IBM conducted an in-depth assessment to identify vulnerabilities in New Hanover Health Network's information security practices, with emphasis on their auditing activity and capabilities. This white paper will explain how IBM helped them implement a series of best practices, thereby improving the confidentiality, integrity, and availability of their information systems.
Healthcare and Life SciencesSolutions case studyNovember 2007
The quest to achieve best practices in
healthcare information security
IBM diagnoses North Carolina hospital group's weaknesses and prescribes treatmentHealthcare and Life SciencesSolutions case studyPage 2
IntroductionContents In today's celebrity-crazed world, it came as little surprise that when a popular actor and his female companion were hurt in a motorcycle accident, 2 Introduction the details of their injuries spread instantaneously throughout the media. It 3 Finding out where the came as more of a surprise, however, when the media later reported that 27 organization was vulnerable employees at the New Jersey hospital where the two were treated had been and what could be done suspended for a month without pay after an internal investigation found that about it they had accessed personal medical records without authorization - even 5 An industry that's largely though there was no evidence that they had released any of that information unprepared to the media. Their suspension was punishment for having violated the Health 5 Spelling out the risks-and Insurance Portability and Accountability Act (HIPAA) - a U.S. law that ways to resolve them protects patients' privacy.7 What IBM did for New Hanover Health Network Avery Cloud has spent a lot of time worrying about the damage those kinds of 8 Getting buy-in situations can create. As CIO of the New Hanover Health Network (NHHN) in 9 Learning the truth-and Wilmington, N.C., Cloud and his information systems team are responsible taking action10 How improved security helps for supporting the information management needs of the network's three 10 Tapping into an enormous hospitals. They also need to ensure that the organization's information knowledge base to speed measures don't get in the way of any clinical or business requirements - results while still complying with all the relevant government and regulatory 12 About IBM demands, including HIPAA and the standards set forth by the Joint 12 For more information Commission on Accreditation of Healthcare Organizations (JCAHO).
"At any given moment I could get a call from a compliance officer about whether a nurse on 5C accessed information she shouldn't have," Cloud explained in an interview just weeks before the celebrity privacy incident. "And if that information happened to be about a well-known patient, we could all find ourselves scrambling. That's the kind of stuff that was keeping me up at night."
Lately though, Cloud has been sleeping a lot better - thanks to the knowledge he's gained from an in-depth assessment designed and conducted by IBM to identify vulnerabilities and gaps in NHHN's information security practices and recommend corrective actions. The results are helping NHHN implement a series of best practices in information security. Healthcare and Life SciencesSolutions case studyPage 3
Solution components New Hanover Health Network (NHHN) is a non-profit regional medical Servicescenter and teaching site affiliated with the UNC-Chapel Hill School of . IBM Global Business Services Medicine. The hospitals and services that are part of New Hanover Health Network have long-standing roots in Southeastern North Carolina, offering Softwarecare for generations of families through all stages of life. The network . IBM TrivoliŽ Access Manager for includes three general hospitals: New Hanover Regional Medical Center Enterprise Single Sign-On and Cape Fear Hospital in Wilmington and Pender Memorial Hospital in . Consul InSight Suite Burgaw.
NHHN offers some 30 services and programs, ranging from ambulatory surgery and cancer care to rehabilitation services and behavioral health. It's the ninth largest health care system in the state with a dedicated team of 4,700 employees, 490 physicians and 760 active volunteers. The network includes three hospital campuses and is licensed for 769beds. As the primary referral hospital in the region, NHHN offers specialty centers in cardiac, cancer, obstetrics, trauma, vascular surgery, intensive care, rehabilitation, and psychiatry. The network acquired New Hanover County's emergency medical services in 1998 and added the region's first air ambulance service in 2001. Around the same time it took a national lead in disaster response planning and one year later, New Hanover Regional EMS became the state's first model EMS system.
