CSC World Winter 2010


Published on

Focus on Healthcare and Cybersecurity

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

CSC World Winter 2010

  1. 1. Focus on Healthcare | Winter 2010WORLDCybersecurity Delivering Confidence INSIDE Our Social Platform for Healthcare NASA Looks Beyond the Clouds In Practice: Travel & Transportation Making Power Grids Smarter
  2. 2. KEEP THE BADGUYS OUTAND THE GOODGUYS IN D BUSINESS SOLUTIONS Companies’ sensitive data is increasingly housed on laptops, external drives and smartphones that cross the globe with an increasingly TECHNOLOGY mobile workforce. Theft or loss of even one of these devices can put OUTSOURCING your proprietary data at great risk. Providing full-disk encryption of entire systems, external drives and USB flash devices, our Managed Encryption Service protects you from the costly consequences of a security breach — while improving your dynamic workforce’s productivity. Learn more about CSC’s security capabilities:
  3. 3. WORLD Inside CSC WorldSENIOR MANAGEREDITORIAL SERVICES The world around us grows more complex every day and businesses faceTheresa Nozick increasing challenges to protect vital data. But a vigilant and comprehensiveSENIOR EDITOR cybersecurity strategy can help pacify even the most persistent threats. InChris Sapardanis this issue’s cover story, our chief cyber strategist Sam Visner provides advice to those looking to stay confident in a world of risk.CONTRIBUTING WRITERSJim BatteyJenny Mangelsdorf Our focus on cybersecurity continues with a profile of CSC’s Global Strike-CREATIVE DIRECTOR Force team, which travels the globe helping companies and governmentsTerry Wilson avoid cyber disasters. Inside you can read how this team helped protect the cyber assets of the United Nations Framework Convention on ClimateDESIGNERDeric Luong Change in Denmark. And in “Digital Detectives Fight Cybercrime” learn how our Digital Investigative Services professionals are indentifying threats andASSISTANT DESIGNERSKelly Dare network intrusions for clients.Marketing Shared Services — P2EDITORIAL/SUBSCRIPTION OFFICE With U.S. healthcare reform in full swing, healthcare providers are trying to2100 East Grand Avenue make sense of it all. Many are connecting in our Meaningful Use Community,El Segundo, CA 90245-5098 USA an interactive and educational online community for learning about meaningful use of electronic health records (EHRs). The site’s developersCSC and users share their experiences in “Meaningful Use Site Brings Community Together.” And one provider in the forefront of electronic healthcareTHE AMERICAS implementation is Vermont’s Fletcher Allen Health Care. We share details of3170 Fairview Park DriveFalls Church, VA 22042 USA their EHR journey and with them provide tips for implementation success.Tel: +1.703.876.1000 The cloud and beyond are on the mind of NASA Jet Propulsion Laboratory’sEMEARoyal Pavilion Chief Technology Officer Tom Soderstrom. In this interview, he discusses theWellesley Road unique and powerful ways he’s enabling the JPL workforce, and the benefitsAldershot, Hampshire GU11 1PZUnited Kingdom that approach is reaping for both employees and the laboratory. We alsoTel: +44(0)1252.534000 feature a case study on the collaborative videoconferencing solution CSC’sAUSTRALIA Pasadena Innovation Center helped develop for JPL.26 Talavera RoadMacquarie Park NSW 2113 This issue’s In Practice section focuses on the Travel & TransportationAustraliaTel: +61(0)2.9034.3000 market. In “CHARTing Success on the Road,” read how for more than a decade, we have helped develop and upgrade the state of Maryland’sASIA20 Anson Road #11-01 intelligent transportation system used for real-time operation of its highwayTwenty Anson system. And our merger expertise was put into practice for YRC Company,Singapore 079912 one of North America’s largest trucking companies.Republic of SingaporeTel: +65.6221.9095 Finally, The Green Corner looks at smart grids, which could help manage theCSC WORLD (ISSN 1534-5831) exploding demand for future energy consumption worldwide. And By theis a publication of Numbers reveals some of the results of our “Eighth Annual Global Survey ofComputer Sciences Corporation. Supply Chain Progress.”Copyright ©2010Computer Sciences Corporation We invite you to download this issue of CSC World to your AppleAll rights reserved.Reproduction without permission iPad or Amazon Kindle at, or sign upis prohibited. to receive each issue via e-mail at on what You can also find us at, where we invite youyou’ve read in CSC WORLD.E-mail us at to start or join in the conversation in the comments field providedOr write: after each story. If you prefer, you can e-mail us at WORLD2100 East Grand AvenueEl Segundo, CA 90245-5098 USA Theresa Nozick Editor, CSC World WINTER 2010 | CSC WORLD 1
  4. 4. CSC WORLD | WINTER 2010 | VOLUME 9 | NUMBER 3 4 14 cover story 4 World of Risk 6 Sam Visner on Cybersecurity’s Impact on Business Our chief cyber strategist discusses how organizations can best protect vital information in an increasingly complex world. 10 A Strike for Security CSC’s Global StrikeForce team travels the globe, helping companies and governments avoid cyber disaster. 14 Securing a U.N. Climate Convention The United Nations Framework Convention on Climate Change in Denmark benefits from our Global StrikeForce’s security capabilities. 16 Digital Detectives Fight Cybercrime When a security incident occurs, our Digital Investigative Services professionals respond quickly to analyze and contain the problem. 18 Protecting Your Industrial Base As the first IT company invited to join the U.S. Department of Defense’s Defense Industrial Base Program, we offer a unique perspective on protecting organizations from security threats.2 CSC WORLD | WINTER 2010
  5. 5. 20 36 ON CSC.COM Our latest Corporate Responsibility Report ( shows our commitment to global citizenship by ensuring a sustainable environment for future generations. Interested in moving to the cloud? We deliver the right cloud, the right way. Learn more at 32 38 Did you know CSC manages one of the world’s largest supply chains? Read how we help the U.S. Army track more than $25 billion in inventory and transactions with some 50,000 vendors ( With our free mobile apps, you can view the latest csc. com press releases, case studies, videos, events, and more. Download at HEALTHCARE BY THE NUMBERS20 Meaningful Use Site Brings Healthcare 34 Eighth Annual Global Survey of Supply Community Together Chain Progress Our online community is the place to learn, connect, and Results reveal that knowing how to use supply chain share information about the meaningful use of electronic management to boost your bottom line is more critical health records. than ever.22 The Digital Hospital: Transforming Care IN PRACTICE: Delivery With E-Health Records TRAVEL & TRANSPORTATION A patient record and IT management system is putting 36 Charting Success on the Road Fletcher Allen Health Care on the map. We’re helping develop and support the intelligent transportation system the state of Maryland uses to26 Beyond E-Health Records: Technologies That operate its highway system. Enhance Care Delivery CSC’s Emerging Practice reports on a number of technol- 38 CSC Helps Transport Companies Share ogies that help enhance and improve inpatient care. the Road Our expertise helps YRC, one of North America’s largest FEATURES trucking companies, merge the networks and operations30 Looking Beyond the Clouds: of two of its subsidiaries. Tom Soderstrom, CTO, NASA’s Jet Propulsion Laboratory THE GREEN CORNER As one of the laboratory’s busiest times draws near, 40 Intelligent Grids Power a Smarter Future Soderstrom discusses new approaches and emerging As energy consumption increases exponentially, smart technologies that propel JPL ahead of the curve. grids – if secure, intelligent and sustainable – can manage exploding demand.32 Extreme Collaboration Is (Not) Rocket Science A high-definition video conference environment at NASA’s JPL campuses delivers numerous business benefits and brings new life to meetings. WINTER 2010 | CSC WORLD 3
  7. 7. WORLD OFRISKExpecting your enterprise to be safe todaywithout a comprehensive cybersecuritycapability in place is like jumping from aplane without a parachute — it’s flat outdangerous. On any given day, cyber criminalswith various agendas are attempting to breakinto IT systems around the world — andmany are successful. That’s why so manyorganizations turn to CSC. We deliverconfidence to businesses and governmentsby protecting the most sensitive data andcritical systems. On the following pages ourleading cybersecurity experts discuss theever-changing world of security, whatorganizations must do to mitigate escalatingrisks, and explain some of the ways wesafeguard the private and public sectors. WINTER 2010 | CSC WORLD 5
  8. 8. Sam Visner ON CYBERSECURITY’S IMPACT ON BUSINESS This is similar to when Volvo decided to make safety an intrinsic component of their cars, and not just an “add-on” option. At the time, the auto industry looked at safety as a question of compliance, but it wasn’t a key issue. Then Volvo came along and they owned the word “safety,” and it became a competitive discriminator. In the private sector, some companies are beginning to question their risk and how cyber can give them a competitive advantage. For example, Boeing is asking how it can use As the world gets more complex and cybersecurity to ensure it knows the origin of each plane part attempts to steal your most precious and that its test data is valid, so it can assure buyers and passengers that its planes are safe. Some pharmaceutical information become more sophisticated, manufacturers are also asking how they can use cybersecurity forecasting your future cybersecurity needs to ensure the validity of their test data and to track the origins has become increasingly challenging. of their raw materials. In both cases, this speaks not only to compliance, but also to improving product confidence, which For Sam Visner that’s especially true. Visner leads CSC’s cyber can become a competitive discriminator. strategy, directing a worldwide team responsible for protecting the information infrastructures of our commercial and government Why would it benefit organizations to look past compliance clients, many of whom represent some of the world’s leading and focus on risk? enterprises and process some of the world’s most valuable and sensitive data. Visner also serves as a member of the global Visner: Right now people realize they need to comply with a reserve program that supports the U.S. National Intelligence certain level of protection of customer data. If they don’t, their Council on cybercrime, is a member of the U.S. Defense Science customers will be angry and might abandon them, or worse. Board Intelligence Task Force supporting the Under Secre- But what’s really at risk is their intellectual property — the few tary of Defense of Intelligence, and is an adjunct professor at things that make a company’s goods and services special. If Georgetown University’s School of Foreign Service, where he they lose their operational data, they might recover. However teaches a course on the effects of IT on international security. if they lose their core intellectual property — their marketing plans, product design, and research and development — they In a recent interview, Visner shares his broad cyber perspective could lose the whole company. on how executives can best protect their organization’s most vital information today and into the future. If they don’t understand the risk to their intellectual property, which is the thing of most value, whether or not they can Where are the public and private sectors in their use of open their factory doors is irrelevant because their adversaries cybersecurity today? and competitors own their business. To succeed in the future, companies will need to move from compliance to using cyber- Sam Visner: Some — perhaps too many — agencies and companies security as a competitive discriminator and managing the risk today regard cybersecurity as a question of compliance. For to their intellectual property. example, if you’re a government agency, you have to meet specific cybersecurity requirements, and companies have a In the federal sector, some savvy agencies are also beginning to responsibility to shareholders, customers, and others to ensure understand they need to increase their cybersecurity beyond they have adequate security to protect their interests. To a the minimum requirements. They are realizing an agency that certain extent, many still use this compliance-based approach. doesn’t have good cybersecurity will lose the confidence of its But savvier people are now asking what information is really at citizens, who then may decide its services are no longer useful. risk, what that risk represents to their organization, and how Government agencies, much like the private sector, compete cybersecurity can help them manage that risk. for business. Today, in the United States, the General Services6 CSC WORLD | WINTER 2010
  10. 10. Delivering Confidence in Cybersecurity Administration is trying to increase its role as the contracting organization of choice for the rest of the federal government Our nearly 2,000 cyber professionals, led by some and, to do so, its own cybersecurity has to be good. of the most respected names in global cybersecurity, serve both commercial and public sector clients worldwide How would you rate the world’s overall cybersecurity profile? providing vulnerability analysis, penetration testing, data loss prevention, managed security, and cyber forensics Visner: In addition to the companies that look at cybersecurity training and analysis. We also have a global StrikeForce as essentially a compliance-based activity, some companies available 24x7 to respond to cybersecurity incidents; a believe sufficient cybersecurity is baked into whatever informa- worldwide infrastructure of Security Operations Centers; tion system they buy, so they don’t worry about it. Then there and the ability to test software’s cybersecurity charac- are organizations that have always been at persistent risk and teristics at our Common Criteria Test Laboratories — the know it, like financial services firms, and they take cybersecurity world’s largest installed base — located in North America, fairly seriously. Europe, and Asia. We are the first organization to achieve an independent, third-party Software Engineering Institute- Then there are the companies whose risk is changing, such as Capability Maturity Model (SEI-CMM) Level 3 rating, and those who own and operate critical infrastructure. Until now have secured a SEI-CMM Level 4 rating for our strength in they have relied on the fact that the information systems that protecting the integrity of client information. guide their generators and pipelines have been separate from the public’s systems. But today these systems are being connected through the Internet. In some cases, like the power For more information on our cybersecurity capabilities, grid in the United States, they’re being connected to devices visit that have Internet protocol (IP) addresses, which enable the public to understand and manage the power in their house. As these formerly isolated systems link to public systems, which is now happening for the first time, the risk to these systems is changing from what it was a few years ago. This is something not everybody entirely understands, nor do they understand how they will mitigate these new risks.18 CSC WORLD | WINTER 2010
  11. 11. Has the risk environment sovereign countries. More and more of this internationalchanged and how can cooperation will take place. Policies will emerge that relateorganizations respond to to global cyber governance. The UK’s Digital Britain report2 isnew threats? one example.Visner: It has really changed. What cyber innovations do you see on the horizon?New threats like polymor-phic viruses and advanced Visner: An important innovation is situational awareness, whichpersistent threats, which can will enable companies to understand what’s happening insideget into a system, look for their enterprise as well as in the global environment. Withthe information they want, situational awareness technology, they will be able to seeseek out the servers that deal with that information, and remain threats as they evolve before they hit their operations. Anotherresident there surreptitiously for a long time, can be difficult to development will be better computer-aided tools that willspot. Companies that have taken a low-level compliance-based enable companies to assess more quickly and effectively aapproach to cybersecurity are vulnerable. threat and select the right defense for it, much like a doctor having a more automated, intelligent, and efficient way ofMany information systems were built piecemeal over time and making a diagnosis and selecting the treatment. A thirdweren’t instrumented well. So they don’t have good enterprise innovation, which we are helping drive, involves securing newmanagement and tools, which allow a company to study and architectures, like the cloud. Today organizations are beginningunderstand the normal behaviors of the complete enterprise. to adopt these architectures because they offer tremendousMost companies are still thinking about that problem. Their operational advantages, however they worry about security. Withsystems are segmented into individual stovepipes, and they offerings like our cloud security and Trusted Cloud capabilities,don’t have the ability at the enterprise level to look across the organizations will be able to develop secure new architectures.whole organization. Many organizations simply do not have thatkind of understanding. Without that, if a system like this What cyber innovations will clients see from CSC?gets infected with these new sophisticated threats, it will bedifficult to determine if it has been infected. Organizations Visner: We are further upgrading our Security Operationsneed to increasingly pay attention to situational awareness and Centers so we can even more effectively monitor threats andunderstand what’s happening inside their company. give clients greater situational awareness of what’s happening inside their organizations as well as the general externalIn the future, what do you anticipate happening in the world environment in which they operate. We are also introducingof cybersecurity? advanced cybersecurity tools and capabilities, such as iRisk, which will let clients assess risks to their information, includingVisner: First, I think threats will continue to become more their intellectual capital. We’re doing a lot. If people Googleintense. Global competition for business will include efforts to “cybersecurity” and “CSC,” they should say it looks likedevelop and acquire intellectual property. Therefore intellectual somebody’s trying to make a point, and we and intellectual capital — those things that set a 1company apart —will become more valuable than ever before For more information on identifying security risks in advanced metering infrastruc- ture and smart meter technologies, please visit the threat to them will rise. 2 “Digital Britain, The Final Report”:, threats will continue to become more adaptiveand subtle. Instead of knowing that a threat has a particularsignature or fingerprint, it will have a changing signature andset of fingerprints, becoming more difficult to detect.Third, attention to cybersecurity will rise. Savvier companiesrealize they need to protect their intellectual property. It won’tbe a question of compliance — it will be a question of survival.Today’s auto manufacturing environment is a good exampleof this where manufacturers are being questioned about theirparts’ origins and validity of their test data.Fourth, nations will increasingly cooperate to improve theglobal economy’s cybersecurity. They will do this to make itmore predictable and less susceptible to cyber terrorism andcyber vandalism, as well as protect the critical infrastructures of WINTER 2010 | CSC WORLD 9
  13. 13. by Jenny MangelsdorfToday’s cyber threats and crimes continue toescalate in sophistication and the danger theypose. Simultaneously, while organizations’ ITcontinues to spread outside the traditionalenterprise, businesses and the public continueto expect private information to stay private.For more than a decade, governmentsand corporations have turned to CSC’sStrikeForce team to determine their currentrisk, ensure their applications, networks, andprocesses comply with security guidelines,and discover if their systems are secure orhave been compromised.The need for StrikeForce is real. The listof companies worldwide that have beenaffected by cyber attacks reads like a Who’sWho. Just in the first quarter of 2010, morethan 325 million “attempts to infect users’computers in different countries around theworld were recorded” — a 26.8 percent jumpover the previous quarter, according to aKaspersky Lab report1. WINTER 2010 | CSC WORLD 11
  14. 14. Operational change increases challenges A complex risk picture Changes in how organizations operate compound the As executives use business requirements to drive their use of challenge. In the past, an executive’s main security concern information technology, one predominantly overlooked element revolved around disgruntled employees entering a building is data integrity, says Logsdon. By giving the salesforce laptops and accessing the company mainframe. As workforces become that contain client information, for example, businesses need more mobile, systems expand past their traditional enterprise, to consider the risk they’re introducing to their organization. and as applications, services, and storage move online and into If a laptop is stolen, can thieves use the data in it to blackmail the cloud, security issues become more complex. the company’s customers? That’s a simple example of what executives might consider when reviewing risk. The risk picture “Allowing workers to be mobile and use the cloud allows becomes complex when executives have to consider how their businesses to grow and become more flexible. However systems are connected to other organizations’ IT systems. this mobility and the move to the cloud means that in many instances they no longer have control of key elements of their “The logical boundaries of the corporate network are being infrastructure, or more importantly, their data,” says Graham pushed beyond what we traditionally consider them to be, Logsdon, deputy chief technology officer for CSC’s Security and more and more we see data being gobbled up with real Solutions organization. “And even though critical data assets malintent,” says Logsdon. no longer sit inside of the protected physical domain, they’re still responsible for protecting that data. The problem is made more complex by the fact that many organizations spend the bulk of their cybersecurity resources “This is a concern because in many instances their liability has securing operational data, leaving vulnerable small data sets increased today – a result of new government and industry that contain the organization’s truly valuable intellectual property. regulations pertaining to data loss and compromised data.” Organized cyber criminals This fact hit home last year for one major financial company As the corporate network evolves, the hacker profile has that discovered its systems were being hit by data thieves. also changed. Where cyber criminals used to be teenagers Executives also discovered that it was possible the thieves reading e-mails and posting embarrassing information on had been stealing data for more than a year. Since then, the bulletin boards – today’s criminals are increasingly state- corporation has entered into settlement agreements totaling sponsored or part of highly organized groups looking to more than $100 million. gather intelligence – an organization’s valuable intellectual property – or make money, Logsdon says. Stacking the Cyber Deck Just as a doctor aims to stack The first layer, called “Assured Systems of sensor information and security the deck in a patient’s favor by using and Content,” speaks to the need for events to develop a picture of what the appropriate medical tools, so are security as a primary consideration at security-related issues are happening executives looking to ensure their IT all levels of a network’s design — one within the network. The fourth layer, systems will win today’s increasingly that is appropriate to the risk profile. “National Cyber Response,” covers how complex cyber battles. To help guide For example, a consumer products public and private sectors can work these efforts, CSC has released a white retailer would not need the same level together to thwart cyber attacks. paper, called “The Security Stack — of security as a defense contractor. This A Model for Understanding the Cyberse- layer involves a developer’s activities in “The industry has not thought of curity We Need,” that suggests a architecting security and privacy as part security this way before,” says Solari, four-layer model to visualize today’s of an overall solution, whether it is the CSC vice president, Cyber Technology cybersecurity challenges and protect software code in an application or the and Services. “To protect systems, we systems against attacks. need to ensure that personal information need to think of security as comprised is encrypted. of these layers, and that all layers need Proposed by CSC cybersecurity experts to be present to gain a sufficient level of Carlos Solari, Dean Weber, and Victor The second layer, the “Integrated security in today’s environment.” Harrison, the interrelated layers provide Security Overlay,” defines the need Download the full white paper, an integrated framework to follow. The for security-specific technologies, like at paper also cites upcoming innovations firewalls, that span both networks to look for that will further strengthen an and applications, while the third layer, enterprise’s defenses. “Intelligence,” defines the correlation12 CSC WORLD | WINTER 2010
  15. 15. How data is being used by cyber criminals has also changed. example, manufacturers use it to link customer data,Having embarrassing information put up on a blog today is supply data, and manufacturing systems in an efficient network.the least of someone’s fears as it won’t potentially destroy Manufacturing loves wireless, but wireless can also let someonean organization — whereas losing customers’ credit card visiting on a sales call pull out a laptop, find a wireless hot spot,information or compromising stakeholder trust and brand and access sensitive information. We see it in retail, banking,integrity could. Losing a company’s product and service designs and aerospace and defense as well.”can also be fatal, and make an organization irrelevant in the faceof ruthless commercial competition. A unique cyber team It takes a unique individual to perform StrikeForce’s securityFor governments, the threat to the systems on which assessments. Before joining the team, prospective employeessovereign authority depends, cannot be overlooked. The complete a test where they have 24 hours to compromise a setsame is true for the information systems that a nation’s critical of systems and document their attempts. The StrikeForce teaminfrastructures use. then reviews their results to determine if the potential employee is qualified to become a member of CSC’s elite team.In the U.S. alone, a February 2010 U.S. Army report2 states,“Unprecedented levels of adverse activity in and through “Very few organizations have the quality of security professionalscyberspace threaten the integrity of United States critical we have,” says Logsdon. “We find we have instant credibilityinfrastructure, financial systems, and elements of national power. with customers based on the rare technical skill set our team has.”These threats range from unwitting hackers to nation-states,each at various levels of competence.” StrikeForce also provides and reviews with clients a compre- hensive executive report that shows what risks need to beAttacks grow in sophistication and risk addressed, in order of urgency, and how those risks couldNo longer worried about traditional malware, executives are affect the company’s operations, goals, and concerned about what Logsdon calls “advanced persistentthreats.” In this scenario, the attacker accesses data over a long “Customers experience immediate benefits from our reports,”period of time, gathers information about the data, and avoids says Logsdon. “They also like the fact that once StrikeForcedetection. Even if the hacker is detected, there’s no attribution identifies those risks and provides a remediation plan, CSCaround the breach. A business may eventually discover some- has the knowledge and capability to help fix those problems.thing fraudulent is taking place nine months to a year later after Because if you think about it, many times the reason they haveit’s been running on the network, as cited in the example above. those problems is because they don’t have the resources to dealAt that point, however, they don’t know what data has been with them. We do.”taken, how long it’s been there or who put it there. 1 Information Security Threats in the First Quarter 2010 by Kaspersky Lab;“Its discovery is like a Pandora’s Box of issues for an executive,” the_First_Quarter_of_2010says Logsdon. 2 U.S. Army’s Cyberspace Operations Concept Capability Plan 2016-2028, Feb. 22, 2010, organizations’ use of IT becomes less centralized andcyber crime becomes more sophisticated, CSC’s StrikeForceteam becomes increasingly valuable. Unique due to its long CSC’s Globallegacy and track record of helping secure systems, the teamoffers a full range of vulnerability assessment services, such ascode review. In fact, the StrikeForce team authors CSC’s secure StrikeForce Servicescoding guidelines. CSC’s StrikeForce provides assessment services“There are a lot of organizations that still have legacy code that evaluate an organization’s technical controls in orderand are very concerned about vulnerabilities,” says Logsdon. to provide visibility on the client’s current risk, threat, and“StrikeForce is a great place to start if they want to learn compliance profile. These assessments reveal vulnerabilitieswhere their vulnerabilities exist and in what priority they want that exist within an organization’s applications, networks,to address them.” or processes. StrikeForce’s services include: security archi- tecture design and review, wireless security assessments,CSC also performs wireless assessments to identify weak physical security assessments, technology compliancespots in an organization’s infrastructure. “We’ll go around a assessments, network and application-based penetrationcorporate campus to see if someone has set up a wireless testing, configuration assessments and audits, and networkaccess point that no one knew about. We see it every place. and host vulnerability assessments.Certain verticals are more interested in wireless access. For To learn more, visit or e-mail us at MANGELSDORF is a writer for CSC’s corporate office. WINTER 2010 | CSC WORLD 13
  16. 16. SECURING A U.N. CLIMATE by Jenny Mangelsdorf CONVENTION It could have been a scene from a Tom Clancy novel. Take representatives of 192 countries, mix strong feelings with serious economics and differing agendas, and it could have spelled disaster. It didn’t. Last year, CSC’s StrikeForce team was tasked to assess both physical and IT security used for the United Nations Framework Convention on Climate Change in Denmark. The conference’s goal: to reach a binding global climate agreement that would go into effect when the first commitment period under the Kyoto Protocol expires in 2012. Some 30,000 people, including 15,000 delegates, 7,500 media members, and 7,500 nongovernment participants attended the two-week conference. In addition, protestors, 2,000 of whom were arrested, joined as uninvited guests. Conference floor space, which spread across more than 60,000 square meters, was webbed with almost 1,000 kilometers of network cabling, 5,000 network end points, public and private voice and data networks, and a core network infrastructure that rivaled a large, permanent data center. A long legacy in security “CSC has a long legacy of successfully handling very complex security issues,” says Stephen Brennan, CSC StrikeForce regional lead in Australia. “In addition, CSC is the largest supplier of IT outsourcing to Denmark’s public sector and our14 CSC WORLD | WINTER 2010
  17. 17. Copenhagen data center is one of CSC’s largest. It was a Client: The Ministry of Foreign Affairs ofnatural step to ask us for help when it became clear, early on in Denmark and the United Nations Frameworkthe process, that they needed our StrikeForce team to assessthis very complex setup in a political arena with varied suppliers Convention on Climate Changeand participating parties.” Challenge: Conflicting security objectivesStrikeForce began work months before the December 2009conference, providing security assessment and testing of and technical challenges for the 15th Annualthe entire cyber and physical environment in which the U.N. Conferences of the Parties, attended by 30,000conference would take place. Risks ranged from espionage delegates, media representatives, and heads ofagainst participants to protecting privileged informationand infrastructure from outside groups pushing specific, and state from 192 countries.potentially disruptive, agendas. Danish police were responsiblepolice responsible for external security. Solution: Perform a distributed securityComplex distributed security assessment of the conference environment,During the project, StrikeForce worked with numerous including testing and validating more than fourparticipants, including government staff, such as heads of gigabits per second of Internet bandwidth,state, police, and intelligence services; U.N. staff; nongovern-ment organizations; media; and IT suppliers. CSC worked with 250 wireless access points, 20,000 ports, and aall participants to ensure the highest levels of security were core network infrastructure that rivaled a largeachieved across all areas, including straddling groups that permanent data center.worked independently, but whose actions could have affectedsecurity in adjacent areas. Results: A reduced real world threat profile,“One of the strengths of our distributed security assessments increased availability of key infrastructure andis that we could ensure that errors made in one domain did notcontaminate controls in adjacent domains, which was a real information systems, improved visibility ofpossibility, especially given the complexity of this conference security events historically and in real time,environment,” says Brennan. and a stronger overall security architectureFor example, if the wiring closets containing switching equip- and segregation between security zones.ment around the conference site weren’t sufficiently protectedwith physical security controls, it would have been easy for amalicious person to gain access to a trusted, secure network, Cyber reports and solutionsexplains Brennan. During the project, and after the conference was finished, we provided detailed assessment reports that identified securityProtecting highly sensitive data events as they happened and provided concrete solutions thatDuring the conference, United Nations staff and delegates would eliminate the potential for similar future events so theyaccessed voice and data, much of which would have been con- could be resolved before any damage occurred. CSC alsosidered highly sensitive, via internal trusted, external untrusted, provided a complete historical record of security eventsand semitrusted networks. During an event such as this, where enabling users to fully investigate any actions or events thathundreds of groups have different objectives and agendas, this led to a failure of one or more of the security controls.segregation not only becomes more important, but infinitelymore complex. Each contractor and service provider supporting specific elements of the conference’s infrastructure was responsibleEverything from voice communications to print jobs needed to for fixing any CSC StrikeForce identified threats or protected from adjacent third parties. Hackers could have CSC StrikeForce worked directly with each group to determineintercepted this traffic, says Brennan, by introducing a rogue the most effective and appropriate remediation plan based onaccess point masquerading as a legitimate wireless access point. the security objectives, time, and budget.“By introducing rogue access point detection technology, it “The most effective approach is not always to throw moneywas possible to not only identify rogue access points almost at a problem,” says Brennan. “In fact, not one of our findingsinstantly, but determine their physical location within the required the purchase of any additional system or software. Byconference site,” says Brennan. “Throughout the project, our focusing on the real business risks in the actual environment, wefindings and proposed mitigations increased the availability managed to have a conference without any IT security disaster.”of key infrastructure and information systems.” JENNY MANGELSDORF is a writer for CSC’s corporate office. WINTER 2010 | CSC WORLD 15
  18. 18. DIGITAL DETECTIVES FIGHT CYBERCRIME by Jim Battey The constant threat of network intrusions makes an already challenging job for technology managers even more difficult. CSC’s Digital Investigative Services (DIS) is a valuable resource for those looking to identify threats and mitigate network intrusions, as well as investigate other crimes facilitated by technology such as intellectual property theft or harassing e-mails.16 CSC WORLD | WINTER 2010
  19. 19. Investigating network incidents such as malware attacks isjust one of many services offered by the DIS team. We alsoprovide digital forensic analysis and litigation supportservices, along with data recovery, data collection, andelectronic discovery. When an incident occurs, our experiencedsecurity professionals respond quickly to analyze and containthe problem, and work closely with network managers todevelop a strategy for remediation.Persistent threatsValuable data in corporate information systems has becomea target of choice for malicious individuals and groups aroundthe globe. With a large increase in network intrusions takingplace, the need for digital forensic and investigative serviceshas grown significantly.No enterprise network is completely immune from intrusion.In recent years, companies have had to deal with advancedpersistent threats, or APTs, that are continuous attacksdirected at companies or governments intended to compromise Investigative work is performed either at the client’s site or atnetworks and infiltrate data. Increasingly, APTs are being used our computer forensic laboratory. By working collaborativelyby hackers for criminal purposes such as accessing classified with our information security professionals, we can identifyinformation and disrupting businesses. the components necessary to develop a solution that can be integrated with a company’s existing security architecture.Stephen Lewis, manager of CSC’s DIS team, says APTs are a bigthorn in the side of network managers. “It’s a growing problem. Legal and HR supportAttackers are getting into corporate networks and trying to In the area of litigation support, the DIS team uses legallyextract data out of the network. We come in and help identify accepted investigative methodologies and procedures thatthe threats and provide recommendations for remediation.” are supportable and repeatable. The digital forensics process involves a chain of custody that includes the collection,For example, to analyze a malware attack, the DIS team preservation, and analysis of data, while we create extensiveexamines the malicious code to assess its behavior and intend- supporting documentation that can be used in court. Lewised actions. Then, we attempt to identify its geographic origin says, “After reams of information are recovered in the forensicsand those involved in its creation. If needed, we can execute investigation, our experts are able to narrow it down to athe malicious code in a controlled setting to determine its relatively small amount of data that can be used by lawyerseffects. Finally, we provide strategies to help our clients deal at trial in practical and effective ways.”with the attack. The DIS team also gets involved in human resources-relatedIn a recent case, we were asked to help a company that investigations. For example, if employee misconduct is suspect-was concerned that their network had been infiltrated after ed or a corporate policy is violated, the team can assess anddetecting anomalies on several computers. The DIS team took document what violations occurred. This includes investigationsimages of the affected computers, and after analyzing them, of intellectual property theft, unauthorized access to classifieddetermined the type of malware that was used and what data, and computer misuse.damage it had inflicted on the system. “Based on our investiga-tion, we offered suggestions on how to remediate the damage Lewis says dealing with the bad guys remains a constant well as what steps they could take to secure their network “It’s a cat-and-mouse game. Anytime you find a way to stopfrom future attacks,” Lewis says. “We can identify all the com- one attack, they find a different way to come at you. You takepromised machines with a relatively high degree of confidence what you learn and try to strengthen your network to preventand stop the attackers’ ability to move within a network.” something like that from happening again. The key is finding a solution that is intelligent enough to not only stop what youA constant battle know about, but also stop what you don’t know.”Digital forensics is defined as the investigation and analysis forrecovering, authenticating, and analyzing electronic data to For more information,reconstruct events related to security incidents. CSC’s DIS helps visit investigate computer security incidents and main-tain compliance with legal requirements or regulatory agencies.JIM BATTEY is a writer for CSC’s corporate office. WINTER 2010 | CSC WORLD 17
  20. 20. 18 CSC WORLD | WINTER 2010
  21. 21. PROTECTINGYOURINDUSTRIALBASEWhether you’re a manufacturer of tanks, electronics, or toys, protecting by Jenny Mangelsdorfyour intellectual property in the digital age has become increasinglychallenging. Our global cybersecurity capabilities and distinction ofbeing the first IT company invited to join the U.S. Department ofDefense’s Defense Industrial Base (DIB) Program, gives us a uniqueperspective on protecting organizations from security threats.In the defense industry, manufacturers have built industry specific, may be nation-state specific ortheir companies with protections in place knowing type-of-business specific,” says David McCue, CSC’sthieves and spies would attempt continually to scale chief information officer.their walls and steal their secrets. The same hasbecome true in other industries, such as financial CSC has already applied that thinking to help itsservices and pharmaceuticals. clients improve security and decrease risk. This insight is also why the company was asked to joinStill other industries are just now feeling an the U.S. Department of Defense and other DIBescalating threat to their property. For example, Program members, who are collaborating incompanies who are not mainstream defense response to and to prevent third-party attemptscontractors, but provide government services as to attack network systems, and use lessonsa portion of their business, utilities, collaboration learned to better manage risk to critical networknetworks, even toy makers are looking to tighten infrastructures. Our experience will help the DIBtheir cybersecurity as thieves become increasingly Program secure the networks that key industriescapable of pulling together seemingly innocent data and national critical infrastructure depend upon.and compiling it to create insightful information foradversaries and competitors. “Our proactive approach to cybersecurity is based on a long history of serving and protecting both the“One of the things to think about is how do you take private and public sector,” says McCue.some of the lessons learned by companies who havegrown up protecting their data and leverage it asa horizontal concept across industries and sectorsin a way that’s applicable to your organization, and JENNY MANGELSDORF is a writer for CSC’sthen layer vertical silos on top of that that may be corporate office. WINTER 2010 | CSC WORLD 19
  22. 22. HEALTHCARE MEANINGFUL USE SITE BRINGS HEALTHCARE COMMUNITY TOGETHER by Chris Sapardanis More than half a billion people use Facebook and Twitter each are a very large organization, so the incentives are attractive to month. Lucy Molfetas isn’t one of them. The director of Clinical us, but I have many questions, and I’m trying to educate myself.” Systems at University of Pennsylvania Health System admits she’s not really into social media, but when it comes to work, Just as Facebook users check their News Feed throughout the she’s definitely open to learning. day, Molfetas checks in on the community often to see what’s new. “You really want to get every piece of information you Following the release of the final rule defining meaningful use of can and read the latest from across the country,” she says. “The an electronic health record (EHR) last July, Molfetas and more community is a very good tool. It has valuable information and than 1,000 others in the U.S. healthcare industry have connected gives you something to think about.” on CSC’s Meaningful Use Community, an interactive and educa- tional online community for learning about the subject. The Meaningful Use Community features the latest information about the federal government’s criteria for meaningful use. The 862-page final rule spells out what hospitals must do by It describes not only what provider organizations must do to October 2013 to achieve meaningful use of EHRs and be eligible achieve meaningful use, but also strategies for how to achieve for Medicare and Medicaid funds available in the 2009 Stimulus each of the objectives for hospitals, ambulatory facilities, and Package. eligible professionals. In 2009, University of Pennsylvania Health System (UPHS) Joining the conversation completed a gap analysis with CSC to assess the research and The community allows members to access a network of peers clinical care organization’s readiness for meaningful use based and experts to discuss opportunities, challenges, and best on the proposed rule. Now that the final rule is available, UPHS, practices related to achieving meaningful use. Members can ask like many hospitals nationwide, has begun working toward questions and start discussions with other healthcare profes- compliance. sionals and experts who have experience in implementing EHRs. “There’s really a great need for information on this topic,” says CSC’s community subject matter experts are knowledgeable Molfetas, who leads the meaningful use project at UPHS. “We in areas such as computerized physician order entry (CPOE), medication reconciliation, physician documentation, performance improvement, physician adoption, organizational change management, health information exchanges, certification, and Health Information Technology for Economic and Clinical Health (HITECH).20 CSC WORLD | WINTER 2010
  23. 23. The experts are well-versed in topics to engage members on JOIN THEand helps create a bridge from CSC’s established healthcarethought leadership footprint on and MEANINGFULother publications to the new collaborative social space. USE COMMUNITY“Our thought leadership helps people understand the bigger of how achieving meaningful use is important, but also Meaningful Use Community Objectives:how implementing EHRs correctly allows you to improve patient Learn how to quickly and correctly implement meaningfulsafety and care,” says Lisa Ragusa, director of marketing, CSC use of an electronic health record system to enhanceHealthcare. “The community is taking this thought leadership patient care and benefit from government incentives,to the next level by allowing people to interact with the experts Connect with others who have successfully implementedand their peers.” an electronic health record (EHR) for meaningful use, and Share information that helps others successfully imple-CSC’s Meaningful Use Community is designed for clinical, ment an EHR for meaningful use.administrative and technical executives; professionals; anddecision-makers from various health-related organizations atall stages of the EHR implementation process. many industry and global events. “We’re seeing a huge trend in the industry where it’s so easy to get information on socialMatt Mattox heads product development and marketing at platforms that sometimes what may be more trusted is whatAxial Exchange, which provides interoperability software for comes from one’s own network rather than from materialshospitals. While researching the different interpretations of a company might traditionally provide,” she says. “While thethe final rule, he joined the community and became involved Meaningful Use Community is very much a company-sponsoredin discussions. site, the value here is that healthcare providers can ask ques- tions, share best practices, and learn from other practitioners“We definitely wanted to get a sense of what the zeitgeist was who may be at other stages in their journey, which can reallyon meaningful use,” says Mattox, who wrote a 27-page summary help someone in a very practical way.of the final rule, and posted it to the community. “It’s beena great place to get a cross section of perspectives from “We’re realizing that our customers expect this type ofconsultants to providers to vendors like myself.” engagement, wanting the ability to not only co-create and ask the company questions directly, but also to ask and networkAs a consultant at a health insurance company, Naveen Rao with individuals like themselves,” Flanagan adds.came across the community while exploring how the meaningfuluse provisions would impact insurers and posted an open Increasingly, communities are becoming a core component inquestion to the site to learn from members and experts. a company’s business, marketing and social CRM strategy. An Altimeter report says “... the rapid adoption of social networks“I wasn’t sure if it was a topical question or not, but there has shifted the balance of power to the customer. Companies andwere people who were able to help me and direct me to some organizations have fallen behind in connecting with customers,resources,” he says. “On the site, you can tap into people’s areas and realize that they must find a way to at least participate inof expertise instead of just running a Google search and trying the conversation. Some still yearn to regain control of theto find answers on your own.” customer relationship. The reality – this is no longer possible.”2Socializing business and CRM Customer and prospect communities are one facet of CSC’sCompanies across all industries are increasingly turning to overall digital marketing and social business ecosystem. Thesocial business platforms like the Meaningful Use Community healthcare community joins other communities in an external-to build stronger relationships with customers. facing portfolio including WikonnecT (http://www.wikonnect. com/public/index.html), the largest social network in the financialA Forrester Research report states “Social Computing and services industry, and InTouch (,social media represent a new wave of energy sweeping through CSC’s new community for alumni. CSC also has an internalbusiness. “Social” holds out the promise of a customer-driven facing, employee-only model, one in which the voice of the customer 1influences business strategy and where corporate marketing The CIO’s Guide to Social Computing Leadership, by Nigel Fenwick, Forrester Research responds to customer needs.”1 ing_leadership/q/id/56391/t/2 2 Altimeter Report: The 18 Use Cases of Social CRM, The New Rules of RelationshipClaire Flanagan, director of CSC’s enterprise social collaboration Management communities strategy, speaks about social business at cases-of-social-crm-the-new-rules-of-relationship-management.htmlCHRIS SAPARDANIS is a senior writer for CSC’s corporate office. WINTER 2010 | CSC WORLD 21
  25. 25. HOSPITALTRANSFORMING CARE DELIVERY WITHE-HEALTH RECORDSby Chris SapardanisIt’s the beginning of staff nurse Mary Hill’s shift atFletcher Allen Health Care in Vermont. She confers with CLIENT: Fletcher Allen Health CareTamara Gomez, R.N., who is ending her shift. Together,they look at a computer monitor at a patient’s bedside. CHALLENGE: Improve hospitalMary is getting a complete view of the patient’s care operations and show meaningfulhistory. It’s all there – recent medications, vital signs, use of electronic health recordsallergies, test results, and more – on one screen. to qualify for payments from Medicare and Medicaid.The view is courtesy of an electronic health record system called Patient Record andInformation Systems Management (PRISM). The system, which uses application soft-ware by Epic, is putting this academic medical center on the map. By the end of 2010, SOLUTION: ImplementationFletcher Allen Health Care will be in the top 3 to 4 percent of healthcare organizations of Patient Record and Informationin the U.S. that have a fully integrated electronic health record (EHR) system. Systems Management (PRISM),As part of a clinical transformation project led by CSC, PRISM improves patient care, an electronic health record system.confidentiality, provider communications, and security, among other benefits, whileputting Fletcher Allen on the road to qualify for federal funding within PresidentObama’s healthcare reform plan. RESULTS: With PRISM, physician utilization for all orders was 96Under the American Recovery and Reinvestment Act of 2009, hospitals started to percent, near-miss medicationqualify for payments from Medicare and Medicaid in October 2010 for the successfulimplementation and use of EHRs. Hospitals that do not meet federal guidelines by events decreased 60 percent,2015 face reductions in Medicare reimbursements. daily fall assessments increased 20 percent, and 25 percentWith PRISM, Fletcher Allen’s inpatient operations are positioned to meet therequirements established for receiving incentives based on “meaningful use” of fewer patient charts needed toEHRs. Once fully implemented in December 2010, the system will serve all of be pulled.Fletcher Allen’s 45 facilities and clinics, including the approximately 1,100 providerswho are credentialed at Fletcher Allen.“We adopted an electronic health record to improve safety and quality of care forpatients,” says Sandra Dalton, senior vice president of Patient Care Services and chiefnursing officer at Fletcher Allen. “With CSC’s healthcare expertise and track record inclinical systems implementation and improvement, we have succeeded in completingthe first phase of our project on budget, on schedule, and in just 15 months. We hopeother hospitals are encouraged by our achievement.”Moving beyond paperPRISM has transformed clinical care delivery at Fletcher Allen from paper-basedprocesses to a fully electronic system. Since going live in June 2009, staff embracedthis new system after realizing the benefits. WINTER 2010 | CSC WORLD 23
  26. 26. Fletcher Allen By the Numbers CPOE decreases delays in order completion, reduces errors related to handwriting or transcription, allows order entry at point of care or offsite, and provides error checking for dupli- 122 cate or incorrect doses or tests. It also simplifies inventory and posting of charges. Other advantages of PRISM include Number of clinical transformation viewable medication and allergy lists, e-prescribing, clinical improvements PRISM teams designed documentation, and higher-quality reporting. Health informa- during the project tion exchange is also possible as is electronic submissions to 96% public health agencies and immunization registries. Computerized Physician Order Entry Transforming a clinical program CSC partnered with Fletcher Allen to complete the clinical utilization for all orders, including transformation side of the EHR project. We handled all the clinical medications process workflow for the 15-month implementation period, says 60% Jerry Howell, CSC’s client partner for Fletcher Allen. Decrease in near-miss medication “Usual implementation cycles for this type of project last 18 to events 36 months,” Howell says. “But we’re seeing more and more in 20% the industry that our clients want it done faster to meet all the ‘meaningful use’ dates and requirements.” Increase in daily fall assessments From a clinical point of view, CSC mapped out how Fletcher 25% Allen used technology, from medication management, work flow, users, and future states, to customize PRISM appropriately. Reduction in number of patient charts We also allocated the right amount of resources to build, test, needing to be pulled and bring the system to life, as well as provided additional personnel for training support. “Initially, the transition to PRISM was a huge culture change,” Besides the aggressive timeline, organizational change says Maureen Tremblay, nurse manager with Shepardson 4, management was a major hurdle. “The biggest challenge Fletcher Allen’s hematology and oncology unit. “But our staff healthcare organizations find when putting in CPOEs is really worked as a team to learn the new system. It’s a wonderful physician resistance,” Howell says. “This is not their normal tool that helps staff pull all the information they need to provide way of doing things. Fletcher Allen’s senior leadership the best possible care, right there at the patient’s bedside.” recognized that early in the process and participated in every stage of the project. They understood that challenge Prior to the implementation, most information at Fletcher Allen and did many interventions to prepare their medical team.” was written in one of two patient charts. In order to view all of the patient’s information, a nurse would have to locate the “Things are going very well,” says Dennis Woods, M.D., Inpatient charts – one on the door and the other that could be with a Rehab at Fletcher Allen. “We are finding more functionality as physician or another clinician. we get more comfortable with the system. In the long run, these aspects will save time. And already, we are seeing how we can PRISM went live initially in Fletcher Allen’s inpatient areas, enhance patient care by being able to have everything open at pharmacy and emergency departments, and a walk-in care once – charts, orders, vitals, etc.” center. CSC continues to offer IT consulting services during the second implementation taking place, which includes Training was also a major challenge because Fletcher Allen ambulatory clinics, Beacon Oncology, and MyChart – a decided to take a big-bang approach to going live. Basically, feature that allows patients to securely access portions of everyone in in-patient care roles needed to start using the their electronic health record via the Web. system at the same time. The system’s capabilities most notably include Computerized “They made a decision that they wanted everyone to use it Provider Order Entry (CPOE), a process where physicians, from Day 1 and they had the organization prepared to do that,” advanced practice nurses, and physicians’ assistants enter Howell adds. “They did a great job, but it was an incredible orders in the system at the point of care. These orders are challenge because you basically have to help everyone at the signed and transmitted through the network to departments same moment throughout the entire organization and still take responsible for fulfilling the order, such as pharmacy, laboratory, care of patients.” or radiology.24 CSC WORLD | WINTER 2010
  27. 27. Five Tips for a Successful EHR Implementation Every day, organizations embark on a journey to understand and use electronic 3 Involvement: In addition to doctors and nurses, organizations should involve therapists, pharmacists, di- eticians, and other providers who will use the EHRs. Feedback health records (EHR). The following tips from these participants should be collected before, during, compiled by Fletcher Allen Health Care and after the implementation process. They should also be and CSC will help ensure a smooth EHR included in the product selection committee, implementation implementation. team, and any other workgroups. For example, Fletcher Allen involved 30 clinicians in the EHR vision and vendor selection committee, and 2,500 employees in the program demos. 1 Leadership: A full and visible leadership commitment to 4 an EHR implementation is critical for success. Without Forecasting: An EHR implementation is complex and administrative and medical staff leaders taking the time to if you approach the project with limited resources, you participate in implementation efforts, the process is not will probably not succeed. When allocating resources, give going to work. At Fletcher Allen, senior leadership — including clinicians time to participate in planning meetings and imple- the chief information officer, chief medical officer, chief nurs- mentation efforts, provide resources for education to spread ing officer, and chief quality officer — devoted a significant the word about the program and its benefits, offer sufficient portion of their time to implementation planning meetings training to all users before implementation begins, and ensure and were present and visible during all events related to there is plenty of funding support during the project. EHR implementation. 2 Planning: The more planning done upfront, the less work there will be during implementation. Consider all 5 Preparation: The introduction of EHRs will likely change the way your employees work. This is intimidating and, if not addressed early, can lead to a lack of acceptance and aspects of the process, set realistic time frames, anticipate participation. To avoid this, senior leaders must prepare the possible roadblocks, and allow opportunity for feedback. organization for change. In addition to educating users on Many organizations don’t devote enough time to planning why EHRs are necessary and how to use them, sufficient and end up reworking things after implementation starts. support during implementation must be provided. Fletcher Spending the time upfront will allow you to gain user buy-in, Allen and CSC had 300 people and a help desk trained and identify potential stumbling points, and ensure the process available during the project to answer questions about the finishes on time and stays on budget. EHR program.Succeeding at a new model “The success of this project proves that EHRs can beFletcher Allen Pharmacy Director Karen McBride, R.Ph., says implemented quickly and effectively,” says Mark Roman,pharmacists have found several benefits to working in PRISM, president of CSC’s Healthcare Group. “The commitmentsuch as improved documentation of pharmacy intervention to of Fletcher Allen’s senior executive team, including theavert medication errors, an ability to view a complete overview medical staff leadership, was crucial to its completion.of a patient’s health history and current diagnosis, and better When combined with CSC’s clinical and technical expertise,educational opportunities as each pharmacist can pull his or her it enabled Fletcher Allen to rapidly move from a manualinterventional data and share it. process to an electronic system where nearly all medical orders are being entered automatically.”For example, Fletcher Allen Clinical Pharmacist Wes McMillian,a critical care specialist, uses his own intervention data todevelop a curriculum for residents coming through critical care. About Fletcher Allen Health CareThe data obtained through PRISM offers the opportunity to Fletcher Allen Health Care serves a dual role as Vermont’schange behaviors. Academic Medical Center, in partnership with the University of Vermont, and as a community hospital. The regionalWorking with the clinical planning group, pharmacy staff referral center provides advanced-level care to ap-is more clearly defining interventions into 37 categories, proximately one million people. It is also a training siteincluding dose change, drug change, medication reconciliation, for about 400 medical students, 550 nursing and alliednonformulary to formulary, and renal adjustment review. health students, and 280 residents in training.CHRIS SAPARDANIS is a senior writer for CSC’s corporate office. WINTER 2010 | CSC WORLD 25
  29. 29. Hospitals are keenly focused on Making improvementsimplementing electronic health record Enhancement/improvement was defined as a change that increased efficiency, safety, care quality, or streamlined(EHR) systems to capture and share communications. In completing the research, it became clearpatient information. In the U.S., the that some technologies provide benefits in multiple areas, asimplementation of certified EHRs that outlined in Table “meaningful use” criteria is the To demonstrate the matching of “improvement need” tohighest priority in the coming years. “technology use” in different situations, two technologies andThe incentives are substantial and the how they were used in specific hospital settings are profiledlong-term benefits to care providers for each Improvement Area.and patients are significant. Beyond Increasing efficienciesEHRs, however, there are a number of Efficiency improvements include more effective use oftechnologies that also enhance and resources and redesigned workflows that allow careimprove inpatient care. providers to spend less time on non-care related tasks. In the case of Catholic Health West in Nevada, a three-hospitalThis article describes examples of system, the implementation of a workflow managementthese technologies, all of which have system allowed them to consolidate management of inpatient flow, staffing, and bed placement to improvebeen successfully deployed as part of overall census (the number of patients staying at a hospital).an overall change initiative that includedprocess workflow redesigns. The informa- • Workflow management systems collect informationtion is taken from a larger research report, from multiple sources and integrate it into a single display that highlights key patient and bed management informa-titled “Equipped for Efficiency,” that CSC tion, such as room availability, patient wait times, roomsEmerging Practices created for the ready for cleaning, and key clinical data. All information isCalifornia Healthcare Foundation. displayed using color-coded icons overlaid onto an image of the nursing unit’s floor plan, or a patient or room list.Table 1. Selected Technologies and Improvement Areas IMPROVEMENT AREAS TECHNOLOGY EFFICIENCY SAFETY AND CARE DELIVERY COLLABORATION/ QUALITY ASSISTANCE COMMUNICATION Wireless communication solutions (including alarm/ event messaging) Real-time location systems Delivery robots Workflow management systems Wireless patient monitoring solutions Interactive patient systems WINTER 2010 | CSC WORLD 27