Market competition gives way to benefits of cooperation: rival hospitals in the greater Cincinnati area unite to share clinical information via an SSL VPN and to improve patient care
In 1997, 18 competing hospitals in the greater Cincinnati area met to discuss the development of a digital healthcare Internet service provider (ISP) called HealthBridge. Their goal: build a single communications infrastructure enabling interactive collaboration among their facilities to improve overall patient care quality, while reducing each site's redundant information technology services and corresponding support costs. Once HealthBridge was implemented, member hospitals could reap significant savings on group technology purchases, avoiding duplicate connectivity and the need for a physician to have remote access capabilities at each site.
As the Cincinnati healthcare community's ISP, HealthBridge evolved into a shared, secure private network. Its board of directors consists of participating hospitals' CIOs, although the Greater Cincinnati Health Council has some oversight over HealthBridge.
Currently, approximately 7,000 member physicians from The Health Alliance, Mercy Health Partners, TriHealth, Cincinnati Children's Hospital Medical Center, St. Elizabeth Medical Center, The Drake Center and other labs, transcription services and surgery centers can access HealthBridge. It provides state-of-the-art technologies and secure IT services, including immediate, easy access to patient information kept by member hospitals, as well as about 30 clinical information systems.
"I've never been part of an organization where groups of competitors sat around a table constantly doing the right thing for their community," says Rodney Cain, CTO of HealthBridge.
Challenges Early On
HealthBridge's primary focus is on anytime, anywhere connectivity for authorized physicians and their staffs. Its infrastructure includes T-1, native 10 MBps Ethernet, DSL and cable moderns--connecting all member hospitals, physicians and nursing homes to the secure HealthBridge Web portal. The portal provides remote access to clinical systems, including hospital information systems, lab systems, scheduling applications, fetal heart monitors, hospital-based electronic medical records, electronic chart completion and radiology images.
In May 2001, HealthBridge deployed its first remote access solution, based on IPsec technology, using a Cisco 3000 Concentrator virtual private network (VPN). However, the IPsec VPN generated significant IT process issues for HealthBridge. The VPN required its client software to be loaded on user PCs that accessed the network, and installation be came a problem for most users. Contacting physicians and installing the software on their PCs was instrusive, and training them to use and accept the IPsec VPN process--along with their RSA Security Inc. SecurID authentication tokens and digital certificates--was another challenge. This hindered user adoption of the Web portal, leading HealthBridge to research alternative remote access solutions in October 2003.
A Clientless Solution Emerges
After lessons learned with the IPsec VPN, HealthBridge set out with specific goals for a new remote access solution. The replacement clearly had to eliminate the need for installation of client device software. The IPsec VPN did not allow for access controls for external and internal users by user name, or detailed auditing and reporting capabilities--critical elements to enable compliance with HIPAA regulations. Also, the new solution had to accommodate legacy applications, including small mainframes, and middleware such as Citrix Systems products.
After a thorough evaluation of a then-new VPN technology that used Secure Sockets Layer (SSL), HealthBridge selected the NetScreen-SA 5000 by Juniper Networks Inc., Sunnyvale, Calif., in December 2003. The SSL VPN uses a hardened network appliance that leverages the benefits of secure access over the Internet, as do traditional technologies such as remote access IPsec VPNs and extranets, but does so in a more secure and less complex manner.
Unlike IPsec VPNs, SSL VPNs do not require installation of client software. NetScreen-SA 5000 uses the SSL security protocol round in common Web browsers for controlled access. The SSL VPN appliance also eliminates the need to secure or harden servers, or to make changes to existing infrastructure, as with extranets. The result ix a cost-effective remote access solution that features easy deployment and simple operation for users. HealthBridge rolled out its SSL VPN-based remote access capability to authorized users in April 2004.
Now, with NetScreen-SA 5000 deployed, HealthBridge users simply launch a Web browser on any Internet-connected computer, then direct the browser to the HealthBridge portal. After login and authentication, users gain access to all applications for which they are authorized, just as if they were in the hospital using its LAN.
Access to Sensitive Data
"It's a huge advantage to us in having both external and internal users login to the SSL VPN appliance," Cain says. "We can control their network and application access at a much finer level than with IPsec technology. The SSL VPN is the ultimate gatekeeper, acting as HealthBridge's front door."
Access control capabilities are critically important to the HealthBridge service. The SSL VPN's access privilege management components provide IT personnel with flexibility in defining authentication and authorization policies for various users, even distinct subgroups within the 18 member hospitals. This enables HealthBridge administrators to provision remote access by need or purpose for each physician and his staff, ensuring compliance with HIPAA security policies and requirements.
"The SSL VPN is the first technology we have round that provides the level of remote access security necessary for the sensitive nature of healthcare data, as well as the flexibility and ease of administration necessary for managing a diverse network," Cain says. "Its auditing capabilities log every user and their actions. With our previous system, we could see only some users connected on the system using the IP address as the identifier. Now, with the SSL VPN, we'll always be able to trace things back to an actual person, which is vitally important for us from a security perspective and a customer perspective."
The SSL VPN deployment, with its anytime, anywhere access, links participating physicians to HealthBridge's communitywide clinical messaging system. The combination of the 30 clinical systems is the country's largest communitywide clinical messaging system that electronically sends 6 million lab, radiology and transcribed reports to physicians and nursing homes.
"Because of HealthBridge and its SSL VPN access, the physicians have benefited from an operational process and practical cost aspect," says Rodney Reider, president and CEO of Mercy Hospital Mt. Airy in Cincinnati. "They can pull up results from the system anytime. They no longer must track down faxes or make phone calls to get patient results, and, best of all, they can electronically share information with staff. Communication has greatly improved and become much faster across Mercy Hospital Mt. Airy, improving patient care in the process."
Through the SSL VPN, the network of hospitals, nursing homes and their physicians can access clinical reports from one portal, rather than having to search numerous proprietary portals. This single point of en try into the system has promoted comprehensive collaboration between facilities. Physicians can add notes into clinical reports to ensure that other physicians reviewing patient results understand the treating physician's diagnosis or findings.
"Clinical systems didn't talk to each other. They weren't connected, and there was no centralized access point for physicians. By bringing all the clinical systems together, HealthBridge becomes the conduit for obtaining patient test and lab results," Reider says. "We believe there are many untapped possibilities for Mercy Hospital Mt. Airy, which we envision growing from securely accessing patient data remotely to accessing other critical, lifesaving applications."
Another benefit of the SSL VPN is that physicians can communicate electronically with staff and other physicians across the healthcare community. For example, in the past, radiology images could be viewed electronically only on a computer workstation at the hospital, requiring physicians to be on site to diagnose the patient's results. With the SSL VPN, physicians can connect to the HealthBridge portal to review radiology images from the office, home or another hospital, saving them a trip.