Children’s Healthcare of Atlanta (CHOA)
Children’s Healthcare of Atlanta (CHOA) treats more than 326,000 children every year and is the largest Medicaid provider in Georgia. Imagine a situation where the child of a public figure or a child at risk of kidnapping or at risk of information about their medical situation being leaked arrived in one of CHOA’s emergency rooms. How would they lock that situation down to secure the child? CHOA urgently needed to establish an emergency-access solution called “Break-the-Glass” to allow operators emergency access to systems in cases where normal authentication protocols could not be successfully completed. These systems included medical data acquisition devices and other systems collectively referred to as Medical Information Systems.
We facilitated the initiating, planning, executing, controlling, and closing of the projects required to implement Break-the-Glass based upon pre-staged emergency user accounts that could be managed in a way that would make them available with reasonable administrative overhead. The solution could be used with a broad range of existing systems and architectures that required operators to login before access was formally granted. Any VIP patient would be designated VIP upon arrival at the CHOA facility, at which point only the team members treating the patient would be allowed access to the patient and the patient’s records. Anyone else attempting to gain access would trigger alerts, their actions would be monitored automatically, and security protocols would engage.
We managed the program from cradle to grave. We led design of the system through articulation of user stories, which were used in turn to test the system, which completed one day before going live. We deployed the system with zero defects. The methods we used to manage the program were new to CHOA, which had not used Agile techniques before, but the sponsors asked for our approach to managing the projects of this program to be institutionalized for all similar projects going forward. CHOA gained a capability to protect its patients with a level of rigor that was unprecedented in its history.