In Depth

Jaime Chanaga: Man in the Middle

At Geisinger Medical Center in rural Pennsylvania, Web-based services are revolutionizing the way care is delivered and forcing CISO Jaime Chanaga to rethink the role of IT security

By Paul Roberts

September 01, 2004 — CSO — It's a rainy April evening in Danville, Pa. The sidewalks on Mill Street are empty. Once-handsome 19th century brick facades are faded and the storefrontsDollar Store, D's Clothierare dark. Two small restaurants and a bar are open, but emptyor nearly soadding weight to the street's designation as a "historic" business district. The scene here is a common one in rural Pennsylvania and in small towns throughout the United States, where economies built on agriculture and manufacturing have given way in recent decades to a low-wage, service-sector economy and its placeless landscape of strip malls and chain stores. A tension between old and new can be felt everywhere in Danville (population roughly 4,900), which was settled on the banks of the Susquehanna River in 1777 by William Montgomery. His 1792 stone housenow a museumstill stands at the end of Mill Street, directly across the street from a Wendy's restaurant.

The tension can also be felt just outside of town, where Geisinger Medical Center sits on a hill overlooking the rolling countrysidea sprawling, big-city hospital and modern research center plunked down in small-town America. Almost 90 years after its 1915 founding, more people work and receive care at the Medical Center most days than reside in Danville. And Geisinger's modern-day stewards, such as CISO Jaime Chanaga, are trying to remain true to the charge laid down by founder Abigail Geisinger to make her hospital "the best."

The hospital is eight years into a $68 million-plus effort to deploy a state-of-the-art electronic medical records (EMR) system that has streamlined patient care within the hospital and outpatient services at Geisinger's 15 clinics in 38 Pennsylvania counties. Recently, the hospital has also moved aggressively to deploy a host of Web-based medical services for patients and staffincluding a patient portal for accessing online medical records called MyGeisinger.

However, behind the scenes, the move to electronic medical records and medical Web services has heaped new demands on Chanaga's information technology security staff. Chanaga and his staff face the daunting and sometimes contradictory tasks of trying to increase staff and patient access to medical information, and staying on top of the latest advances in medical devices, while also formalizing security policies and adhering to regulatory requirements for more than 400 medical and administrative applications, almost one-third of which are mission critical.

Offering the perspective of a man who's barreling down a road that most people are still trying to merge onto, Chanaga has found that the secret to managing IT security in a Web services-dominated world is knowing you don't have all the answers. Instead, Chanaga and his staff at Geisinger have found success by sharing responsibility and by striking a balance between customer needs and corporate goals.Digital Case FilesA visit to Geisinger's data center, a sturdy, two-story, cement building at the rear of the Danville campus, underscores the challenges facing IT security staffs who work in a medical environment.

• Email
• Print
• Comments
• Digg This
• SlashDot

• HIPAA: Privacy Defenses