InnoHEALTH Magazine Interviews HIT, Maharaja Agrasen Hospital
Hospitals, like any other modern organization, increasingly rely upon IT systems for a wide variety of administrative and clinical functions. These establishments are highly complex in terms of processes, which can have constant activity 24/7×365. Also, we must not ignore the fact that most of the equipment and diagnostics technologies used in medicine are using highly computerized components. This entire network of devices, equipment and systems that often require connection to external systems, is a very critical and complex environment to control.
Cybersecurity helps in keeping the information of the patient confidential for legal purposes and also prevents cybercrimes. With increasing cyber crimes nowadays, InnoHEALTH magazine took initiative to interview some big hospitals to see how resilient are our healthcare establishments and what steps they are taking to mitigate it and to spread awareness for cybersecurity amongst the healthcare establishments.
Kritika Aroroa and Varsha Prasad interviewed Mr Niraj Kumar Singh, Head of Information Technology, Maharaja Agrasen Hospital on behalf of InnoHEALTH magazine.
- What is the role of a CISO/CIO in the hospital? Educate our readers?
The role of CISO/ CIO is to manage the high level security related to the network system and protect patient data in a hospital. Hospitals nowadays are also involved in e-commerce and the diagnostic systems which are implemented are digitalised this eventually increases the possibility of cyber attacks. Here the CIO’s role comes into play by protecting the system of hospitals from any possible cyber threat.
- Your current job, share with us your typical routine and how much of it is about cyber security?
My current job is to manage the network, wireless and point to point security of hospitals. I spend the maximum time of my job assuring that the security systems are working and in case any possible threat enters in our system, it must be taken care of. I also provide connectivity and security to remote users and from one unit to another unit inside the hospital. In addition to this, a typical day of mine spent in implementing security in our systems and monitoring any threat that enters our network on day to day basis for e.g. If any unauthorised IP address that are getting access to information of our system then we have to deny and surpass access of those threats in our security system.
- What is the level of digitisation in your hospital?
In our hospital, the Hospital Information System (HIS) is implemented, which takes care of all patient data and clinical data, day to day transactions and other activities. EMR is also implemented in our hospital, we are able to successfully implement EMR in about 60-70% of our OPD’s. During Covid-19 digitalisation was enhanced at our part, as we introduced a new application of online consultation (telemedicine) in our hospital.
- With the increasing digital adoption do you also see the increase of cyber risks?
Digital Adoption in Hospitals is based on the adoption of future technology, like online consultancy, telemedicine, digitalization of payment, Report transfer, sharing the vital information from patients’ side through 256 encryption base apps and websites link. During this COVID-19 scenario because of digital adoption patients, attendant and doctors can talk easily through 256 encryption base chat, calls and video calls, one to one talk to patients, doctor monitor patient record through EMR (electronic medical records) and also dispensing of consumable item can now be done by robotic trolley to reduce the infection level and 100% successfully digitization methods. Many hospitals go for Mitra Robots. They basically are easy to use and improve patients care services, productivity, safety norms and government guidelines.
- Do you have dedicated staff/resources to look after, ensure and report to you about the information/ cyber status?
In our hospital the responsibility regarding cyber security relays on the Head of Information technology (me). Head of IT manages all the security issues in the hospital. Create the new policies, norms for the security purpose and implement them and actively monitor the security policies and cyber threats.
- As we see connected health also becoming a reality, what are your thoughts on Medical device security risks?
For a hospital purpose, medical devices like connected cardiac monitor and lab equipment and radiology motilities it is easy to transfer information from one unit to another.In case of medical devices, high level security is required because there is risk to the patient’s personal data. In our hospital we have implemented the whole security devices and point to point connectivity and data encryption. Data lab reports and demography data is travelled by encrypted format like MPLS connectivity.
- If you have outsourced Hospital management / information system (HMS) and Data processing to a third party vendor, What steps are you taking and propose for hospitals who rely on a third party to ensure data protection aspects?
Most of the time HIMS is developed by a third party, some hospitals have a self developed HIMS, like Narayana Hrudayalaya (Multi Speciality Hospital) have a self developed HIMS but small hospitals generally do not have self developed HIMS. Maximum single or five unit connectivity hospitals have opted for the outsource HIMS. Only 2-3 people manage the HIMS and implement the new strategies and new business policies. Developing team can rely on third parties. Cloud based HIMS is already under secure like SAS security is applicable and already provides the security. Every data on the third party is secured. Point to point connectivity by which data travels do not share the link easily to cloud based HIMS, certificates and tokens are must for security measures.
- How your Hospital has implemented EMR format and adoption? Also, Medical Device security and Telemedicine Security?
EMR is available in our hospital and doctors provide printed format prescriptions. Every order goes to our HIMS. Approximately 60-70% doctors use the EMR and utilizes the EMR data. For NABH purposes and ISO quality tests every EMR data is helpful. Telemedicine is for online consultations like Tele consultations and it is very famous. Various technologies are coming and Telemedicine is used widely by the patients. These are very useful in this current scenario of COVID-19 and in emergency conditions because online consultations are available now which helps in calling, chatting and video consultations which connect patients and doctors. Data is properly encrypted by telemedicine technology and data transfer is also possible easily. Our hospital is using this technology and maximum patients and staff support this technology. With regard to security purposes every telemedicine guideline is followed by MoHFW.
- In your view, what should be an ideal security setup in a hospital?
Basically Data encryption is the most important aspect, which service we use for creating the setup for the security purpose. Every hospital should have security policies and the implementation part is very important. Policies should be made properly and implemented more accurately. In addition to this, only authorized people should have the permission to go to the Connectivity department for the security purpose.
- Share a middle of the night call up from the hospital related to Information security.I have provided the VPN technology, this technology connects me to the billing executives and at the night time I can help them through this. Our hospital is open for 24*7 call services for security purposes.
- Any comment on the current scenario of cybersecurity in hospitals among India.
Cybersecurity still is not considered as a concern among many hospitals. Even in Delhi NCR itself, there are very few hospitals who have this cybersecurity component in their hospitals. We don’t have enough policies and implementation tactics for cybersecurity in Indian hospitals as this is still in its evolving phase but as many hospitals are opting digitalisation in them, we can expect there would be advancement in the cybersecurity status in Indian hospitals in future.
Interviewed by: Kritika Aroroa and Varsha Prasad