The Internet has become an integral part of our health-care system, both for patients and staff, but it’s also introduced myriad security and privacy concerns — as demonstrated recently by several high-profile breaches that made national headlines. Hospitals and health-care facilities are now faced with channeling resources toward more efficient health care, while having to worry about data security breaches and Web threats.
The health-care system is based on trust, and for the Children’s Hospital of Eastern Ontario (CHEO), this is particularly important because of the age of its patients. “We have to have top-notch security that drives that trust,” says Tyson Roffey, CIO of CHEO, an academic pediatric hospital affiliated with the University of Ottawa that provides treatment, diagnostic and laboratory services for children and youth up to 18 years. “[Families] need to be able to trust that information captured electronically is not being shared.”
Being a pediatric hospital, it’s responsible for protecting all sensitive and confidential patient information, but employees also need to access that information quickly and easily. This is a delicate balancing act, since many of its programs — from mental health to autism to outreach work — don’t live within the four walls of CHEO. And there are no rules around trust. “You could lose it faster than you could ever gain it,” says Roffey. “It’s the lens we use most often — everything we do electronically needs to hold that same level of trust people have today.”
So CHEO has invested in Websense’s Web Security filters and security solutions to promote safe and responsible use of the Internet, ensure only authorized access to health records and make more efficient use of bandwidth, as well as gain insight into how the Internet and intranet are being used. As a result, CHEO is able to provide free Internet access to patients and their families — which has become an important communications tool, particularly for children, who can feel isolated while in hospital.
CHEO, for example, participates in a program called Upopolis, which was created by the McMaster Children’s Hospital Child Life Team in collaboration with Telus and Kids’ Health Links Foundation. Upopolis is a secure online social networking tool for children in hospital care, which includes a personal profile, secure mail, instant chat, discussion boards, personal blogs and links to child-friendly games. It also features a homework site to help them keep up-to-date with school, as well as links to child-friendly health and wellness information, such as different diagnoses, treatments and equipment.
“It’s essentially a safe Facebook for kids that are prepping for surgery,” says Roffey. “Upopolis has chat features, for example, with kids from other hospitals who have similar diseases.” CHEO has child life specialists who manage this tool, as well as the use of computers with certain patient populations. By using Websense, they’re able to offer access to all social networking tools, including Facebook — only they’re more closely supervised from a technology perspective.
At the same time, the medical community also needs access to the Internet, but for different purposes. An urologist, for example, researches parts of the body that may be filtered by an overly generic tool. CHEO chose Websense for its ability to provide flexibility in drilling down to the individual level while covering the masses, allowing for free public Internet service so families can surf and communicate. Yet, roles-based rights can be granted to research staff, key clinicians and IT staff through its intranet portal.
CHEO is also using the reporting features within Websense as an educational tool. Inadvertently, employees or guests go to the wrong place or do the wrong thing. “Our average staff is in their late 40s or early 50s,” says Roffey. “The Internet isn’t a natural tool for them, and their profession didn’t teach them how to use that.” CHEO now has access to reporting tools that bring these types of issues to light.
Websense provides security in three areas, including e-mail, data and Web security. In health care, security becomes an issue when anything tries to enter or exit the system, whether it’s a botnet trying to ping home or a user unknowingly accessing a malicious or compromised Web site.
