IT Delivers Value to Both Patients and Doctors

By David S. Finn  |  Posted 2008-06-26

Recognized for its expertise and developments in clinical care and research, Houston-based Texas Children’s Hospital operates the nation’s largest pediatric care network, serving more than one-and-a-half million children a year. The hospital recently embarked on a $1.5 billion expansion, which includes a neurological research institute, a maternity center and a new West Campus hospital.

As it expands its facilities, Texas Children’s Hospital depends on Vice President and CIO David Finn and his team of 290 IT professionals to ensure the availability, security and privacy of the hospital’s information assets. The way Finn sees it, at the end of every computing device and process at the hospital is a sick child in need of the best, most responsive medical care available. Finn discusses how his team and their technology partners provide the IT infrastructure to help meet that need.

For many organizations, determining the value of an IT initiative, infrastructure or service is measured in dollars. The goals are to increase efficiency, eliminate downtime and maximize the value of existing investments, and to meet other business metrics.

In the health care industry—particularly pediatrics—the value of IT is also measured in the quality of care it enables. As a result, our IT professionals must be aligned with the business of caregiving. After all, if we do not understand our caregivers’ needs, how can we expect to help meet them?

We must also be able to articulate the value of our initiatives in terms that caregivers and patients understand—using the language they live and breathe every day. As IT aligns more closely with the business of caregiving, we are able to present technology-based options that deliver value to patients, physicians and other stakeholders.

Ensuring Uninterrupted Care

We are currently completing Texas Children’s Hospital’s largest software implementation to date, thanks in large part to the collaborative efforts of a wide range of stakeholders and partners. At the center of the initiative is Epic Systems’ software, a massive system that’s used by almost everyone in the hospital network. In fact, by the end of 2010 or 2011, we will have approximately 10,000 users on this system.

Epic applications help create continuity of care by unifying, simplifying and supporting communication among systems, processes and people. They provide an enterprise clinical/financial data repository, a health care data management system, an enterprise master person index, scheduling, registration and more.

Needless to say, this system cannot ever be down.

To ensure high availability for this critical system, even as we added more facilities as part of the hospital’s $1.5 billion expansion project, we realized we would have to change our approach. Rather than providing high availability for just a single data center, we would require it at multiple data centers across our campus.

We weren’t experts in finding and implementing such technologies, so we looked to various partners. Collaborating with our hardware partner provided some direction, but ultimately, we realized that the importance of this implementation was so great that we needed to bring in more experienced personnel.

Consequently, we turned to Symantec Consulting Services to develop a cross-network solution based on the Veritas Storage Foundation and Veritas Cluster Server, which ensure maximum uptime and availability of our Epic applications. We worked with these consultants as a team dedicated to serving the needs of Texas Children’s Hospital, and I cannot overstate how critical this teamwork was to the overall success of the implementation.

These collaborative efforts were so rewarding that we also extended high availability to our full suite of mission-critical Oracle PeopleSoft applications—from supply chain to human capital management and financial management. Now we are confident that both our Epic and PeopleSoft applications will remain up and running.

Does the solution work? Yes, we’ve seen it put to the test over the past year. With all the construction going on across our campus, we had two instances about two weeks apart in which the primary server for our current ambulatory medical record system, GE’s Centricity, lost power and went down.

Our high-availability solution proved itself by automatically failing over to a secondary server. In fact, the transition was seamless, so our physicians, clinicians and others using the system were not even aware of the problem. It’s a good thing, too, since it costs approximately $1 million every half-day if one of our Clinical Care Center systems is down and, more important, it can disrupt patient care.

In addition to improving the reliability of these applications, Symantec consultants and solutions also helped Texas Children’s increase the efficiency of our IT team and simplify storage management. We had already been using Veritas NetBackup for our Microsoft Windows servers, and we decided to extend it to our Unix environment. By doing so, we doubled our backup volume without adding IT administrators—which translates to a savings of more than $1.5 million in labor cost avoidance over a three-year period.

We expect to see additional labor cost savings over that same period, thanks to the more efficient backup-and-restore capabilities in our PeopleSoft environment. By increasing the availability of our PeopleSoft modules, we will likely see significant labor productivity gains as well during the next three years. And, because our high-availability implementation enables intelligent failover, we can maximize our current server investments and avoid millions of dollars in new hardware acquisitions.

Privacy, Security, Protection

Several years ago, Texas Children’s Hospital began developing a plan to address the standards of the Health Information Portability and Accountability Act (HIPAA). This provided an opportunity to link privacy and security in a central office.

Frequently, privacy concerns are managed by either the compliance or medical records department, while security issues are generally the purview of the information technology group. Because it is impossible to have privacy unless you also have security, tying the two together from an operational and enforcement perspective created significant synergy at our hospital.

As the technology and threat landscape changed, we leveraged advances in security to harden our perimeter and automate security processes in order to ensure that sensitive information would be handled appropriately. At the same time, our infrastructure became more complex. After all, we are more than a hospital; we are an integrated delivery system that comprises a variety of organizations and services. This complicates the challenges of safeguarding privacy and security.

What’s more, we’re also an academic medical center, so we have a lot of visiting faculty and researchers who must be able to access and share information with other researchers in formal presentations and informal meetings. To guard against data leakage and help ensure data integrity, our team must know who is accessing information, when they are accessing it and what they are doing with it.

To achieve those goals, we are implementing Symantec’s endpoint protection and data-loss-prevention technologies. The firewall, anti-virus, anti-spyware, intrusion prevention and other security technologies of the endpoint protection solution help keep malicious code and activity out of our enterprise, while the data-loss-prevention technology helps keep confidential information from leaving the hospital system.

This project is just the latest in a series of security-related activities for Texas Children’s Hospital. For example, two years ago, we added Symantec’s Security Information Manager to our toolkit to help us collect, store and analyze security log data, as well as to monitor and respond to security events in order to meet compliance requirements. A year before that, we deployed the vendor’s Enterprise Security Manager to define and measure our efforts in meeting security policies and standards, along with its DeepSight Threat Management System services to stay apprised of the latest threats on the global horizon.

Since then, we have seen a 93 percent decrease in infected systems and a significant reduction—almost 700 hours per month—in the time required to compile audit reports and remediate security incidents.

These security practices and tools will become even more critical as our caregivers and patients become more mobile. Soon, we’ll see doctors using their smart phones to access medical records and patients using their phones to send heart readings and the like directly into their medical records.

What will never change, however, is the importance of keeping that information safe and available, as well as our commitment to doing all we can to make that possible, even as our IT environments become more complex and sophisticated.

At Texas Children’s Hospital, every individual and organization is dedicated to delivering optimal care to the millions of children who come through our doors. And our IT initiatives and professionals are focused on making sure the technology infrastructure and processes that support and help enable quality care are the best they can be.

Our ultimate goal is to ensure that all the children who come to our hospital leave stronger, better and healthier.