Electronic medical record keeping places demands on IT execs at hospitals

BOSTON - It's a rainy April evening in Danville, Pa. The sidewalks on Mill Street are empty. Once-handsome 19th century brick facades are faded and the storefronts--Dollar Store, D's Clothier--are dark. Two small restaurants and a bar are open, but empty--or nearly so--adding weight to the street's designation as a "historic" business district. The scene here is a common one in rural Pennsylvania and in small towns throughout the United States, where economies built on agriculture and manufacturing have given way in recent decades to a low-wage, service-sector economy and its placeless landscape of strip malls and chain stores. A tension between old and new can be felt everywhere in Danville (population roughly 4,900), which was settled on the banks of the Susquehanna River in 1777 by William Montgomery. His 1792 stone house--now a museum--still stands at the end of Mill Street, directly across the street from a Wendy's restaurant.

The tension can also be felt just outside of town, where Geisinger Medical Center sits on a hill overlooking the rolling countryside--a sprawling, big-city hospital and modern research center plunked down in small-town America. Almost 90 years after its 1915 founding, more people work and receive care at the Medical Center most days than reside in Danville. And Geisinger's modern-day stewards, such as CISO Jaime Chanaga, are trying to remain true to the charge laid down by founder Abigail Geisinger to make her hospital "the best."

The hospital is eight years into a US$68 million-plus effort to deploy a state-of-the-art electronic medical records (EMR) system that has streamlined patient care within the hospital and outpatient services at Geisinger's 15 clinics in 38 Pennsylvania counties. Recently, the hospital has also moved aggressively to deploy a host of Web-based medical services for patients and staff--including a patient portal for accessing online medical records called MyGeisinger.

However, behind the scenes, the move to electronic medical records and medical Web services has heaped new demands on Chanaga's information technology security staff. Chanaga and his staff face the daunting and sometimes contradictory tasks of trying to increase staff and patient access to medical information, and staying on top of the latest advances in medical devices, while also formalizing security policies and adhering to regulatory requirements for more than 400 medical and administrative applications, almost one-third of which are mission critical.

Offering the perspective of a man who's barreling down a road that most people are still trying to merge onto, Chanaga has found that the secret to managing IT security in a Web services-dominated world is knowing you don't have all the answers. Instead, Chanaga and his staff at Geisinger have found success by sharing responsibility and by striking a balance between customer needs and corporate goals.

Digital Case Files

A visit to Geisinger's data center--a sturdy, two-story, cement building at the rear of the Danville campus--underscores the challenges facing IT security staffs who work in a medical environment.

Clean-cut and dressed in a double-breasted suit, Chanaga gestures to rows of racks filled with computer hardware. Above each rack, a simple, white placard identifies systems that host countless specialized medical and administrative applications: "Blood Bank," "Dietary," "EPIC Care," "MyChart Web Server," "PACS Stentor," "Wisdom Case Management" and so on.