Patient risks grow when facilities underestimate IT

Almost every critical system rides on the central IT backbone, including building automation, fire monitoring, emergency power, refrigerators, water management and air management

By Bill Glass / Special to Healthcare Facilities Today


In today’s healthcare facilities, almost every critical system rides on the central IT backbone, including building automation, fire monitoring, emergency power, refrigerators, water management and air management.  In many ways, the data network itself has become a crucial facilities utility that’s needed to provide a safe, controlled, and comfortable environment of care.  As a result, facilities managers need a clear understanding of the crucial role those IT systems play in their locations’ performance, reliability and safety. When the facilities department doesn’t collaborate with IT, patients, staff, and visitors can be put at risk.

Reason #1: Patient safety

The first and most important reason we need to keep IT working in tandem with facilities is to avoid unsafe circumstances, such as inadvertently turning off a network used for fire suppression monitoring, which could result in death or injury. A second example could be the accidental powering-off of an infection control room, increasing patient risks and causing exposure to surrounding areas. 

Reason #2: Cyber risk

A trending topic of concern to healthcare boards and C-suite is the growing vulnerability of facilities to cyberattack. Although most network connected devices under the management of facilities do not contain as sensitive information as their connected medical equipment counterparts, they do represent an avenue for attackers and cyber terrorists to gain access to systems and data stores that contain sensitive data. Additionally, hackers may be able to access video monitoring/surveillance systems that may violate the privacy of their patients. Not properly mitigating the vulnerabilities and risks of these can lead to devastating shutdowns, expensive payouts (e.g. ransomware) or embarrassing media coverage.

Reason #3: The smart hospital trend

A positive aspect of the facilities/IT opportunity is the Smart Hospital trend, where facilities are optimizing, redesigning and building new clinical processes and management systems based on the newly available arrays of sensors and network connectivity. Smart Hospitals afford managers greater visibility and control, with single-screen monitoring of the status for all systems and clearly showing any critical or high priority alerts that need to be addressed. Through the power of machine learning engines, these systems give healthcare organizations the ability to save hundreds of thousands, if not millions, of dollars on more efficient use of utilities. For example, reducing heating/cooling when a particular area is not in use. Simply digitizing or making the healthcare facility paperless (although a great achievement) is a start, it is far from the true value of the Smart Hospital.

Reason #4: Compliance

While compliance may be viewed as a separate department, responsible for a healthcare facility’s overall position, both facilities and IT play a key role in credentialing. By collaborating across departments, organizations can ensure they perform proper ICRA/PICRA assessments and remediation activities to avoid placing the organization at risk of regulatory violations. When proper Interim Life Safety Measures (ILSM) aren’t planned and implemented, healthcare organizations are at risk of fines or sanctions from regulatory violations. 

These risks and opportunities all point to the need for partnership between facilities and IT managers, but what’s the best way to make that happen? We need to get each involved in decisions such as selecting packages, acquiring services, and sourcing equipment that need network resources.  If facilities managers are at the table with IT, the right questions will get asked, resulting in the right answers, leading to the implementation of correct, safe systems.  We suggest the following steps to make that happen:

Step 1: Acknowledge. Facilities managers need to accept that hospitals have moved into the connected world of networks and IoT devices. Facility departments need to transcend their previous stand-alone worldview, accepting and learning about technology and its benefits.

Step 2: Audit: While the IT dependencies of some systems are obvious, others may get overlooked. When assisting with audits, Accruent includes a wide range of systems including HVAC, refrigerators, fire alarm control panels, elevators, power systems, medical air compressor, medical vacuum pump, fuel oil storage tanks, emergency generators, chillers and boilers. And every one of them is connected to one or more IT systems, which should be documented, including their software, release level and currency of manufacturers support. Healthcare facility’s audit should clearly identify each system, documenting how it’s accessed and what IT resources it uses. It should be determined if operating systems are up to date, and if patch levels are current.

Step 3: Assess risk: To ensure security, facilities managers first need to know the risk profile of the current status, including the protection capabilities of each device or system, whether it’s on your property perimeter, reception area, emergency room, treatment wards, diagnostic departments or pharmacy. Many of the Health Facilities Management systems in these areas are accessible remotely, providing an avenue for network intrusions and equipment tampering. Risk assessments should address your level of compliance with the vendor’s recommended and documented access policies. Be sure to identify vulnerabilities from operating systems and network connections that could be used to access other network resources or allow entities to install ransom-ware on systems and threaten shutdowns. Assessment of your critical power chain should include switchgear and transformer, UPS and medium voltage systems to ensure your facility is an “always on” environment.

Step 4: Truly collaborate. Get IT involved in decisions involving packages, services, or equipment where network resources are needed. Together you can make sure you ask the right questions, get the right answers, and implement safe systems. Work with IT to understand their policies for foreign device and develop Standard Operating Procedures (SOPs) to properly secure these devices when they’re onboarded. Join with IT in system planning and insist your team is part of the IT change management processes to cover tough issues like downtime planning. Get IT up to speed on the regulatory needs when taking these systems offline or when changes need to be made to these devices, and ensure that your team is notified with enough advanced warning to properly complete your processes. Collaborating with IT to identify network resources, criticality, software, security, and accessibility allows for planning for downtime and increases communication to affected customers (healthcare staff).

This approach, all the way through true collaboration between facilities, biomedical and IT departments can span the entire facility, from power through the Internet of Medical Things to deliver better patient satisfaction, higher levels of operational efficiency and improvements in the clinical process of care. 

Bill Glass is Senior Vice President of Industry Solution Sales for Accruent. 

 



August 1, 2018


Topic Area: Information Technology


Recent Posts

Disinfectant Dispensers in Healthcare Facilities Often Fail to Deliver Safe Concentrations: Study

Study of 10 hospitals finds 90 percent have at least one dispenser delivering disinfectants at incorrect concentrations.


Duke University Health System Receives $50 Million for Proton Beam Therapy Center

The donation is the largest philanthropic gift received by Duke University Health System.


UT Southwestern Experiences Data Breach Through Calendar Tool

The incident occurred in October.


Protecting Patient Data: Strategies and Tactics

As cyber threats and breaches grow, healthcare organizations and facilities need a better approach to cybersecurity.


Duke Health to Acquire Lake Norman Regional Medical Center

The closing is projected for the first quarter of 2025.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.