By Joseph Fishel, CBET, MBA
My great-grandfather was born unable to hear. In those days, he was referred to as deaf and dumb. During his life, he was able to find work at Bethlehem Steel in Steelton, Pennsylvania. His job was to run a stamp mill where a hot piece of steel rod was inserted into the stamp mill and formed into steel rivets. This was a very noisy operation, but his handicap was a benefit in this position. Being able to speak sign language in a noisy environment had its advantages. These rivets were then shipped to San Francisco where they were used to join the girders that created the Golden Gate Bridge. A small contribution, but without the rivets the bridge couldn’t have been built.
What does this have to do with cybersecurity you ask? I have had to build bridges with different groups in the IS/IT arena to include cybersecurity, networking, applications, office of general council and the list of groups goes on. Because there was no real communication it was often assumed that the healthcare technology management (HTM) group wasn’t knowledgeable about networking. The lack of the HTM’s involvement gave a false impression.
Where to start? What I found was that in a large enterprise the IS side of the house didn’t know who to go to and often went to the local HTM site technician who very often wasn’t the right person. To the IS/IT group a biomed was a biomed. They didn’t understand that imaging was a different group within HTM and that we had specialists for MRIs and CTs as well as for different manufacturers. To start getting the right people involved, we designated one HTM manager as the go-to person for all IS/IT questions. That was me.
I found that I needed to educate the IS/IT project managers on how to engage the HTM department. I set up a meeting that all project managers attended and showed them how our organizational chart worked. Many were surprised that the people they were contacting had nothing to do with the areas they were contacting them about. Also, it explained the lack of engagement. If it was Tech A’s area and Tech B was being contacted the IS/IT team felt they were being sidetracked. In reality, they were being directed to the person responsible for the area. Again, they didn’t understand that a project that covered several hospitals meant different teams. In their model, a team is assigned to the project and that’s all they do.
I found that the HTM group often was not involved in project planning and were not notified of enterprise or local changes that often affected medical devices in a negative way. I found that there was an enterprise architecture team that looked at proposed projects and evaluated them for compliance with enterprise standards. It also looked at duplication of services or applications that the enterprise already had a standard for. I asked to join this group to present the HTM side. Asking questions of how this would affect biomedical equipment all of a sudden brought issues to the forefront. The medical equipment issues were never addressed before because no one was at the table to present them. IS/IT is often only 3 to 4 years behind on operating systems, yet the medical devices were often 8 to 12 years behind. I found that the IS/IT teams were often unaware of the cost of new devices and that “buying” a new one wasn’t going to solve the problem. The new one was often 3 to 5 years behind current operating systems and cost $1 million to $3 million.
I also had issues where changes/upgrades were made to applications without my knowledge. To get the inside knowledge about what changes were being made I found that the requests for changes were going through a Change Advisory Board (CAB). I found that I could ask questions such as: What day was this occurring? What time of day? How long would things be down? What was their back up plan should something not work? What sites would be affected? What application would be affected? Once I started asking these questions, I was able to relate the affect on the clinical side should things fail. The board started seeing the other side and how changes could affect patient care.
Several years ago, when cybersecurity started to become a hot topic assigning the HTM manager as the go to person assisted in keeping things aligned with enterprise standards and upcoming changes. We were able to use the established communication with the IS/IT teams to pull different areas together into a conjoined program.
So, what helped me bridge the gaps? Communication and education were the main things that helped me build the bridge between my HTM department and the IS/IT team. Often the IS/IT team members had questions about medical equipment. I took the stance that there were no dumb questions. I told them that if they had a question they should ask me and I would get them an answer. Answering questions for the IS/IT team was like my great-grandfather’s rivets. It was not anything big, but it built bridges.
Joseph “Joe” Fishel, CBET, MBA, is a Nuvolo Business Process Consultant, Healthcare IT Leaders LLC. The views expressed here are those of the author and do not necessarily represent or reflect the views of TechNation or MD Publishing.