Working in healthcare technology is about as exciting as IT gets. Between the rapid evolution in healthcare technology and the increase in cyber threats, there has never been a sector with a greater need to balance effective governance with lean but agile delivery of new technologies.
You might have noticed that most of us now carry or wear devices capable of accurately measuring our physical activity, heart rate, blood oxygen levels and more. Most of us wear these for fun or to help promote a healthier lifestyle. However, have you ever stopped to consider the consequences if critical technologies in clinical environments were not functioning or became unavailable when they were needed?
Just how much care has to go into designing, developing and delivering a modern pacemaker? How robust does a pharmacy software system need to be to help ensure that nobody is given the wrong prescription due to the technology?
Managing information technology in clinical environments is somewhat different to other environments because the consequences of errors can be much greater. It may seem overly dramatic to state that people sometimes die when clinical technology does not function as it should or when it should, but that is the reality. It’s a statistical fact measured by various regulatory agencies around the world.
Just what are the potential consequences if a hospital has its vital systems taken down by ransomware or any other form of cyber attack?
To find out how different the governance of enterprise information technology (GEIT) in clinical environments can be, ISACA recently commissioned a new paper on clinical GEIT. It aims to provide ISACA members with a concise introduction to this topic.
What can you expect to learn if you read this new ISACA paper? GEIT for Health Care aims to provide an overview of the principles behind the key regulations and standards that the management of a clinical environment often has to consider. After all, clinical environments can be dealing with life critical equipment, highly sensitive medical information and even financial transactions. That means these environments can find their governance needing to efficiently comply with clinical, financial and privacy regulations, sometimes within a single system.
For example, remember that pharmacy system? That could easily be required to manage the prescription of life critical drugs, the personal details of the people they are prescribed to and the financial information required to take payments.
All clinical technologies are expected to be fit for their intended purpose. The paper includes a summary of the principles of Good Clinical Practice (GCP) – the rules that help to ensure processes and technologies are appropriate. It also looks at how the use of electronic signatures is regulated, as well as efficiency tips on how some organizations manage their governance model.
How do the small clinical environments cope? Well, they mostly buy in commoditized technologies that are designed to meet the required standards. The more a clinical environment develops, designs and utilizes technology innovatively, the greater the amount of due diligence required to ensure those technologies are fit for purpose.
The ISACA paper can also be useful for people working in other highly regulated environments. It provides some valuable insight for all ISACA members into just how complex and sensitive some IT environments can be. The clinical GEIT publication also sets out to demonstrate how a controlled and efficient approach, using policies and procedures, is a fundamental requirement to effective compliance in highly regulated environments.
Many people fear the complexity of environments where large amounts of regulation exist. The reality is that by applying a structured but efficient governance model, regulatory standards can be met with far more efficiency than you might think. After all, the difference between the controls we use for safe financial processing and for managing human health are more closely related than you might think.
If you want to find out the basics of how to manage the governance of enterprise information technology in clinical environments, this new ISACA guidance is well worth a read (and I’d say that even if I weren’t the author).