is our upcoming demonstration of secure, deidentified, data sharing for decision support and clinical research across all the Harvard hospitals as part of the Clinical Translational Science Awards (CTSA) program of NIH. This effort requires us to obtain IRB approval from several Harvard hospitals, build standards-based middleware layer, and create an easy to use graphical tool for data browsing. No patient identified data will be involved, but the technology, policy, and organizational challenges needed to go live by July 1 will keep me awake.

8. Compliance requirements for revenue cycle workflows - Every day new compliance requirements add more projects to the IT department. Recently I was asked if all our applications are Payment Card Industry (PCI) compliant. The good news is that we do not store credit card data on hospital systems, we only have secure credit card transactions running over our networks to third party firms. Without persistent credit card data, our exposure to fraud is lessened. Over the first quarter, we've added more electronic data interchange transactions via our NEHEN gateway, enhanced our coding software/interfaces, and provided all the necessary data to meet our state/federal reporting obligations. Thus, for the moment, I feel good about our compliance and it is not keeping me awake.

9. Internal and external websites - We've been hard at work implementing a new web content management system and I am confident that in 2008 we will launch our new external and internal websites. There is a great deal of work to do to transition from static HTML pages and our home built content management system, so this one stays on the awake list until Fall.

10. Disaster recovery - We've made substantial progress with our disaster recovery efforts and we now have our most mission critical systems backed up by a redundant data center. Just as security is journey, so is disaster recovery. The entire plan, our progress, and our phasing for the future is outlined in this presentation. Although disaster recovery will always be on the awake list, I can rest a bit more knowing that our major clinical systems are not only redundant within a data center, they are redundant across two data centers.

So the report card on the first quarter is that a few of the keep me awake projects are off the list, and a few more will be off the list by Summer and Fall. As long as we are making forward progress on all these items, I'm happy, since the trajectory is more important than our position on any given day.


Cocktails and High Heels said...

Hi John,

You mentioned ongoing security concerns. Do you use any virtualization in your data center? And if so, are you more concerned about the security of physical machines than virtual machines?

John Halamka said...

We have 140 physical servers running VMWare to create over 200 virtual servers. Third Brigade's Host Based Intrusion Protection keeps our Hypervisor safe.