When a Canadian is diagnosed with diabetes, their life is changed forever.
The disease means the body can no longer regulate its own blood sugar levels, and the afflicted person must diligently keep them on target through a carefully planned diet and direct insulin injections. Daily maintenance is needed to ensure complications are avoided – such as loss of vision, or the onset of seizure. It is an endless burden.
One in 20 Canadians is diabetic and that proportion is even higher in the Atlantic provinces. It’s no wonder that Atlantic Health Sciences Corp. (AHSC) in Saint John, N.B. sought a tool that could help ease some of the burden from their patients living with the disease.
“When a person first comes in and is diagnosed with diabetes, there is a whole host of material given to them and a face-to-face meeting to discuss how they can live as freely as possible with the condition,” says Ian Kilpatrick, IS technical architect with AHSC. “After that, they can get it at anytime online and it’s able to be updated as regularly as needed.”
In 2005 the largest multi-facility hospital corporation in New Brunswick began offering a Web-based healthcare portal for diabetics. Users were able to track information critical to their disease – blood sugars, blood pressure and heart rate – and share it with their physicians. They can also read up on educational material shared through the portal.
Diabetics can chart blood sugar levels with the MyCare portal.
The MyCareAnyware system was an extension of technology the hospital group already used internally. With AnyWare Group’s (AWG) role-oriented access management (ROAM) infrastructure, the hospital was able to offer diabetics easy access to their personal health information while keeping that sensitive data secure.
The portal cut wait times for diabetic patients waiting to come into a clinic for educational meetings and also helps the hospital reach out to more patients. The hospital typically sees 100 patients a month, 20 of which are new patients.
“They had very long wait times for folks to get into clinics,” says George Hubley, director of product management and development with AWG. “Their diabetes education program is a three-day program, so there was a certain demographic that didn’t appeal to.”
Educational information is pushed out through the MyCare portal.
The ROAM system was already used by 70 per cent of the province’s physicians to access patient data on a day-to-day basis. The service is designed to be client-less so doctors don’t waste time installing software, and to avoid problems requiring intervention from the IT department.
“What we do is use a standard browser with java support,” says Allan Cameron, chief technology officer at AWG. “We don’t install any software on the PC, so there’s no confusion if the physician has a problem on a computer, you know it’s not a software problem. That makes the IT shop happy.”
Without a client, it is just as easy for a patient to use the ROAM portal from their home computer as it is for a physician to access it within the hospital.
The first time a patient accesses the portal over their Web browser, they download a java applet automatically. That applet is used to establish an encrypted path between the user’s PC and the servers that reside in the hospital. The encryption type used is Secure Socket Layer Virtual Private Network (SSL VPN).
“SSL VPNs are a generally accepted and secure way to connect users from remote locations,” explains Tony Brockmann, technical product marketing manager with Symantec Corp. It’s not very new, but it works.
Hospitals looking to supply patients with information over the Web are in a tricky situation, he says. Compliance standards require that any data about a patient’s medical condition be kept completely secure at all times. That means it has to live at the hospital and isolated from the service provider.
“If the hospital could protect 95 per cent of its information, that’s still not acceptable,” Brockmann adds.
AHSC has a server rack with nine servers dedicated to running AWG applications, Kilpatrick says. One of them is dedicated to the diabetes patient portal and the total hard drive space dedicated to the patient data is small – less than one terabyte.
While the data resides safely at the hospital, the service is hosted via a gateway server with AWG, also located in Saint John.
“There’s no data there, but the actual accounts and the roles, which is how they control who has access to what, is hosted by AnyWare,” Kilpatrick explains.
The role-oriented part of ROAM means that what a person can access on the system is determined by a user-by-user basis. That keeps patient data segregated from being viewed by outsiders, and also ensures that individual patients are only viewing the data they’re allowed to see.
But the system’s security doesn’t stop at putting up walls and counting that they’ll hold firm. A tracking feature of the software also can report what actions a user took during their session, what data they accessed, and how long they spent.
“In the security world, it’s important to be able to track down a problem,” Cameron says. “You can’t have perfect firewalls, so track all activity instead.”
The hospital hasn’t had to rely on the auditing feature of the software yet, Kilpatrick says. But it gives him peace of mind to know its there, and also helps the hospital meet compliance standards.
“In the event that an account does get compromised, there’s the ability to track down what the attacker did and the extent of the breach,” he says.
After the initial cost of getting the infrastructure installed and the server set up in the hospital, AHSC pays a per user fee to AWG for the diabetes MyCare portal.
For diabetics in Saint John, the portal is one more tool they have in a life-long battle against a disease that can shorten lifespan and also be debilitating. It means they’re no longer fighting alone, but with the help of a healthcare team tracking their daily activities.
“This allows the patient and the physician to work as a team to manage that patient’s diabetes,” Cameron says. “That is unique.”