Corner Office: Q&A with Dr. John Halamka

Dr. John Halamka, CIO of Harvard Medical School and Beth Israel Deaconess Medical Center, was recently recognized as one of Baseline magazine’s Top 100 Most Influential People in IT. An emergency room physician by training, and a world expert on mushroom and plant poisonings, Dr. Halamka meets the information needs of 3,000 doctors, 12,000 employees and one million patients at one of North America’s premier teaching hospitals. He is renowned for pioneering the use of innovative and secure techniques to exchange patient records—his own medical data, stored on an RFID chip, is implanted in his right triceps.

BlackBerry Connection® caught up with Dr. Halamka to find out how the BlackBerry® Enterprise Solution helps him move one hundred million medical records—or one hundred Terabits of data—every day, while keeping patient and student histories secure from network outages and external threats.

BlackBerry Connection (BC): What were your institution’s goals for a wireless solution?

Dr. John Halamka (JH): We needed to rapidly provide IT support to the 18,000 people at Harvard Medical School. We replaced our old Help Desk system with a BlackBerry trouble ticketing tool called Request Tracker (RT). In one year, RT took the IT department from being the most criticized group at the school to the most praised, because service requests were being handled immediately.

We also needed a solution that was robust; something we could rely upon. In 2002, we had a network outage that regressed the hospital by decades, making it look like the hospital of 1972 – doctors couldn’t get their orders, couldn’t prescribe drugs, and we couldn’t diagnose the problem in the absence of a network. We began using PIN-to-PIN on BlackBerry devices to communicate during the network outage; this is now an integral part of our disaster recovery plan for situations when our other communication channels go down.

BC: Why is guaranteeing secure data so important to your organization?

JH: In the medical profession, we have to be compliant with both HIPAA (Health Insurance Portability and Accountability Act) to protect confidential patient information and FERPA (Family Educational Rights and Privacy Act) to protect student data. You only have to look at the Veterans Administration’s unfortunate spill of 26 million veterans’ records to see how devastating an information leak can be. We move 100 million patient records or 100 Terabits of data a day and we haven’t had handwritten doctor’s orders or X-ray film since 2001. Our doctors rely on the ability to communicate digitally. What’s unique about BlackBerry devices is they use robust, cryptographic, key-based encryption. And there is never a point at which the message is being sent between the BlackBerry® Enterprise Server and the BlackBerry device in an unencrypted fashion. BlackBerry is a truly HIPAA- and FERPA- compliant solution for end-to-end communication.

BC: Why did you choose the BlackBerry Enterprise Solution to address your security needs?

JH: I have the entire population of MIT right across the Charles River; it takes a smart graduate about five minutes to break into a WEP-protected (Wired Equivalent Privacy) wireless network. For the BlackBerry Enterprise Solution, security is not an aftermarket product or an afterthought – security is baked into the fabric of the solution.  I tell people that encryption could mean Pig Latin. The typical user likes the word encrypted; I like the words Triple DES!

Plus, we’re attacked by hackers every seven seconds. We have intrusion detection systems to ensure our servers don’t get compromised. Our BlackBerry Enterprise Server is running on a 10.x address server internal to the firewalls. You can’t reach it from the outside. There is no need to have open inbound holes in our firewall. Our network architecture folks have built the infrastructure necessary to keep our enterprise highly protected from the constant attacks and the BlackBerry Enterprise Solution doesn’t compromise this approach.

BC: What is your advice to anyone evaluating wireless security?

JH: For those of us who struggled for years with S/MIME certificate imports into the Outlook client, it’s important to know that security add-ons can be very fidgety. It’s such an advantage to have everything included in one package like the BlackBerry Enterprise Solution. My advice is to recognize that you need to implement algorithms and protocols that are industry standards. Go with something proven that has been well-reviewed and recognized as robust by the security and hacker communities.

BC: Is there anything else you’d like to share about your BlackBerry?

JH: My BlackBerry is not just a device, it's part of my lifestyle. It enables me to coordinate hundreds of projects, spend time with my family, and climb mountains throughout the world because it translates my ideas, wherever I am, into action at the speed of the internet.

Related Links:
For the latest offers, webcasts and whitepapers visit www.blackberry.com/offers: BlackBerry Solutions for Healthcare latest offers

On-demand webcast: Using the BlackBerry solution to enhance service delivery in the IT organization: the Harvard Medical School experience

CIO Perspective: BlackBerry Security (PDF download)
RIM interviews Dr. John D. Halmaka for Beth Israel Deaconess Medical Center in August 2006.

Healthcare Resource Library

Related articles in this issue:
Wireless Technology in Healthcare
Speeding Critical Alerts to Mobile Devices