William Grollier - CHU Nice - IT Governance in hospitals

  • 809 views
Uploaded on


as presented at TMAB eHealth Congress 2010

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
809
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
20
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. IT governance and monitoring of operational and legal risks in hospitals Mr. William Grollier, IT Systems & Security Officer, CHU (University Hospital Center) - Nice, France.
  • 2. Agenda CHU-Nice in a nutshell IT governance and risks management principles IT governance monitoring initiatives @ work Solution benefits Deployment phases and next steps
  • 3. Agenda CHU-Nice in a nutshell IT governance and risks management principles IT governance monitoring initiatives @ work Solution benefits Deployment phases and next steps
  • 4. Nice CHU in a nutshell 22 departments 5 hospitals 1.700 beds ~60.000 patients hospitalized per year, ~180.000 visits per year 8.000 employees 240 servers and 3700 workstations running 100 healthcare applications
  • 5. Agenda CHU-Nice in a nutshell IT governance and risks management principles IT governance monitoring initiatives @ work Solution benefits Deployment phases and next steps
  • 6. Founding principles behind IT governance and risks management • The legal risk is the consequence of operational risk Legal • The operational risk is more and more induced by IT risksOperational • IT risks strongly relate to: • The availability and the performance of IT systems • The integrity and the confidentiality of data IT • The compliance with IT standards and policies
  • 7. • Legal obligations Legal Risk • Hospital Authority responsibilities • Financial impact Ops Risk• Services interoperability• Diagnostic reliability• Data corruption and leakage• Procedures Efficiency IT Risk • Poorly managed H/W, S/W infrastructure • Weak protection and non compliant behaviors • Heterogeneity of HC applications • HC IT services unavailability
  • 8. Poorly managed H/W S/W infrastructure IT impact Operational Management Impact Impact•Waste of time •Non interoperability •Poor ROI of existing infrastructure•Complexity •Poor QoS •Additional•Disruption due to management costsunwanted applications Requirement : Continuously monitor the PC standardization compliance
  • 9. Weak protection and non compliant behaviors IT impact Operational Management Impact Impact•Disruption •Data •Penal impact •Corrupted•Time wasted •Loss •Reputation •Cannot be accessed•Repair cost or updated •Financial loss •Information leakage Requirement : Continuously monitor the security policy compliance
  • 10. Heterogeneity of the HC applications Management IT impact Operational Impact Impact•Expensive maintenance • Non interoperable • Penal responsibility versions•Application malfunctioning • Reputation •Data corruption•QoS degradation • Cost and poor ROI •Wrong diagnostics Requirement : Continuously monitor the HC applications compliance level
  • 11. HC IT service unavailability Operational Management IT impact Impact Impact•Malfunctioning • Data unavailable •Penal consequencesapplications • Unaccessible images •Reputation•Poor availaility andperformnance • Corrupted diagnostic •Poor ROI•Saturated bandwidth • Systems inefficiency Requirement : Continuously monitor the Quality of Services and users impact
  • 12. Approach 90% of incidents have internal 20% of basic good origin practices resolve 80% of the Security and Qos problems are a matter of proper governance, competences and taking control rather than a matter of means
  • 13. Agenda CHU-Nice in a nutshell IT governance and risks management principles IT governance monitoring initiatives @ work Solution benefits Deployment phases and next steps
  • 14. IT governance monitoring @ work PC standardization compliance Security policy effectiveness HC applications compliance level Quality of Service and user support
  • 15. Well managed H/W S/W infrastructure PC standardization compliance monitoring
  • 16. Well managed H/W S/W infrastructure PC standardization compliance monitoring
  • 17. Well managed H/W S/W infrastructure PC standardization compliance monitoring
  • 18. Well managed H/W S/W infrastructure PC standardization compliance monitoring
  • 19. Strong protection and compliant behaviors Security policy compliance and effectiveness monitoring
  • 20. Strong protection and compliant behaviors Security policy compliance and effectiveness monitoring
  • 21. Strong protection and compliant behaviors Security policy compliance and effectiveness monitoring
  • 22. Shared or stolen user code identification (1/3) Security policy compliance and effectiveness monitoring
  • 23. User codes connected on several machinesover a period of 30 minutes (2/3)Security policy compliance and effectiveness monitoring
  • 24. User codes connected simultaneously on several machines (3/3)Security policy compliance and effectiveness monitoring
  • 25. HC IT services availability Quality of Service monitoring
  • 26. HC IT services availability Quality of Service monitoring
  • 27. HC IT services availability Quality of Service monitoring
  • 28. HC IT services availability Quality of Service monitoring
  • 29. HC IT services availability Quality of Service monitoring
  • 30. HC IT Services Support
  • 31. Dynamic workstation monitoringTroubleshoting (1/3)
  • 32. Dynamic workstation monitoringTroubelshooting (2/3)
  • 33. Dynamic workstation monitoringTroubleshooting (3/3) Program installed at 6:00 AM - New binary detected
  • 34. Suspicious exe searches - query
  • 35. Identified binaries executed over a periodof time (retrieve Hash codes from library)
  • 36. Comparing binaries’s signature usingNEXThink library
  • 37. Detection of system32.exe, Version 0.0.0.0, Ranfrom a USB
  • 38. Monitoring IT risks governancedrastically reduces ops and legal risksLegal• The legal risk is the consequence of operational risk Operational • The operational risk is more and more induced by IT risk IT risks • Availability and the performance of IT systems • Integrity and the confidentiality of data • Compliance with IT standards and policy
  • 39. HC IT Services Governance Life Cycle Assess gap Execute Monitor to against and Monitor Maintain on target and progress to target plan action reach target •Risk Detection and Security Compliance •World class Quality of Service and Support •Cost effective HC infrastructure maintenance
  • 40. Agenda CHU-Nice in a nutshell IT governance and risks management principles IT governance monitoring initiatives @ work Solution benefits Deployment phases and next steps
  • 41. Solution benefits  IT  Cost of ownership: super fast deployment, lightweight, zero coding  Non intrusive, zero infrastructure performance impact  360°IT governance in one unified environment  On Demand diagnosis  OOTB, Investigation, Reporting, Alerting, Library  Extensible to backend monitoring solutions  Operations and Management  G.R.C.: desktop configuration and usage compliance  World class support / user satisfaction  360°view over the QoS / impact analyses in real time  Financial: infrastructure rationalization based on real usage  Consistent PMSI repo** http://fr.wikipedia.org/wiki/Programme_de_m%C3%A9dicalisation_des_syst%C3%A8mes_d%27information
  • 42. Agenda CHU-Nice in a nutshell IT governance and risks management principles IT governance monitoring initiatives @ work Solution benefits Deployment phases and next steps
  • 43. Project phases End point Assessment Baseline (evaluation)  Installation and deployment: 1 day  Information collection: 3 weeks without work  Configuration: 2 days Full deployment  New dashboards creation and deployment  Reporting and alerting NEXT Steps  New dashboards, reports, alerts  Integration to backend monitoring platforms to enable end-to-end monitoring
  • 44. Thank you!Contact:Francois D’Haegeleerfrancois.dhaegeleer@nexthink.com+33 6 14 10 04 91