Ever since the concept of integrated health information systems was established in 1998 in line with the philosophy of the World Health Organization’s motto “Health for All by the Year 2000” DOHMS IT department was faced with the challenge of ever changing technology landscape. At one hand it had to embrace the leading edge technologies, and on the other hand secure them. DOHMS IT department had a clear strategy to secure the Hospital systems and patient records way back in the year 2000.
Managing data is always a sensitive job to manage, especially when one has to manage public data. The sensitivity of the data becomes higher when it comes to health records data. DOHMS manage a comprehensive hospital management system that connects four large hospitals and 21 health centres covering entire Dubai. More than 2000 users across this network access the hospital management system and core application system.
Ali Mohamed Al Ali – Director IT, Department of Health and Medical Services, says, “Ensuring secured access and secured information delivery of the patient data is our key priority at DOHMS IT department. Through our continued commitment towards IT security, we achieved a strong trust of being a secured repository of such a sensitive data.”
The need for Information security
With an ever increasing amount of information in hospitals transmitted electronically, it is mandatory that security been considered in every phase of IT infrastructure design and operation. Also, with legislation such as the Health Insurance Portability and Accountability Act (HIPAA) requiring security measures in healthcare environments, securing the network infrastructure has become mandatory to ensure compliance. The customers of the Hospitals, i.e. the patients, doctors, and employees, require continuous access to services, up to 100% up time of systems, security for personal information and access controls to information.
“DOHMS IT department is responsible for maintaining the patient records data, hence there was a need of a comprehensive security strategy to safeguard the data,” says Al Ali. In 2005 DOHMS IT department took a conscious decision to adopt industry best practice in information security be it technology, policies or people. ISO27001 certification was one of the milestones towards this goal.
DOHMS had to adopt holistic information security roadmap that includes technology, processes and training. “We identified a company to help us in building BS7799 based information security practice within DOHMS,” says Al Ali. DOHMS achieved BS7799 (earlier standard) certification in June 2006. In the meantime, BS7799 standard was adopted by International Organisation for Standardisation (ISO) as the Information security standard. DOHMS was successful in upgrading the certification from BS7799 to ISO27001 in January 2007.
UAE Department of Health and Medical Services is the first Health department in the entire Middle East to be awarded with prestigious ISO27001 certification.
“Being aware of challenges in maintaining and managing the ISO27001 standard, we partnered with Paramount Computer Systems a specialized information security firm to help us in achieving the same,” says Al Ali.
Cutting edge security technologies @ DOHMS
“DOHMS IT department serves 4 major hospitals and 20 health centres in the emirate of Dubai. There are approximately 5000 users accessing the DOHMS network out of which 2000 users have direct access to various applications. Different users such as Doctors, Nurses, Admin staff, Lab technicians connect to the DOHMS network. We have the major responsibility of providing 24/7 uninterrupted service to our users being in information critical industry,” says Mohamed Arief – Network Manager at DOHMS. “After the ISO27001 assessment DOHMS had clear understanding of technology Gaps which helped them identify the necessary security technologies to mitigate the security risks. Paramount has played a vital role in identifying, evaluating and in implementing the best of breed technologies,” adds Arief.
During the last 3 years DOHMS IT department has been successful in implementing technologies such as intrusion prevention system, strong authentication system and NOC/SOC solution. “The NOC/SOC solution provides end to end visibility of the distributed network which helps in isolating the problem at the earliest, this has drastically brought down the response time to security incidents from days to minutes,” says Arief