The Geisinger Approach to Security in a Connected World

Computerizing medical information for in-house use is one thing, and sharing it with the world is quite another.


Computerizing medical information for in-house use is one thing, and sharing it with the world is quite another. Geisinger Health System, a pioneer in using electronic information to aid integrated delivery, has portals for both patients and physicians.

It also runs a regional health information exchange that shares information with non-Geisinger providers, and that effort recently received a $16 million federal Beacon Community grant to manage patients with COPD and heart failure.

David Young, I.T. director at the health system, will discuss the challenges that Geisinger has encountered in registering and authenticating users, and the pros and cons of leveraging one security infrastructure for all three of its portals. He contrasts the health care industry with the financial industry, where multifaceted security measures are standard practice.

"In the banking industry, they can go down to the transaction level, and if it's above a certain amount they will call you to verify it," he says. "We aren't going to get to that level, but we want multiple layers and safeguards. If someone compromises my bank account, I can start over, but I can't do that with my medical information. That's why it's so valuable to the fraudsters. They can submit false claims and then you have to clean up the mess. Health care has more challenges than banking."

Young says Geisinger is transitioning management of its HIE infrastructure to a third party, so that smaller providers in its area won't feel threatened by Geisinger's power over their information. The organization is taking its own leap of faith as well.

"The hospitals will control who gets access, and it's a little scary knowing that that power is going to hospitals that you don't own or control." Geisinger's systems will be demonstrated as part of the HIMSS Interoperability Showcase.

Young's presentation, "Redefining Boundaries: Using Secure Portals to Share Healthcare Data," is scheduled for Monday, Feb. 21, at 12:15-1:15 p.m.