Transcript IT in Practice, A Jumpstart

IT in Practice, A Jumpstart!
Alex Phillips, MCSE, CCNP, OMSIII
Lincoln Memorial University
DeBusk College of Osteopathic Medicine
[email protected]
American Osteopathic Association of Medical Informatics
My Background
•
•
A decade of experience in designing, building, securing and support of
production networks in the Healthcare, Education, and Financial Sectors
Previous Employers/Contracts:
•
•
•
•
•
•
•
SDS (Danaher): Systems Engineer / Project Manager/ Disaster Recovery
Officer (DRO) for Sites in Australia, Japan, Mexico and Europe and Corporate
office in Orange, CA
University of California at Irvine
• UCI HealthSystems: Business Systems Analyst
• UCI School of Medicine: Director of Medical Academic Computing
University of California at Los Angeles
• UCLA School of Medicine: Bioinformatics support for Ambulatory Care
Research
Citibank: Datacenter Operations Engineer / Y2K Audit Team
Ameriquest Mortgage: Network Engineer/Project Manager/ DRO / Security Audit
(Sarbanes-Oxley) Team
Argent Mortgage: Lead Network Engineer/ DRO / Security Audit (SarbanesOxley) Team
IndyMac (OneWest) Bank: Senior Systems Analyst / Shift Lead
Allscripts Electronic Health Records
Stimulus Tour Partners:
•
•
•
•
Microsoft: The server standard that most EMR systems will be built upon
– Earned Microsoft Certified Systems Engineer (MCSE’s) in Windows NT
and Windows 2000 and was a trainer for that program for 3 years
Cisco: The leading vendor of computer networking equipment
– Earned Cisco Certified Networking Associate (CCNA,) then Cisco
Certified Networking Professional (CCNP) and have built and supported
Cisco networks in many Fortune 100 companies
Dell: One of the major server, desktop and laptop vendors in the industry
– Designed, built and supported equipment from most of their server,
desktop and laptop product lines
Citrix: The leader in remote deployment of applications across the country
– Certified (CCA) and experienced in large deployments of “Thin Clients”
with connectivity back to the main server many miles away
Goals
• NOT to make an engineer or programmer out of you!
• Offer my experience and share IT Best Practices to help
avoid common pitfalls in implementation and audits
• Prepare you for discussions with vendors you will partner
up with to build and support your office network
• Discuss components of your office network
• Hardware: Network devices, Servers, Backup and Cooling
• Software: Choices and Licensing
• Disaster Recovery
• Introduce you to Electronic Medical Records with the first
step being E-Prescribing through the SureScripts
network
Network Requirements
• Desktops Needing Wired Connections:
Doctors’ Office and Reception Areas
• A “Full Complement” per every 2 devices
• (2) RJ45 CAT6 Ethernet ports to plug computers or printers into
• (2) RJ45 CAT6 Ethernet ports used for Analog phones/fax machines (RJ11
adapters) or IP Telephones with full CAT6 Connectors
• Cabling run up the wall, through the ceiling to your Main Data Frame
(MDF) where all of your network equipment will be stored
• All MDF connections run through proper cable management into the
network switches
Audit Note: The door to the MDF must be closed and locked at all
times per HIPPA
Network Requirements
• Wireless Desktop
Connections: Exam Rooms
• Use the same Brand and
model of wireless card in all
PCs so you can quickly
spot intruders
• Keep all desktops on the
same driver revision for the
wireless card
• Wireless Intercom system
for STAT requests to
nursing station
Network Requirements
• Wireless Desktop Connections:
Exam Rooms, contd.
• Security Configurations
– Use WPA2/AES (PSK2)
Enterprise to encrypt it
– Key Exchange every 7 hours
– Don’t broadcast your SSID
– NO WEP EVER!
Network Requirements
•
Optional Wireless Connections: Waiting Area
• Have a separate Wireless Internet
connection for guests that is isolated from
your office network
• Have a cheap cable modem or DSL
connection connected to a consumergrade wireless router
– Example: Linksys WRTSL-54GS
– Best processor, memory and wireless
speed for your patients
• Still secure with WPA+TKIP (PSK) but
your patients don’t have to download
special WPA2 drivers from Microsoft to
get onto this network-NO WEP EVER!
• Change the password monthly and have
it available at reception
Network Requirements
• Restroom?
Network Requirements, contd.
• Switch
– Main component that all computers, servers and network
connections outside the office are made through
– Usually 24 or 48 “client” ports per switch, 1 device per port
– Laser or 1000 Mb Ethernet ports to connect to other
switches
– Cisco example: 2960 Intelligent Ethernet Switch ($1600)
• 48 Ethernet (RJ45) Ports with Power over Ethernet (POE)
• 2 Fiber or 1000 Base-T ports to connect to other equipment
– Advice: Buy 2 from your vendor and have a fully
configured standby and pay for the cheaper support plan
from the equipment maker: i.e. 8AM-5PM, Next Business
Day
Network Requirements, contd.
• Firewall
• Protects your internal network from the outside world
• One connection to your switch (internal) and one
connection to your router (outside)
• Audit Note: A physical and logical separation of your
network from the outside world will be required
• Advice: Purchase a router with integrated security features
and purchase the highest level of support for it, i.e. 4 hour
SLA at 24/7 support
Network Requirements, contd.
• Routers
• TWO routers needed for
TWO main connections
• YOUR router for the
connection to your
internal network, to the
switch
• Internet Service Provider
(ISP) Router Connection
to the Internet
ISP
Practice
Router
Network Requirements, contd.
• Routers
– YOUR Router
• Your router will be owned
and managed by you and
your IT support
• Will be your controlled entry
point into your network
• Will have firewall features
integrated to reduce the cost
of implementing and
supporting a separate
firewall
• Will incorporate Wireless
Access (802.1 a, b, g)
managed securely
• Offer secure remote Virtual
Private Networking (VPN)
Connections to your office
• (Optional) Offer Integrated
PBX phone system support
for IP Telephony
Practice
Router
Network Requirements, contd.
– Cisco Router Example: 1841 Modular Router with
“Security, IP Base” Feature Set ($3000):
•
•
•
•
Up to T1 (1.5 Mb) speeds
Up to four 10/100 Mbps built-in switch ports
Up to 800 Virtual Private Networking (VPN) tunnels
Support for wireless local-area network (LAN) standards
802.11a/b/g
– Meets Design Requirements
• (1) Ethernet port to ISP Router
• (1) Ethernet port to switch
• (1) Cable/DSL Module or Ethernet Connection
– to possible 2nd ISP (Cable Modem) as backup
• Wireless LAN 802.11a/b/g support
– Office Telephony Integration will require the 1861
Router Series ($5000) and IP Telephones ($400+ each)
Network Requirements, contd.
• Routers
– Audit Note: A network redundancy plan with Service
Level Agreements (SLA) for the hardware and ISP that
connect you to the E-Prescribing system and the
Internet will be required
– Advice:
• Buy an Integrated Services Router that will offer your
office
– Connectivity to outside networks
– Protection from outside threats through an embedded
firewall feature set
– Managed Wireless integration into your network
• Purchase the highest level of support for it, i.e. 4 hour SLA
at 24/7/365 coverage
• Lease the Internet Router from ISP
– All Hardware and Software will be covered under an (SLA)
that is usually 4 – 8 hours of Time to Service Restoration
IT Room (MDF)
• Equipment Rack:
– Network Equipment at top
• Router at the top
• Switch below with network
cabling routed to it
– Servers
– Uninterruptable Power Supply
(UPS)
• Mounted at least 4 inches
above the floor
• You will need to have an
electrician install higher
amperage electrical cabling to
plug the UPS into
• Setup power management
software to shut down servers
automatically
• Audit Note: The door to the MDF
must be closed and locked at all
times per HIPPA
IT Room (MDF), contd.
• Environmental Controls:
– Dedicated cooling
• Routed through it’s own conduit in
the ceiling
• Upgrade current HVAC system or
install a dedicated one in the office
– Dedicated fire suppression and
notification
• Dry fire-suppression system
prevents damage to equipment
– Inergen
– FM-200
• NO WATER EVER!
• Connected to building fire alarm
system
– Audit Note: Your office manager
and the on call physician contact
information needs to be listed as
contacts for the burglar and alarm
monitoring systems
Server Hardware
• Best Practices:
– Hard drives:
• 15000 RPM drives help keep graphics files moving
quickly
• RAID 5: High performance way that a group of hard
drives work together to protect you from data loss
– Memory
• ECC RAM: Error Correction Memory for high
processing servers
• At least 4GB is recommended for most applications
– Processor: Intel Xeon
• Advice: When selecting any of the parts (drives,
memory, CPU,) look for the obvious price break, and
select the parts just below it
Server Hardware, contd.
• Server Examples: ($6000 to $8000 each, fully
configured)
– HP ProLiant DL385 G5 Server
• Industry Standard System
• Setup and troubleshooting: SmartStart
• Remote Administration: Insight Manager
– Dell PowerEdge R710
• Good if you already have Dell equipment in your
current network
• Setup and troubleshooting: Dell Systems Build and
Update Utility (SBUU)
• Remote Administration: Dell OpenManage
Server Hardware, contd.
• Tape Backup
• Protect your patient data in the event of an equipment
failure or office disaster
• LTO-4-120 800/1600 GB tapes are the current
standard
• Buy from the same manufacturer as the server
systems you buy ($2500-3000)
• HP: 1/8 Ultrium 960 Tape Autoloader
• Dell: PowerVault 124T LTO-4
• Rackmount kits remove clutter
Server Hardware, contd.
• Support for Servers
• Record and scan in all model/serial numbers and a picture
of your network setup and have it filed where it’s
accessible
• Have contact information for all vendors in a centrally
stored spreadsheet
• Have all equipment support contracts be co-terminus and
managed by one vendor
• Have at least one spare part for hard drives and network
cards
Server Software
• Industry Standard: Windows Server 2003 or above
– Small Office System 2003, Premium:
• Adds MS Exchange for email and SQL Database server if
you have more than 10 employees
• You should license by connection for every employee you
think may be connecting to the system at the same time
• Use Outlook Web Access in the practice to access email so
that users can get into the server from any web browser
Server Software, contd.
• Antivirus/Malware: Trend Micro Worry Free Security;
Advanced Server
• Antivirus for your servers, desktops, email and wireless
systems
• Practice-wide management from one console
• Minimal ongoing administration
Disaster Recovery
• Audit Note: A thorough and properly tested Disaster
Recovery Plan will be required
• Advice: Plan should include:
– Auditing and Accountability: At least two named Disaster
Recovery Officers (DRO) for the practice, at least one
named staff liaison per site
– Server failure: at least 2 servers with overlapping network
and domain functions that fail-over to the other should the
need arise
– Service Restoration:
• Contracted consultants with a block of hours and a Service
Level Agreement for turnaround time
• Facility to see patients in if your primary one is compromised
• Automatic phone system failover to second office or answering
service with a dedicated person until you can failback to the
primary one
Disaster Recovery, contd.
• Plan, contd.
• Off-site Data Storage: Storage of important documents
and backup tapes in case of the loss of an entire site’s
data/equipment
• Best choice: Iron Mountain pickup and on-call delivery
• Tapes from one office sent to another office by courier
• Bank vault that an office manager makes deliveries and
pickups from
Practice Optimization
• Office Computers
– Backup critical staff PCs at least weekly
– Have a default “image” of the desktops and laptops ready so you
can quickly bring them back up if their hard drives fail
– Ghost
– Altiris
– Use Windows XP for the desktop Operating System and set for
automatic patch updates
– Use Microsoft Office for your Physicians, Billing and Accounting
staff only ($700) and Star Office (Under $50 per PC from
www.sun.com) for every other PC.
Practice Optimization, contd.
• Dictation
• Digital recorders with USB, Olympus is the standard
• Plug in to PC and AS-5000 Software routes the dictations
wherever they need to go
• Route to Dragon Naturally Speaking, Physician edition
• The preliminary transcription can go into the patient record
immediately as a draft
Practice Optimization, contd.
• Dictation, contd.
• Add a Medical terms “.dic” file to MS Word on the
dictation/transcription workstation(s)to build in the most
common words
• http://www.ptcentral.com/university/medterms_zip.html
• http://mtherald.com/free-medical-spell-checker-for-microsoftword-custom-dictionary
• Your dictation is spell-checked against these medical
dictionaries that are now on ICD-10 standards FOR FREE!
• The software does the majority of transcription and
correction for you, so your costs are reduced.
Practice Optimization, contd.
• Dictation Results
• Have a private area, hosted by either party or a 3rd party
for uploading dictation files and downloading laboratory
and pathology results
• Have an Input and Output folder for each day with a
manifest of dictations done, and corresponding audio files
• That same manifest should be sent back from dictation
with a file in MS Word 2003 format
Practice Optimization, contd.
• Laboratory and Pathology Results
• Results should also be available electronically
• A hosted site for delivery would be the best, site
administrators have passphrases for the sites
• Passwords like “password” are insecure
• Passphrases like “ibetiknowyourpassword” are just as easy
to remember but much more secure
• Fax is always a backup, have name, telephone and fax
information for each vendor posted in several locations
Practice Optimization, contd.
• Outside Vendors
• The main goal is to be able
to have 3 files immediately
available from any office:
• Dictation of last visit
• Laboratory results
• Pathology results
Practice Optimization, contd.
• Worst case scenario: No chart available when on call
• Visit a place with Internet access or start up your laptop
with a Wireless card
• Get to those 3 files
• Review all of the latest information needed
• Call back an educated opinion on what your plan of care is
• Also great for providers working in multiple offices
Time-Out!
• Network Requirements
– Devices at the desktop
– Switches and secured Routers
• IT Room (MDF)
–
–
–
–
Equipment Rack
Environmental Controls
Server Hardware
Server Software
• Disaster Recovery
• Practice Optimization
Practice Electronic Records
• EMR and E-Prescribing System Selection Goals
• Get a new Certification Commission for Health Information
Technology (CCHIT) certified system deployed
• Get access to the national SureScripts E-Prescription
network
• Quickly pass as many prescriptions through this system to
qualify for “meaningful use” under American Recovery and
Reinvestment Act (ARRA) incentive guidelines
Practice Electronic Records, contd.
• Choosing your system
– Implementing any system will be a learning process
requiring proper preparation, training and ongoing support
– Core SureScripts Services
– Rx Benefit: eligibility, benefits and formulary information
– Rx History: prescription history information across providers
– Rx Routing: secure computer-to-computer exchange of
prescriptions between prescribers and pharmacies
– Buyer’s guide available at www.surescripts.net for systems
that are certified to attach to the national prescription
management system
Advice: More than 40 different software vendors
– Focus on vendors that have Platinum or Gold Level Status
because they have the proper experience and resources
to support your software
Practice Electronic Records, contd.
• Top Certified Solution Providers
• SureScripts Platinum Solution Providers:
• NextGen EHR, RxNT
• SureScripts Gold Solution Providers:
• Allscripts ePrescribe, Axolotl Elysium, DrFirst Rcopia,
eClinicalWorks, GE/Kryptiq Centricity, NewCrop.
• Try to sample as many of these systems as you can and
make sure to involve other providers and office staff in
the evaluation process
Practice Electronic Records, contd.
• Transition Period: Scan Everything!
•
•
•
•
Purchase several scanners and dedicate PC workstations to them
Install Adobe Acrobat Standard to scan documents into PDF format
Have a rotating group of people scanning the documents
Consider contracting with a staffing agency for some medical office
assistants that are technology savvy to be dedicated to this project
for the bulk of the work
Practice Electronic Records, contd.
• Before EMR is fully implemented
• Document Organization: Binary Large Object (BLOB)
• Build folders with Medical Record Numbers (MR) on them on a
server and have all patient records scanned into those folders
with subfolders based upon date
• When the EMR is implemented, these documents (BLOBs) can
be imported into the patient’s electronic record since it is already
sorted by the MR number and date of service
• Any paperwork that providers still prefer to use while getting
used to using a tablet PC or laptop will continue to be scanned
and added to the patient’s record
Practice Electronic Records, contd.
• Before EMR is fully implemented
• Prescription printing:
• Tamper proof paper with printing allowed from doctor’s
accounts only for that tray
• Prescription Paper MUST BE SHIPPED to the License
address or the address on file with the DEA.
• All scheduled drug security restrictions still apply; crossing
out RX date and post-dating prescriptions is not 100%
guaranteed to be in compliance
• http://www.cpsintlinc.com/hospital-supplies/tamper-resistantrx-paper.html
• http://www.rxpaper.com
Practice Electronic Records, contd.
• Before EMR is fully implemented
• MOST CRITICAL: Practice Training
• Project Champions: Select key office staff and providers that
have a technical background and send them for focused
training
• Have system training incorporated as a part of normal,
mandatory staff meetings
• Have a message board or email account set up for questions
which an office staff member can compile, have a first try at
answering
Practice Electronic Records, contd.
• EMR Implemented:
• Make time in staff meetings for EMR concerns and address
them promptly
• Have regular meetings with Project Champions to review
results
• Triage current issues and propose solutions
• Discuss next phases for implementation (i.e. expansion modules)
• Conference calls with your IT Partner
• At least once a week for the first four weeks after the system goes “live”
• Relay staff questions and concerns
• Follow up on support cases still outstanding
Next Step in Management…
• Remote Access
• Virtual Private Network (VPN)
access to your office
• Citrix MetaFrame remote
access to EMR
• RSA SecurID Two-Factor
Authentication
• Data Backup:
• Vaulting of tape system
• Storage Area Network (SAN)
integration
• Security
• Best Practices
• Surviving an audit
• ANY QUESTIONS?
References
•
•
•
•
•
•
•
•
•
•
www.microsoft.com
www.cisco.com
www.dell.com
www.ironmountain.com
www.trendmicro.com
www.sun.com/software/staroffice/index.jsp
www.rxpaper.com
www.olympus.com
www.dragon-medical-transcription.com
www.rsa.com