Data health check.Ever since the concept of integrated health information systems was established in 1998 in line with the philosophy of the World Health Organization's motto "Health for All by the Year 2000" DOHMS DOHMS Department of Health and Medical Services (Dubai) IT department was faced with the challenge of ever changing technology landscape. At one hand it had to embrace the leading edge technologies, and on the other hand secure them. DOHMS IT department had a clear strategy to secure the Hospital systems and patient records way back in the year 2000.<p>Managing data is always a sensitive job to manage, especially when one has to manage public data. The sensitivity of the data becomes higher when it comes to health records data. DOHMS manage a comprehensive hospital management system that connects four large hospitals and 21 health centres covering entire Dubai. More than 2000 users across this network access the hospital management system and core application system. <p>Ali Mohamed For other people of a similar name, see Muhammad Ali (disambiguation). Ali Abdul Saoud Mohamed, (Ali Abdelsoud Mohammed) also known as Ali Mohammed (b. Al Ali -- Director IT, Department of Health and Medical Services, says, "Ensuring secured access and secured information delivery of the patient data is our key priority at DOHMS IT department. Through our continued commitment towards IT security, we achieved a strong trust of being a secured repository of such a sensitive data." <p>The need for Information security <p>With an ever increasing amount of information in hospitals transmitted electronically, it is mandatory that security been considered in every phase of IT infrastructure design and operation. Also, with legislation such as the Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when (HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, ) requiring security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security in healthcare environments, securing the network infrastructure has become mandatory to ensure compliance. The customers of the Hospitals, i.e. the patients, doctors, and employees, require continuous access to services, up to 100% up time of systems, security for personal information and access controls to information. <p>"DOHMS IT department is responsible for maintaining the patient records data, hence there was a need of a comprehensive security strategy to safeguard the data," says Al Ali. In 2005 DOHMS IT department took a conscious decision to adopt industry best practice in information security be it technology, policies or people. ISO (1) See ISO speed. (2) (International Organization for Standardization, Geneva, Switzerland, www.iso.ch) An organization that sets international standards, founded in 1946. The U.S. member body is ANSI. 27001 certification was one of the milestones towards this goal.<p>Standardizing Security <p>DOHMS had to adopt holistic information security roadmap that includes technology, processes and training. "We identified a company to help us in building BS7799 based information security practice within DOHMS," says Al Ali. DOHMS achieved BS7799 (earlier standard) certification in June 2006. In the meantime Adv. 1. in the meantime - during the intervening time; "meanwhile I will not think about the problem"; "meantime he was attentive to his other interests"; "in the meantime the police were notified" meantime, meanwhile , BS7799 standard was adopted by International Organisation for Standardisation International Organisation for Standardisation - International Organization for Standardization (ISO) as the Information security standard. DOHMS was successful in upgrading the certification from BS7799 to ISO27001 in January 2007. <p>UAE (Uninterruptible Application Error) The name given to a crash in Windows 3.0. In subsequent versions of Windows, a crash was called a "General Protection Fault," "Application Error" or "Illegal Operation." See crash in Windows and abend. Department of Health and Medical Services is the first Health department in the entire Middle East to be awarded with prestigious ISO27001 certification. <p>"Being aware of challenges in maintaining and managing the ISO27001 standard, we partnered with Paramount Computer Systems a specialized information security firm to help us in achieving the same," says Al Ali. <p>Cutting edge security technologies @ DOHMS <p>"DOHMS IT department serves 4 major hospitals and 20 health centres in the emirate e·mir·ate n. 1. The office of an emir. 2. The nation or territory ruled by an emir. Noun 1. emirate - the domain controlled by an emir of Dubai. There are approximately 5000 users accessing the DOHMS network out of which 2000 users have direct access to various applications. Different users such as Doctors, Nurses, Admin staff, Lab technicians connect to the DOHMS network. We have the major responsibility of providing 24/7 uninterrupted service to our users being in information critical industry," says Mohamed Arief -- Network Manager at DOHMS. "After the ISO27001 assessment DOHMS had clear understanding of technology Gaps which helped them identify the necessary security technologies to mitigate the security risks. Paramount has played a vital role in identifying, evaluating and in implementing the best of breed technologies," adds Arief.<p>During the last 3 years DOHMS IT department has been successful in implementing technologies such as intrusion prevention See IPS and IDS. system, strong authentication system and NOC/SOC solution. "The NOC/SOC solution provides end to end visibility of the distributed network which helps in isolating the problem at the earliest, this has drastically brought down the response time to security incidents from days to minutes," says Arief<p>Copyright 2008 IDG IDG International Data Group IDG Integrated Drive Generator IDG Installation Design Guide IDG Internet Discussion Group IDG Inset Dielectric Guide IDG International Dangerous Goods (mail, shipping) Middle East. All rights reserved. Provided by Syndigate.info an Albawaba.com company |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion