Protecting confidential business and patient information is more than just best practice. Breaches at health-care organizations open them to the risk of financial penalties imposed by the federal government, lawsuits, and immeasurable damage to reputations, including being listed on the Department of Health and Human Services’s public list for organizations with breaches exceeding 500 records.
In addition to multi-layered firewalls, intrusion prevention systems, and web filters, UMC implemented extensive staff training. Instruction revolves around real-world events and home cybersecurity. “We created a culture of awareness that makes security relevant and personal,” Akeroyd says. “It encourages staff to use good practices at home and work. You can implement the perfect security technology, but if staff isn’t taking steps to mitigate risk, it’s useless.”
To assess the effectiveness of the training, the IT department sent a series of four phishing emails to UMC staff with enticements to click on various links. As the trial progressed, fewer and fewer of the links were accessed and more and more recipients reported the suspicious emails.
Learn more about cybersecurity prevention and response in the legal and IT fields with a white paper from Sync titled The General Counsel’s Guide to Digital Defense. The Legal Side of Cybersecurity. Click below to download this complimentary industry insight report.
Recipients clicked links in UMC’s first phishing email
Recipients clicked links on the organization’s fourth
Sharing information via SMS text messaging is convenient, but unsecure. Because it has become the default mode of communication for many people, UMC needed to find a way to provide a text platform that still met security requirements. To be effective, it would also need to have the same look, feel, and ease-of-use that users have come to expect from personal text applications.
An application that encrypts communications and tracks and monitors the delivery process was identified. As with UMC’s cybersecurity initiative, launch of the application emphasized staff education. Training focused on making physicians and nurses aware of the importance of communicating exclusively through the secure channel as well as their own accountability in maintaining its integrity.
The transition to the encrypted application was slow at first, but internal unit coordinators, who administer information and coordinate patient care between clinicians, became early adopters. “Once the coordinators started initiating conversations using the application, that got the ball rolling,” Akeroyd says. “They even started redirecting ‘inappropriate’ communications to the secure channel.”
Secure system coverage at Texas Tech, for which UMC is the teaching hospital
Current registered users
VIRTUAL DESKTOP DEPLOYMENT
After deploying a new electronic health record (EHR) system, University Medical Center Health System (UMC), in Lubbock, Texas, needed to create a virtual computing environment to extract value from the new records system and, therefore, qualify for associated Medicare and Medicaid incentive funds. The virtualized environment needed to preserve digital security, integrate mobile devices, and provide nearly instantaneous access and rock-solid reliability.
Because no single application can provide all the required capabilities and features UMC needed, numerous components were layered together to handle administration, authentication and other critical system functions using an on-premises cloud. This system provides access while putting security in the hands of an IT administrator. It also integrates with a separate program for managing radiological imaging.
When clinicians log in, they see a virtual re-creation of their desktops and can access real-time status updates of EHRs within ten seconds. EHRs can also be viewed through remote access portals, enabling instant status updates anytime and anywhere with an Internet connection. Akeroyd predicts user volume will double by the summer of 2016.
Virtual desktop availability for UMC’s thirty remote clinics
Virtual desktop availability from in-patient beds
Concurrent users per day
Unique users per day
Months needed for 90 percent of the hospital facility to be covered by virtual deployment
NURSE CALL SYSTEM
In 2013, UMC was using four different nurse call systems. The system allowed patients to request assistance and alerted medical and security staff to emergency situations. But the four systems were inefficient and unable to support the latest innovations in clinical care.
Akeroyd’s team redesigned the existing architecture to provide a single, standardized call system. This allows for more streamlined maintenance and ensures that all areas of the hospital have access to the same clinical features and capabilities.
The new system is able to locate nursing staff in any unit in the hospital through radio frequency identification, and can also integrate with EHRs, automatically tracking real-time patient status. For example, if a patient presents a risk of falling, the system can monitor the position of bed rails or alert staff if the patient has left the bed. “We can now get real-time information and respond much faster to any adverse situation that impacts patient care,” Akeroyd says.
UMC’s patient satisfaction rate in 2014, which is expected to rise because of this system