In this informal discussion at HIMSS Europe in Copenhagen, Intel's Malcolm Linington, Yves Mahieu from EMC, and Frank Nydam, CTO Healthcare,VMware, discuss cloud computing, security, big data, mobility in healthcare IT, and how the three companies work together to support healthcare CIOs and organizations.


Watch and let us know what questions you have about the role of IT in healthcare.


Risk assessments are often driven by regulations such as HIPAA Security Rule, incentives such as Meaningful Use (see Core Objective 15) or compliance with standards such as ISO 27001 for Information Security Management Systems. Risk assessments can also be a valuable tool to allocate limited budget to reduce the most business risk, as discussed in my previous blog on Maximizing the Value of Risk Management in Healthcare. Risk assessments identify highest priority risks, in terms of likelihood and business impact, and safeguards required to mitigate these risks. However, just doing risk assessments doesn’t improve the organizations security posture. Actually reducing risks, and improving security posture, requires addressing privacy and security deficiencies identified in the risks assessment, by implementing administrative, physical and technical safeguards.

However, in practice there are many things that can get in the way of successfully improving the security posture of a healthcare organization, as shown by the survey results below sourced from the HIMSS Industry Solution Webinar titled “Embrace Healthcare Change Safely: Practical Strategies for Security Risk Management,” currently available free on demand.


David_Graphic_Biggest Obstacle In Implementing Security.jpg


Healthcare is driven by the key goals of improving the quality and reducing the cost of patient care. This translates into cost reduction pressure, and limited budget for privacy and security as a top of mind fundamental obstacle to implementing security. Making the best use of limited resources is key to reducing the most business risk, and risk assessments done well and regularly (at least annually) can meet this need well by guiding allocation to reduce the most business risk, and in a measured way that avoids over-securing in some areas, under-securing in others, weakest links and significant residual risk.

Lack of available staff with the necessary expertise to do privacy and security is identified by these survey results as the second greatest obstacle to implementing security. Engaging external professional services for privacy and security, and risk assessment is a practical best practice to overcome this obstacle. Hiring or making existing staff available to participate in privacy and security initiatives together with external professional services can help better guide these initiatives, and build this key expertise within healthcare organizations longer term.

Gaining executive buy-in by reporting regularly on compliance and risk management are critically important in the success of privacy and security initiatives. ROI (Return On Investment) analysis for highest priority risks identified in risk assessments can also help influence positive decisions from executives and financial stakeholders. Having the right audit framework around risk management can help overcome obstacles associated with security initiatives stalling in implementation due to higher priority initiatives. For example, establishing a process that requires an IT Manager tasked with implementing a security control to formally signoff on implementation, or waive risk associated with not implementing a security control can help move such initiatives up in priority on task lists. Of course, there are the usual project management best practices that apply to implementing security, including assigning owners and dates, and managing through to final implementation of security safeguards.

For robust privacy and security it is critically important that implemented safeguards continue to be effective. Monitoring existing controls for effectiveness is essential. This includes user acceptance, since if users don’t accept security, or seek alternatives that circumvent or disable security (and there are many eg from consumerization/BYOD), this can lead to ineffective security, non-compliance issues, and significant residual risk. See my previous blog on Healthcare User Experience, Compliance and Risk for more on this, and how vertically integrated security solutions that make use of Intel hardware assisted security can provide technical security safeguards that are performant, robust, usable and cost effective.

What challenges do you see with implementing security within your organization?


Learn more about improving your healthcare organization's security posture in this concise interactive narrated presentation



Security continues to be one of the most important aspects of healthcare IT administration. Data breaches can be expensive and dangerous to patient safety. In this new videeo, Adnan Hindi, director of systems engineering at McAfee, discusses encrypting hard drives for maximum health IT security, and how assets can be continuously monitored for protection.


What questions do you have about health IT security?


I recently had the privilege of delivering the keynote at Duke University’s Third Annual Informatics Conference, “Business Transformation Through Informatics” in North Carolina, followed by a congressional staff briefing organized by Health IT Now in Washington D.C. I thought I would summarize the key takeaways here since the presentations and discussions which followed seemed to achieve a degree of resonance with the respective audiences.


I should preface this to say that each of these observations are my own, based on exhaustive research of different models worldwide. I regularly work with regional and national governments around the world to design their national healthcare architectures, establish a shared services strategy, and leverage cloud computing to cost-effectively share essential infrastructure and expertise across a region.

Care coordination realistically models health information exchange as a network of participants rather than as a point-to-point exchange
Health information exchange is better modeled as a complex network of participants rather than a simplified point-to-point exchange of information. Each exchange of health information requires numerous supporting utility services – to check authorization, lookup clinician and patient registries, normalize terminology, aggregate patient health information across disparate sources, etc. Healthcare itself more closely follows a document-centric model of workflows such as that modeled by HL7 CDA (Health Level 7 Clinical Document Architecture), embodied as standard healthcare documents such as encounter and discharge summaries, request for consult, etc. Care coordination requires timely and secure access to a shared patient record across a region, inclusive of the patient, the caretakers, the clinicians and the institutions all participating in the patient’s care.

Care coordination, quality metrics and clinical decision support require a standard informatics model
A key success factor in health reform is the establishment of a shared summary care record built upon a standard informatics model, leveraging HL7 CDA and terminology standards including SNOMED CT, LOINC, ICD10, and for medications, RxNorm or ATC. The Consolidated CDA represents a harmonized set of recommendations across HL7 balloted CDA implementation guides, IHE Implementation Guides, Health Story Project and S&I Framework. HL7 CDA has been proven worldwide, including the use of HL7 CDA for epSOS (Smart Open Systems for European Patients) transborder exchange of summary health records and medication histories. A standard informatics model enables doctors to pose queries like “Tell me which of my patients have a particular condition and are taking a particular medication” – perhaps there is a new potential drug interaction or a change in recommended treatment procotol.  Clinical decision support, population health, quality metrics, comparative effectiveness research all depend on a standardized informatics model.

Care coordination, quality metrics and clinical decision support require a critical mass of shared patient health information across all participants in the region
Countries that require electronic submission of encounter and discharge summaries within 24-48 hours of care episodes, have significantly accelerated their progress towards health reform. This protected health information is then aggregated, normalized and made accessible as a shared patient health record through a regional HIE using web-based service APIs. Patients and clinicians alike are given immediate access that is both secure and transparent. Patients are able to directly consent and authorize access to health professionals, as well as audit specific disclosures, thereby establishing trust in the system. Independent audits are conducted to ensure “need to know” and “least privileged” access to protected health information. A critical mass of shared patient health information is established because all healthcare participants in a region are included. Goals for patient safety and improved care delivery at reduced costs are met because patient care can be coordinated across each of the specialists and institutions in a region.

Time to Value:  health reform must be accelerated
The time to build out the necessary infrastructure must proceed aggressively, such that the collaborative economic model can be established before the stimulus funds are exhausted. The collaborative economic model depends on achieving a critical mass of normalized health information. Once a minimum set of normalized health information is established, local business innovation can develop value-add services, which further drive value in the network. Examples of value-add services include drug interaction checks, clinical trial patient recruitment, clinical decision support, and comparative effectiveness of particular treatment protocols, institutions, clinicians, even patient-focused wellness and behavior modifications. Time to Value is the single biggest cause of failed HIEs worldwide – they took too long to establish a sustainable business model, ran out of funds before completing the necessary infrastructure, and ignored the importance of a standard informatics model.

Regional HIEs form the backbone of a shared services strategy
A Shared Services model is a means to cost-effectively share the necessary infrastructure for health information exchange, while creating a collaborative economic model that drives local innovation and accelerates adoption of advanced healthcare usage models. Regional HIEs become the logical organizing point to collect, host and store the normalized health information, to centrally monitor and enforce patient consent and authorization, to offer value-add services which drive further value in the network. Regional HIEs provide necessary infrastructure which must be must be organized, monitored and enforced similar to transportation and utilities, to ensure interoperability at both national and regional levels. Health reform which follows a balanced approach across business drivers and metrics, policy and standards, architecture, and reimbursement and investment models demonstrate the highest levels of maturity and return on investment.

What challenges do you face with accelerating health reform?  What are your key learnings in the journey thus far?

Healthcare CIOs face many challenges today as they go through the transition from the old method of healthcare management to the new eHealth imperative driven by technology. When I go out into the field, one of the most common questions I hear from CIOs is, “what is the right blend of required IT capabilities for my hospital?”

For that very reason, Intel Corporation, Innovation Value Institute (IVI) and HIMSS Analytics Europe have come together to create a program for hospitals to enhance their IT strategy, underlying management capabilities and optimize outcomes. The program, called the Healthcare Maturity Model, combines proven roadmaps for CIOs to over-come healthcare IT adoption challenges.

The program is aimed at senior IT decision-makers, particularly executives with influence over the IT organization’s strategy. Participation involves group webinars, one-on-one interviews and a complete HIMSS Analytics EMR Adoption Model survey.

As hospitals increase the level of clinical systems eHealth adoption, program participants will learn what IT capabilities need to be put in place, and what other hospitals who are further along in this journey have used. Learning from peers is one of the best ways to chart a course of action.

Upon completion of the program, the results will provide you with a quick and easy starting point to trigger senior level decisions about the need to develop identified IT capabilities and the benefits they can yield. Also, you will be able to prioritize the IT capability improvements that will most advance your hospital’s eHealth strategy.

Currently, Intel is looking for 10 U.S. hospitals to sponsor for this engagement. Interested? Send me an email at and let’s talk further.

Watch the below video for more information on this program. What questions do you have?


Healthcare enterprise organizations have been exercising caution with cloud adoption due to the regulated nature of the industry and desire to maximize return on existing (on-premises) IT investment. However, I am seeing accelerated adoption of SaaS (software-as-a-service) applications and expect this trend to continue.


In previous blogs (here and here), I’ve described some of Intel’s collaborative efforts with healthcare cloud providers working on medical imaging solutions.  Let’s take a closer look at some of the key reasons why medical imaging lends itself especially well to the benefits enabled by cloud computing:


•  Exponential Growth of Imaging Data: The amount of data stored by healthcare organizations is doubling every 18-24 months, and in large part this is driven by medical imaging.  As higher image resolutions are supported and richer media becomes more commonplace (e.g. video, 3D), the problem gets worse. Although medical images are rarely accessed more than a few months after they are captured, they are stored for many years to satisfy retention requirements, further increasing demand for storage capacity. The need to manage and scale the infrastructure to support medical imaging is putting significant time/cost pressure on Health-IT departments.


•  Loosely-Coupled Nature of PACS (Picture Archiving and Communication System): There are a lot of PACS vendors out there.  Most EMR (electronic medical record) applications treat PACS as a loosely coupled system and have mechanisms to support integration with various solutions.  Consuming PACS via the SaaS model will be much more straightforward and less disruptive to clinical end users than would be the case if PACS was tightly integrated with the EMR.


•  Pressure on Health-IT Departments to do More with Less: The healthcare industry is anything but static. Demands resulting from healthcare legislation & regulations coupled with trends such as BYOD (Bring your own device) are definitely keeping Health-IT departments busy. Evaluating applications against organization-defined criteria for SaaS suitability, and outsourcing where it makes sense to do so can enable IT to focus more time on strategic investment areas rather than “keeping the lights on”.


•  Need for Improved Access & Mobility: There is an increasing desire to access images anywhere, anytime, on any device in order to support a wide range of clinical workflows (e.g. diagnostic imaging on a workstation, reviewing an image with a patient on a mobile device at the point of care, etc.). SaaS applications are typically very mobile and support a wide range of client devices.


•  Technology Innovation: Several technology innovations have enabled medical imaging solutions to be delivered efficiently from the cloud.  Virtualized, highly-scalable, servers and storage platforms enable large pools of computing resources that can be shared across applications. This reduces the solution cost (economies of scale) and improves agility (applications can respond automatically to fluctuations in demand). Converged networking solutions can manage network and storage traffic over the same unified fabric, reducing cables, complexity and cost. Improvements in server-side graphics capabilities enable images to be rendered in the cloud and streamed to client devices over low-bandwidth network connections.


Intel works closely with the software vendors, industry partners and organizations like the Open Data Center Alliance to ensure that our cloud solutions arescalable, secure, and meet the needs of the healthcare industry. If you have any thoughts to share on the application of cloud technologies to medical imaging or other healthcare systems, please add to the discussion below.  You can also follow me @CGoughPDX on Twitter.


Watch the below video for some additional information from me on medical imaging and cloud computing.


In our latest report from HIMSS12, GE Healthcare IT vice president Justin Steinman talks about what top trends he saw on the show floor. Delivery system reform, interoperability, analytics and big data, and practice solutions for small to medium size clinics are just some of the take-aways he observed during the industry’s largest event.


What questions do you have?


Filter Blog

By date:
By tag: