William Grollier - CHU Nice - IT Governance in hospitals

1,042 views

Published on


as presented at TMAB eHealth Congress 2010

Published in: Health & Medicine
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,042
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
25
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

William Grollier - CHU Nice - IT Governance in hospitals

  1. 1. IT governance and monitoring of operational and legal risks in hospitals Mr. William Grollier, IT Systems & Security Officer, CHU (University Hospital Center) - Nice, France.
  2. 2. Agenda CHU-Nice in a nutshell IT governance and risks management principles IT governance monitoring initiatives @ work Solution benefits Deployment phases and next steps
  3. 3. Agenda CHU-Nice in a nutshell IT governance and risks management principles IT governance monitoring initiatives @ work Solution benefits Deployment phases and next steps
  4. 4. Nice CHU in a nutshell 22 departments 5 hospitals 1.700 beds ~60.000 patients hospitalized per year, ~180.000 visits per year 8.000 employees 240 servers and 3700 workstations running 100 healthcare applications
  5. 5. Agenda CHU-Nice in a nutshell IT governance and risks management principles IT governance monitoring initiatives @ work Solution benefits Deployment phases and next steps
  6. 6. Founding principles behind IT governance and risks management • The legal risk is the consequence of operational risk Legal • The operational risk is more and more induced by IT risksOperational • IT risks strongly relate to: • The availability and the performance of IT systems • The integrity and the confidentiality of data IT • The compliance with IT standards and policies
  7. 7. • Legal obligations Legal Risk • Hospital Authority responsibilities • Financial impact Ops Risk• Services interoperability• Diagnostic reliability• Data corruption and leakage• Procedures Efficiency IT Risk • Poorly managed H/W, S/W infrastructure • Weak protection and non compliant behaviors • Heterogeneity of HC applications • HC IT services unavailability
  8. 8. Poorly managed H/W S/W infrastructure IT impact Operational Management Impact Impact•Waste of time •Non interoperability •Poor ROI of existing infrastructure•Complexity •Poor QoS •Additional•Disruption due to management costsunwanted applications Requirement : Continuously monitor the PC standardization compliance
  9. 9. Weak protection and non compliant behaviors IT impact Operational Management Impact Impact•Disruption •Data •Penal impact •Corrupted•Time wasted •Loss •Reputation •Cannot be accessed•Repair cost or updated •Financial loss •Information leakage Requirement : Continuously monitor the security policy compliance
  10. 10. Heterogeneity of the HC applications Management IT impact Operational Impact Impact•Expensive maintenance • Non interoperable • Penal responsibility versions•Application malfunctioning • Reputation •Data corruption•QoS degradation • Cost and poor ROI •Wrong diagnostics Requirement : Continuously monitor the HC applications compliance level
  11. 11. HC IT service unavailability Operational Management IT impact Impact Impact•Malfunctioning • Data unavailable •Penal consequencesapplications • Unaccessible images •Reputation•Poor availaility andperformnance • Corrupted diagnostic •Poor ROI•Saturated bandwidth • Systems inefficiency Requirement : Continuously monitor the Quality of Services and users impact
  12. 12. Approach 90% of incidents have internal 20% of basic good origin practices resolve 80% of the Security and Qos problems are a matter of proper governance, competences and taking control rather than a matter of means
  13. 13. Agenda CHU-Nice in a nutshell IT governance and risks management principles IT governance monitoring initiatives @ work Solution benefits Deployment phases and next steps
  14. 14. IT governance monitoring @ work PC standardization compliance Security policy effectiveness HC applications compliance level Quality of Service and user support
  15. 15. Well managed H/W S/W infrastructure PC standardization compliance monitoring
  16. 16. Well managed H/W S/W infrastructure PC standardization compliance monitoring
  17. 17. Well managed H/W S/W infrastructure PC standardization compliance monitoring
  18. 18. Well managed H/W S/W infrastructure PC standardization compliance monitoring
  19. 19. Strong protection and compliant behaviors Security policy compliance and effectiveness monitoring
  20. 20. Strong protection and compliant behaviors Security policy compliance and effectiveness monitoring
  21. 21. Strong protection and compliant behaviors Security policy compliance and effectiveness monitoring
  22. 22. Shared or stolen user code identification (1/3) Security policy compliance and effectiveness monitoring
  23. 23. User codes connected on several machinesover a period of 30 minutes (2/3)Security policy compliance and effectiveness monitoring
  24. 24. User codes connected simultaneously on several machines (3/3)Security policy compliance and effectiveness monitoring
  25. 25. HC IT services availability Quality of Service monitoring
  26. 26. HC IT services availability Quality of Service monitoring
  27. 27. HC IT services availability Quality of Service monitoring
  28. 28. HC IT services availability Quality of Service monitoring
  29. 29. HC IT services availability Quality of Service monitoring
  30. 30. HC IT Services Support
  31. 31. Dynamic workstation monitoringTroubleshoting (1/3)
  32. 32. Dynamic workstation monitoringTroubelshooting (2/3)
  33. 33. Dynamic workstation monitoringTroubleshooting (3/3) Program installed at 6:00 AM - New binary detected
  34. 34. Suspicious exe searches - query
  35. 35. Identified binaries executed over a periodof time (retrieve Hash codes from library)
  36. 36. Comparing binaries’s signature usingNEXThink library
  37. 37. Detection of system32.exe, Version 0.0.0.0, Ranfrom a USB
  38. 38. Monitoring IT risks governancedrastically reduces ops and legal risksLegal• The legal risk is the consequence of operational risk Operational • The operational risk is more and more induced by IT risk IT risks • Availability and the performance of IT systems • Integrity and the confidentiality of data • Compliance with IT standards and policy
  39. 39. HC IT Services Governance Life Cycle Assess gap Execute Monitor to against and Monitor Maintain on target and progress to target plan action reach target •Risk Detection and Security Compliance •World class Quality of Service and Support •Cost effective HC infrastructure maintenance
  40. 40. Agenda CHU-Nice in a nutshell IT governance and risks management principles IT governance monitoring initiatives @ work Solution benefits Deployment phases and next steps
  41. 41. Solution benefits  IT  Cost of ownership: super fast deployment, lightweight, zero coding  Non intrusive, zero infrastructure performance impact  360°IT governance in one unified environment  On Demand diagnosis  OOTB, Investigation, Reporting, Alerting, Library  Extensible to backend monitoring solutions  Operations and Management  G.R.C.: desktop configuration and usage compliance  World class support / user satisfaction  360°view over the QoS / impact analyses in real time  Financial: infrastructure rationalization based on real usage  Consistent PMSI repo** http://fr.wikipedia.org/wiki/Programme_de_m%C3%A9dicalisation_des_syst%C3%A8mes_d%27information
  42. 42. Agenda CHU-Nice in a nutshell IT governance and risks management principles IT governance monitoring initiatives @ work Solution benefits Deployment phases and next steps
  43. 43. Project phases End point Assessment Baseline (evaluation)  Installation and deployment: 1 day  Information collection: 3 weeks without work  Configuration: 2 days Full deployment  New dashboards creation and deployment  Reporting and alerting NEXT Steps  New dashboards, reports, alerts  Integration to backend monitoring platforms to enable end-to-end monitoring
  44. 44. Thank you!Contact:Francois D’Haegeleerfrancois.dhaegeleer@nexthink.com+33 6 14 10 04 91

×