UW Health takes safeguarding patient data to the next level

Paper medical charts have long since gone the way of the dodo. With electronic medical records now the firmly entrenched norm, it’s imperative for health systems to ensure their patient data is not only secure, but also readily available and compliant with all regulatory requirements.

It’s a big reason why more and more health systems are opting to contract with third party data centers to house important patient medical information, allowing hospitals and clinics to focus resources on patient care while the IT experts handle sensitive data.

OneNeck It Solutions' new Madison area Tier 3 data center.

UW Health is the latest local health system to go the co-location route, partnering with OneNeck IT Solutions, a wholly owned subsidiary of Madison-based TDS Telecom to house its patient data at OneNeck’s new local Tier 3 data center.

“Shifting our data center asset management to OneNeck will allow our IT professionals to really focus on pure IT,” says Matt Heign, vice president and CTO of information services at UW Health. “First and foremost, our team will concentrate on IT efforts that directly improve patient care. Second, yet equally important, our team will shift its focus to the entire IT ecosystem and service delivery.”

Heign joined UW Health in September 2015 and made it a priority to analyze whether the organization would be better off building a new data center or co-locating with a proven provider. After thorough analysis, the conclusion was to co-locate.

“Together, we developed a data center solution that helps UW Health free up capital and human resources,” says Terry Swanson, senior vice president of sales and marketing at OneNeck. “This allows UW Health to redirect those resources toward strategic organizational initiatives while maintaining the highest degree of security, redundancy, and reliability. This strategy is a starting point, but offers UW Health long-term flexibility and scalability as their organization grows.”

Value in co-location

According to Donna Knilans, senior account executive for OneNeck, the partnership between UW Health and OneNeck developed through thoughtful conversation between the two entities.

In general, Knilans notes, health care systems usually focus on three criteria when evaluating a co-location partner. They include:

  1. Availability. Data and applications must be available to health providers and other aligned health care professionals — quickly and efficiently. They must have access to the information (i.e., electronic health records) in order to serve patients.
  2. Security. To protect the confidentiality and privacy of their patient population, protected health information must be ensured.
  3. Compliance. Any IT partner must be in compliance with all regulatory requirements of the Centers for Medicare and Medicaid Services, including HIPAA/HITECH and the Payment Card Industry Data Security Standard.

In addition, health systems also look at leveraging a co-location partner to accomplish other goals, Knilans states, such as:

  • Cost structure and savings. By co-locating IT services, health systems can typically leverage an operating vs. capital cost model to attain an overall lower cost of data center services.
  • Scalability and flexibility. Given the dynamic nature of the health care industry, (e.g., mergers, acquisitions, accountable care organizations, and establishing other ongoing partnerships) co-location provides flexibility. It also allows for quick expansion of data center services to accommodate any changes within the organization.
  • Business continuity and risk mitigation. In order for hospitals and other health care facilities to deliver life-saving care 24/7, co-location must ensure business continuity — without risk of an outage.
  • Focus on core mission of care delivery. In order to maintain focus on delivering safe, high quality, and prompt care for their entire patient population, health care enterprises choose solution partners to free up employee time. This way, instead of caring for a data center, employees focus solely on matters that will improve overall patient services.

Housing its data at a Tier 3 facility means UW Health will always have access to its data, no matter the time of day or year.

Tier 3 is simply the industry term for the type of data center OneNeck maintains in the Madison area, notes Hank Koch, vice president of mission critical facilities for OneNeck.

“Tier 3 or ‘continuous maintainability’ means without a need for any downtime (scheduled or unscheduled),” Koch explains. “All equipment in a Tier 3 facility, whether directly (e.g., electrical) or indirectly (e.g., climate or other mechanical support pumps, plumbing) is — at minimum — supplied with at least one more component than is required to run the facility at 100% utilization. This way, if there were to be a failure/malfunction or a need to conduct routine maintenance/repair, the data center will continuously operate while that condition exists and/or work is conducted.”

Many health systems do not have the financial resources necessary to allocate toward building, updating, or operating a data center, notes Knilans. “For many, it’s simply not a core competency. However, and more importantly, many choose to focus on delivering and improving patient care while teaming up with a trusted partner to manage their IT.”

In addition, Knilans says health care providers are continually looking for new ways to lower the cost of health care while seeking ways to improve the quality and efficacy of health service delivery. Teaming up with an IT partner who has the resources, expertise, and certifications/attestations in place, allows health care providers the opportunity to accomplish both — focus on improving the patient experience while reducing health care costs.



Ensuring security

Data breaches, or at least media reports about them, have become common enough that information security is top-of-mind for most people these days.

Security of patients’ protected health information is a top priority among all the health systems and providers OneNeck works with, notes Knilans. “Hands-down, it’s one of the most important criteria health care providers look at when selecting a co-location partner. The most important security features include 24/7 on-site staff, two-factor authentication — at a minimum— and continuous video surveillance of the entire data center.”

According to Katie McCullough, OneNeck’s vice president of information security and business applications, OneNeck has an information security program governing co-location, which incorporates requirements from:

  • Applicable legal and regulatory requirements, such as HIPAA and HITECH;
  • Client requirements and contractual obligations, like business associate agreements; and
  • Industry best practices (i.e., NIST).

“OneNeck also invests in an extensive library of procedures, guidelines, templates, and supporting documents to successfully achieve and protect those requirements,” explains McCullough. “This includes: 1) physical security of our data centers; 2) privacy and security training and awareness for our coworkers; 3) breach notification processes; and 4) procedures for preventative and corrective actions.”

In alignment with the documented policies and procedures, McCullough notes OneNeck invests in all coworkers and systems to ensure thorough understanding and adherence of the policies and procedures.

“OneNeck leverages a Learning Management System (LMS) which allows subject matter experts to create courses that can be easily viewed by our staff, 24/7,” McCullough says. “It also allows for testing employee understanding of the policies and procedures, as well as tracking for management and third party examination of compliance.”

“All health systems promise — and ensure — prompt, high-quality patient care,” says Koch. “In order to deliver on this promise, health care providers count on their IT partners to ensure availability of all patients’ electronic medical records, as well as other patient care systems.”

Koch explains that OneNeck builds redundancy into its facility to ensure that, if there were a commercial power loss, multiple generators with on-site back-up fuel sources are readily available and automatically kick-in. “This enables all operations within the facility to remain fully functioning. It also ensures availability of all applications — critical and otherwise.”

Click here to sign up for the free IB ezine – your twice-weekly resource for local business news, analysis, voices, and the names you need to know. If you are not already a subscriber to In Business magazine, be sure to sign up for our monthly print edition here.