General discussion

Locked

Blogging IT One Word at a Time

By Bill Elmore ·
Tags: Off Topic
blog root

This conversation is currently closed to new comments.

65 total posts (Page 1 of 7)   01 | 02 | 03 | 04 | 05   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Taking the Pulse of Healthcare IT

by Bill Elmore In reply to Blogging IT One Word at a ...

<p>Working in healthcare IT (HIT) means learning to quickly
adapt and implement new technologies at breakneck speeds.  Healthcare has so embraced technology that
businesses must continue developing new and better methods of providing patient
care or else lose the competitive edge that is essential to their
survival.  That competitive edge ensures the
best physicians are retained, patients get higher quality care which is safer
and less invasive, and the bottom line is maintained against ever decreasing
insurance reimbursements.</p>


<p>So where does the HIT professional fit in all of this?  He fits right smack in the middle, holding
hundreds of spider-like threads together which stretch from the data center
back to every aspect of healthcare operations. 
Technology is entrenched enough that a down server could mean a doctor performing
a heart procedure can?t pull up needed images, or it could mean a recently
vacated patient room goes uncleaned because the bed and patient tracking system
couldn?t send the notification page to the environmental services
employee.  Heck, I just completed a new hospital
dietary system installation to replace an old paper system.  So now every time the Citrix server crashes
(ahem, last night), I get a call from panicked dietary workers who don?t know
what the patient in room 2217 ordered for dinner.  Two months ago, they used an entirely paper
driven system, and now they are completely immobilized if their new electronic
system hiccups.</p>


<p>To make matters worse, many times vendors ship out buggy
software in an attempt to be first with a new idea.  I know, buggy software is not unlike software
being sold in every other market, but its impact in this case is to patient
care, which takes it to an altogether different level.  Installing a poorly written software package compounds
the problems facing HIT departments because subsequent ?patches? and
?enhancements? become less optional and more often translate into required
upgrades.  Features seen on a glossy
brochure and included in a slick sales presentation are nowhere to be seen after
the initial installation or they often work less than perfectly.  Let?s see a show of hands if you?ve ever
installed a dot release upgrade to a system which wasn?t yet live.  My last system installation included four separate
dot upgrades before it ever made it to production status.  Depending on the complexity of the system,
this could mean required updates and testing to database, application,
interface and terminal servers; not to mention updating workstations and
handheld devices or rebuilding automated software deployment packages.<br /><br />In all fairness, often software vendors and HIT departments
are pitted against each other to solve implementation problems when the root
issue originates with a hospital director or president who purchases a system
without involving the people responsible for its installation.  ?We bought this, now make it work? is a
phrase I?ve heard before.  Seemingly out
of nowhere, a contract is signed, money changes hands and <em>then</em> it?s sent to IT for review and installation.  Problems inevitably arise when you?re
speaking with the vendor?s technical support, and they reluctantly inform you
that they?ve never assisted with a thin-client implementation of their product or
don?t know if their software will run on a virtual server.<br /><br />However, vendors will work with you much of the time to
install their software according to the standards and technologies in your
environment even when their support documentation doesn?t officially list it as
an accepted platform.  But what happens
when they won?t?  Then IT is left holding
CDs for a purchased system which doesn?t adhere to internal processes.  A decision must be made at this point either to
refuse installation (this never happens) or engage in a bit of creative
engineering which involves magic behind a pulled curtain.  Voila! 
A new system is installed and no one quite knows how it?s working.  Just don?t breathe too hard on the server on
the left.</p>


<p>As computerized methods replace the last remaining manual
procedures in healthcare operations, IT departments find themselves playing a
direct role in the delivery of patient care. 
This means promptly responding to problems that arise while juggling the
constantly evolving solutions passed down from vendors and into our laps.  Now if only I could learn to recognize the
beta software builds from the ?final? releases?</p>

Collapse -

Taking the Pulse of Healthcare IT

by Bill Elmore In reply to Blogging IT One Word at a ...

<p class="MsoNormal">Working in healthcare IT (HIT) means learning to quickly
adapt and implement new technologies at breakneck speeds. Healthcare has so embraced technology that
businesses must continue developing new and better methods of providing patient
care or else lose the competitive edge that is essential to their
survival. That competitive edge ensures the
best physicians are retained, patients get higher quality care which is safer
and less invasive, and the bottom line is maintained against ever decreasing
insurance reimbursements.</p>


<p class="MsoNormal">So where does the HIT professional fit in all of this? He fits right smack in the middle, holding
hundreds of spider-like threads together which stretch from the data center
back to every aspect of healthcare operations.
Technology is entrenched enough that a down server could mean a doctor performing
a heart procedure can?t pull up needed images, or it could mean a recently
vacated patient room goes uncleaned because the bed and patient tracking system
couldn?t send the notification page to the environmental services
employee. Heck, I just completed a new hospital
dietary system installation to replace an old paper system. So now every time the Citrix server crashes
(ahem, last night), I get a call from panicked dietary workers who don?t know
what the patient in room 2217 ordered for dinner. Two months ago, they used an entirely paper
driven system, and now they are completely immobilized if their new electronic
system hiccups.</p>


<p class="MsoNormal">To make matters worse, many times vendors ship out buggy
software in an attempt to be first with a new idea. I know, buggy software is not unlike software
being sold in every other market, but its impact in this case is to patient
care, which takes it to an altogether different level. Installing a poorly written software package compounds
the problems facing HIT departments because subsequent ?patches? and
?enhancements? become less optional and more often translate into required
upgrades. Features seen on a glossy
brochure and included in a slick sales presentation are nowhere to be seen after
the initial installation or they often work less than perfectly. Let?s see a show of hands if you?ve ever
installed a dot release upgrade to a system which wasn?t yet live. My last system installation included four separate
dot upgrades before it ever made it to production status. Depending on the complexity of the system,
this could mean required updates and testing to database, application,
interface and terminal servers; not to mention updating workstations and
handheld devices or rebuilding automated software deployment packages.</p>


<p class="MsoNormal">In all fairness, often software vendors and HIT departments
are pitted against each other to solve implementation problems when the root
issue originates with a hospital director or president who purchases a system
without involving the people responsible for its installation. ?We bought this, now make it work? is a
phrase I?ve heard before. Seemingly out
of nowhere, a contract is signed, money changes hands and <i>then</i> it?s sent to IT for review and installation. Problems inevitably arise when you?re
speaking with the vendor?s technical support, and they reluctantly inform you
that they?ve never assisted with a thin-client implementation of their product or
don?t know if their software will run on a virtual server.</p>


<p class="MsoNormal">However, vendors will work with you much of the time to
install their software according to the standards and technologies in your
environment even when their support documentation doesn?t officially list it as
an accepted platform. But what happens
when they won?t? Then IT is left holding
CDs for a purchased system which doesn?t adhere to internal processes. A decision must be made at this point either to
refuse installation (this never happens) or engage in a bit of creative
engineering which involves magic behind a pulled curtain. Voila!
A new system is installed and no one quite knows how it?s working. Just don?t breathe too hard on the server on
the left.</p>


<p class="MsoNormal">As computerized methods replace the last remaining manual
procedures in healthcare operations, IT departments find themselves playing a
direct role in the delivery of patient care.
This means promptly responding to problems that arise while juggling the
constantly evolving solutions passed down from vendors and into our laps. Now if only I could learn to recognize the
beta software builds from the ?final? releases?</p>

Collapse -

Taking the Pulse of Healthcare IT

by mike_patburgess In reply to Taking the Pulse of Healt ...

<p>I have had some experience in reviewing IT in the health care industry.  If patients only knew how at risk their information is from hackers, and loss, they would think twice about giving their information out.</p>
<p>Whereas the medical industry likes to implement "new improved technolgy", they forget to implement the security around it or, the security is sub standard.</p>
<p>Well, that's been my experience.</p>

Collapse -

Why Express Windows Patching is a Bad Idea

by Bill Elmore In reply to Blogging IT One Word at a ...

Monday afternoon began peaceful enough. Being ?on-call? for my daytime IT job means occasionally
carrying a pager and cell phone for a week of 24/7 paranoia. It also means I stay as late as needed to
perform scheduled server reboots, which are typically preceded by applying the
latest Microsoft Security Updates and Hotfixes.
Sounds simple. But on this day, I
had a particular Windows 2000 Server that seemed inclined to remind me it was,
in fact, a Windows box. And, oh yeah, it
was after all a Monday.


<p class="MsoNormal">Microsoft made it easy.
A quick connection to the Windows/Microsoft Update site revealed a
whopping 24 updates were needed and recommended for immediate
installation. To my credit, I was smart
enough to first install the updates on the designated ?test? server, which
revealed no evident issues. And then, at
approximately 6 PM, I casually clicked the <b>Install
Updates</b> button, and waited for thirty minutes while the installation
completed. One reboot later revealed a
fully functioning system with no warning or error messages in the system event logs. I could go home and enjoy my evening?</p>


<p class="MsoNormal">?But, no. Let me
explain. Arriving home to find your
spouse speaking with your employer?s Help Desk is never a good sign. It seemed no one located at any of our five hospitals
could print their much needed patient labels and medication barcodes following
the reboot. This ONE Windows server functions
as the sole print server for all 1,400 printers at our remote sites. (Note: I only rebooted it, not designed
it.) </p>


<p class="MsoNormal">I hadn?t panicked at this point. So as my family ate dinner, I connected to
the server via pcAnywhere and thought a quick restart of the print spooler
would coerce the printers to fulfill their life?s purpose. A subsequent look at the printer queues
revealed no jobs were queued and nothing was being printed. The Windows System Log showed a series of
Informational Events; Event ID 9, ?Printer xxx was set?. In fact, there were <i>only</i> Event ID 9s in the System Log.
That was because the maximum size of the log was set to 1 MB which made
it <i>appear</i> useless. Further investigation revealed the system
partition had less than 500 MB of available space, and the HP Insight Manager
agents indicated two bad memory modules.</p>


<p class="MsoNormal">It should be mentioned that at this point of my Monday
evening, I began receiving follow-up calls from the Help Desk requesting system
status and to relay much end user angst. </p>


<p class="MsoNormal">I went with the obvious.
A call was placed to our hardware support group and the bad memory was
replaced by 12:30 AM. I drove to the
data center for this as well, and one more reboot later proved that print jobs still
were not spooling. Openly sobbing wasn?t
appropriate, so I again perused through the event logs. It was still filling with Event ID 9s. Googling on this Event showed it was informational
and could be ignored, although it did look suspicious.</p>


<p class="MsoNormal">Fast forward to 2:00 AM.
The system had been down for over six hours. Users were very unhappy to say the least, and
panic was beginning to set in. It also
came to light a new hospital system was beginning production in less than five
hours and it had a dependency of, you guessed it, the down system. A roll-back of the Windows updates was
unhelpful, and the functional support person for the application was beginning
to mumble words like Disaster Recovery.
I ran back to my desk and frantically searched for more clues. </p>


<p class="MsoNormal">It seems typing ?Windows printer problem? into a search
engine returns more than 45 million results.
The team lead I awoke at 4:00 AM actually used the phrase ?resume
generating event?. That?s never good to
hear. But it was about that time I found
Microsoft Knowledge Base Article <a href="http://support.microsoft.com/kb/832219">832219</a>. This gem of an article describes a scenario
much like my own. Putting the pieces
together, I discovered that the ?<a href="http://support.microsoft.com/kb/891861">Update Rollup 1 for Windows 2000
SP4</a>? updates the PCL Universal Print Driver dll (unidrvui.dll). This, in turn, causes a rebuild of all the
PCL based printer description files (i.e., nearly 1,400 printers in this instance). I realized by studying the System Log events
again that roughly every 9 minutes a printer driver completed updating (Event
ID 20). Multiplying this times 25 PCL
drivers meant the system should be functioning again by 6:00 AM ? just in time
for the new system ?go-live? one hour later.</p>


<p class="MsoNormal">The system was spooling print jobs again at 6:05 AM. I notified the Help Desk and performed a
celebration dance in my cubicle while no one was looking. I also emailed an explanation and warning
message to my fellow team members explaining my travails and what not to do in
the future. Sleep was finally an option
by 9:00 AM.</p>


<p class="MsoNormal">So what can be learned from all of this? Obviously, testing and researching an update
should be required before it is applied to a production system. The reality is many organizations don?t have
the IT staff, hardware or time resources to thoroughly test <i>every</i> released update. Often there exists a catch-22 where it poses a
security risk to not install a patch, but the consequences of installing
without adequate testing are too great.
In the case I described above, updates were applied to the test system
first. But because the test system was a
scaled-down version of production and had 100 printers versus 1,400, the
problem issues weren?t evident.</p>


<p class="MsoNormal">My guess is many of you reading this are in similar
situations regarding patching production systems. Sound off and let me know! And while you?re at it, check out a <a href="5254-6257-0.html?forumID=99&threadID=194745&messageID=2039465&id=843066">different
perspective</a> on this topic from fellow TechRepublic blogger, Shannon Kalvar.</p>

Collapse -

Why Express Windows Patching is a Bad Idea

by gregry In reply to Why Express Windows Patch ...

There is no such thing as a test system.  You either have duplicate productions systems or you are relying on the power of positive self-delusion.  (Hint:  I don't have duplicate production systems either).  For the most part, we ARE damned if we do and damned if we don't.

Collapse -

Why Express Windows Patching is a Bad Idea

by reconlabtech In reply to Why Express Windows Patch ...

<p>I discovered a long time ago that update rollbacks rarely rollback everything - good backups are the only thing that have saved me from spending hours / days trying to fix a "patch" problem.  I now live by the 30 minute rule - if I can't solve the problem in 30 minutes, I resort to the most reliable restoration process for the problem, whether that be a reimage or backup restored.  These machines will steal your life if you let them!</p>
<p> </p>

Collapse -

Why Express Windows Patching is a Bad Idea

by dkroger In reply to Why Express Windows Patch ...

<p>I always perform an image backup before applying patches. This way, if the patch goes haywire, I can restore the image in less than 1 hour. You have to be sure to use a partition that is for the OS only so that you do not have to worry about any data loss problems.</p>

Collapse -

Why Express Windows Patching is a Bad Idea

by cincy2hot4u In reply to Why Express Windows Patch ...

<p>I KNOW That Patch Work, is NOT RELIABLE, MSN Zone is Patch-Work overloaded, so I ask for a ALL - New Gaming Zone.  <strong><em>Club Shepherd yyyy</em></strong>, fixes <strong><em>EVERYTHING</em></strong> Zone related, However, I must, because I have 0 Authorization, when I have A Systems Analysis College Degree from Miami, OH.  </p>
<p>I am HIT BY A Railroad TRAIN!  I know, that this causes people, NOT Hurt, that THINK THEY Know it all are Superior Human Beings, than me.  BUT OBVIOUSLY NOT, Because, President Bush can't even SOLVE The ILLEGAL Immigration problem, where I Have the Solution!  <a href="mailto:cincy2hot4u@homail.com">cincy2hot4u@homail.com</a>, will respond with the Answer to George Bush's BIGGEST Problem.  93% of the Illegals tht have Already Crossed the Border ILLEGALLY Can stay, but MUST Pass an English Entrance Exam (EEE), generated by a TEAM Of College professors in English.  7 month Waiting time Frame so they CAN Study English!  For re-takes to enter, Legally.  WE Only Want THEE BEST, Right?  So EEE Spanish Exam takers will Study, IF they TRULY Want to become USA Citizens!</p>
<p>You're Welcome, MR. George Bush!</p>
<p>Brian Shepherd,   513-367-6048,   MY Solution oriented Brain thinking, for THEE USA,  +++Bridge_SMASH,  Club Shepherd yyyy, I Solved 7000++ Hours worth of very creative thinking brings the Solution to CHEATERS At cards, too!  </p>

Collapse -

Data Breach Reports Prove Security is Becoming Focus

by Bill Elmore In reply to Blogging IT One Word at a ...

Data breaches. The
number of reported data breaches involving sensitive private information at
organizations and companies is growing at an alarming pace. I click the refresh button for my RSS news
feed if it doesn?t flash a data breach story at some point during the day. I haven?t had to manually ?refresh? much
lately though, have I? There is an
abundance of data security stories not just in the IT trade magazines and on IT
focused web sites, but also in mainstream media outlets. It?s front page news read by millions of
people, many of whom aren?t knowledgeable or concerned with much of the general
happenings of corporate IT. But I feel
compelled to chime in with my two cents anyway, even though there are <em>plenty</em> of stories and opinions already
posted on the topic.


<p>My take is a little different though. I view the reports of data breaches at
government offices, schools, banks and corporations as a good sign. That?s right; I said it?s a <em>good</em> sign there are so many reported
data breaches. It tells me there is
finally a focus on protecting private data.
The truth is, not until Congress passed laws such as <a href="http://news.com.com/Sarbanes-Oxley+cheat+sheet/2030-7349_3-5465172.html">Sarbanes-Oxley</a>
and the Health Insurance Portability and Accountability Act of 1996 (<a href="http://www.hhs.gov/ocr/hipaa/">HIPAA</a>), and states such as California
passed laws requiring full disclosure of data breaches, agencies and
corporations were largely self-governed and lax with data security
practices. </p>


<p>The key to my absurd statement focuses on the word ?reports.? You see, data breaches (i.e., the loss of
sensitive private information) have been occurring for many years. It wasn?t until recently that corporations
took the topic seriously and began being forced to disclose security lapses. Thanks to consumer advocacy and watchdog
groups such as the <a href="http://www.privacyrights.org/index.htm">Privacy
Rights Clearinghouse</a> and regulatory laws like HIPAA, senior executives are
being held ultimately responsible for protecting private data and maintaining regulatory
compliance. It is the threat of severe
criminal and civil penalties that is persuading CEOs to dedicate valuable and
scarce resources to securing consumer data.
What else would cause executives to spend money and time on something
that doesn?t directly affect the bottom line?</p><p>The data breach reports are significant because companies previously
didn?t place much emphasis on data security.
Blocking hacking attempts and viruses got the most attention, with efforts
mainly focused around keeping hackers on the outside through perimeter defenses
such as hardware firewalls and wireless network encryption. But not much effort went into developing
sound data handling procedures. The
reports of data breaches are both embarrassing and damaging to the responsible
companies, and ensure that more resources will be dedicated to reducing future
incidents. And while some data breaches
are occurring because of hacking attempts and viruses, most reports describe
incidents involving employees losing laptops or portable media devices, or lapses
in judgment.</p><p>Change takes time though; especially change involving
business process flow. Many organizations
are still in the very early stages of evaluating and implementing solutions to
mitigate security risks. Common IT-based
solutions involve implementing federated identity-management systems, utilizing
encryption and using thin-client technology to access data stored centrally in
a secure data center. Procedural
solutions include creating access control lists and determining exactly who
needs access to which systems, performing routine self-audits and training
staff to properly dispose of and protect sensitive data (e.g., shredding confidential
documents and knowing not to post private data on insecure web sites).</p><p>For example, when I started in healthcare IT in the late ?90s,
a stroll down hospital hallways revealed computer screens with patient data
clearly visible, computers logged into the network with generic accounts, and
applications that required no authentication.
Fast-forward to 2006 and those same hallways now reveal screen filters
on all monitors, staff using unique login credentials and applications with
either integrated directory services based authentication or a separate application
layer login. Security committees even
exist now with members from various departments who focus on ensuring the
company maintains HIPAA compliancy. How
to secure data has become a focus when discussing upgrading or installing a new
system, not an afterthought.</p><p>So again I say the frequent reports of data breaches are a
welcome site. And while it indicates we
still have a long way to go to reduce security risks, it also proves there are
watchful eyes on the companies storing sensitive private information. This will take time, but a quick glance to
past security practices shows just how far we have already come.</p><p>As always, let me know your thoughts, and while you?re at it,
check out these recently added resources on TechRepublic.</p><p><a href="http://techrepublic.com.com/5100-1009_11-6079162.html?tag=nl.e138">Why data encryption is no substitute for comprehensive security</a></p><p><a href="../5100-1009_11-6087025.html?tag=nl.e138">Protect
corporate data with these physical security precautions</a></p>

<p><a href="http://whitepapers.techrepublic.com.com/abstract.aspx?docid=169840&promo=064&tag=nl.e064">Insider
Threat Report by Aberdeen Group: Strategies for Data Protection</a></p>

Collapse -

Data Breach Reports Prove Security is Becoming Focus

by Nasty Jack In reply to Data Breach Reports Prove ...

<p class="MsoNormal"><span>I agree that awareness is a great stride forward, but, unfortunately, my experience tells me that it is only because the feds and business have been forced into this mode, and it is primarily for the protection of the bureaucracy and the bottom line.<span>  </span>I am a former broker of mailing lists turned privacy activist, and can speak with authority on the junk mail industry, as well as some of its relationships with the government.<span>  </span>The problem isn?t just our names and private information dribbling all over the environment, it is the use of this same data, by the same two powers, to invade every aspect of our inner sanctum.<span>  </span></span></p>
<p class="MsoNormal"><span></span> </p><span><span>
<p class="MsoNormal"><span>I believe George Orwell predicted the data breaches of 2005, as well as the iron fist control that now exists over our private lives.<span>  </span><i>1984</i> is about a totalitarian state where every aspect of public and private behavior is regulated.<span>  </span>We certainly aren?t at that point, but the control over our names and personal data by business and government has set the stage for the next step.<span>  </span>As Erich Fromm wrote in the book?s ?Afterword,? Orwell warns us that, unless drastic changes are made, people will become ?soulless automatons.?<span>  </span>If you look closely at Orwell?s ?Party? in <i>1984</i>, as the representation of the all-powerful force that controls every aspect of the people of the fictional country of </span><?xml:namespace prefix =" st1" ns =" "urn:schemas-microsoft-com:office:smarttags"" /><st1:place><span>Oceania</span></st1:place><span>, it is easy to draw a comparison with the situation today, where our private information is under the exclusive control of government agencies and business.<?xml:namespace prefix =" o" ns =" "urn:schemas-microsoft-com:office:office"" /></span></p>
<p class="MsoNormal"><span><o> </o></span></p>
<p class="MsoNormal"><span>There is only one way to protect the use of consumers? names and personal data.<span>  </span>Pass federal legislation to give the individual control over this private information, and, while we?re at it, pay them for its use.<span>  </span>You can read about it in my blog, The Dunning Letter at: <a href="http://thedunningletter.blogspot.com/2006/07/independence-is-control-over-your-name.html">http://thedunningletter.blogspot.com/2006/07/independence-is-control-over-your-name.html</a></span></p>
<p class="MsoNormal"><span><o> </o></span></p>
<p class="MsoNormal"><span>Jack E. Dunning</span></p>
<p class="MsoNormal"><st1:place><st1:city><span>Cave Creek</span></st1:city><span>, </span><st1:state><span>AZ</span></st1:state></st1:place><span><span>   </span></span></p>
</span> </p>
<p class="MsoNormal"><span></span> </p>

Back to After Hours Forum
65 total posts (Page 1 of 7)   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums