Healthcare IT Risk Mitigation

Healthcare IT Risk Mitigation - A Network - Centric approach

The Healthcare is one of the fastest growing industries today - thanks to the increased consciousness to seek a healthy living and the ease of access to excellent medical care. With such unprecedented surge in demand for medical care, Hospitals cannot but seek a strong and robust IT system across their setting to manage efficiently. In fact today the IT department is as common as a radiology department in most hospitals. Hospitals rely on IT system, and Computer networks to manage the entire patient treatment cycle - from admission to discharge, to the extent that they have come to view the IT department as a value-enhancer, away from the "The cost-centre" that they were once considered to be.

The flip-side to this overarching reliance on IT is that even the slightest glitch in the IT system could bring down the hospital on its knees. Add to it the federal laws like HIPAA that seek intense scrutiny of the IT system security and patient data integrity, and the job of the IT System/Network manager becomes all the more difficult.

This paper puts forth a solution to overcome the various challenges/risks that today's healthcare institutions face and puts forth a solution to overcome the IT related risks.

The Healthcare Institution of today

Healthcare institutions come in all sizes - from the basic only-outpatient-treatment-centre down the road to the large Medical centre in Universities to the very large community healthcare centres. What is common to them is the strong IT system that each has in place and the much stronger strict federal laws that each is governed by - only that in the case of the large and very large centres the law is more pronounced and the fallouts of not complying with the laws could mean damaging ramifications. The IT spending by Healthcare Institutions today is like never before. This is mainly on account of the need to manage the health related information of numerous patients and their medical histories. The other reason for IT proliferation is the interest in leveraging the treatment given. The diagram below captures the prime drivers of IT in healthcare.

Prime Healthcare IT Drivers

Prime Healthcare IT Drivers

Usage of IT to leverage Healthcare Delivery

Healthcare software and systems popularly termed the HIS(Healthcare Information) help to automate all the important process in the healthcare institution.

The Catch :

As can be seen from above the number of benefits the healthcare institution stands to gain with an IT system in place is far more than the upfront spending it has to incur in porcuring one. Yet, one major threat of such a system is its extreme reliance on IT systems, which in turn rely on the nebulous Computer networks.

So what it means for the Healthcare centre is a network glitch could render the IT system unusable - with it goes away the access to all the patient information and medication instructions.

Also with the wide spread use of electronic medium for the communication and entertainment purposes. the vital hospital network is always under threat of being abused for purposes that are not within the purview of patient treatment. Such a phenomenon could unnecessarily burden the network making the availability of bandwidth for a much more critical application a dream.

A network disaster namely :

could pose serious risk to the reputation and even the existance of the healthcare institution. So attempts to mitigate the network risk by way of having mechanisms ready to combat a network disaster is well in order

A case in Point

Consider the case of a Large Community Medical System that has 5000 employees, has 60 distinct business units.To achieve high levels of service delivery and efficiency the medical center deploys a sophisticated Healthcare Information system(HIS) that spans its entire campus.

This HIS has the ability to store electronic medical records of patients and facilitate quick reference to the patient health staus to authorised(prieveleged )physicians This apart it also has a strong Picture Archiving system (PACS) to electronically store patient image records. To support the access to HIS and PACS from anywhere the medical center has a high bandwidth network across its campus. This in turn facilitates Voice - Over - Ip communications, Access to wireless internet access from anywhere in the campus.

Risk Assessment - The key points to consider:


As the medical center is heavily reliant on IT and computer networks, ensuring remote data access and network connectivity is very critical for the smooth functioning of the whole enterprise. The Network Administrator/CIO has to anticipate the possible problems that may crop up disrupting the smooth functioning of the Healthcare delivery process. The possible problems/challenges are:

Risk Mitigation:

Having assessed the potential risks that an enterprise is vulenrable to it is vital to address them effectively at the earliest.

The challenge (Perceived Risk)
The Solution
( Risk Mitigation Mechanism )
1. Monitor networks and proactively thwart any possible network failures A good network Monitoring software that can inspect your entire network and give meaningfull and in depth reports can help wade through the problem
2. Monitor network bandwidth usage and ensure high bandwidth availability at all times to critical applications

Have a strong WAN monitoring solution that can monitor the entire network bandwidth and the entire network traffic as it happens. A report on who the Top Talkers are, what applications are eating the maximum bandwidth, at what time periods the bandwidth peaks, the bandwidth usage pattern over the last couple of months etc are very useful

More importantly such information can help decide whether to go in for a capacity planning and for how much

3. Having log of all access done to HIS system and patient records A strong Log analyzer solution that can capture and store logs of information on all access - succesful / failed attempts, done to the HIS. It should also be able to report on the stored logs for actionable decisions and help in reporting for HIPAA compliance
4. Reducing the MTTR(Mean Time to Repair) in case of any event/disaster - having a strong disaster recovery process A sound Help Desk Management Software that can help assigning ownership to individuals incharge of resolving the issue and being able to track the progress of the issue for quick resolution of the problem.

ManageEngine - a Healthcare enterprise network manager

Healthcare Enterprise

While individual point solutions that address each of the risk mitigation solutions identified above exists, it is good to have a unified integrated solution that can address all these aspects. ManageEngine suite has this capability. The member module softwares OpManager, NetFlow Analyzer, EventLog Analyzer & ServiceDesk Plus software address the issues of Network Monitoring, Bandwidth Monitoring, Log Analyzis & Reporting and Help Desk Management respectively.

ManageEngine solution

For more details on ManageEngine NetFlow Analyzer visit

For technical queries contact

For comments on this article contact