Children’s Healthcare of Atlanta (CHOA)

Whether treating a toddler in an emergency or supporting a teen through chemotherapy treatments, Children’s Healthcare of Atlanta (CHOA) is dedicated to the care of each patient. It's through teamwork at every level and with families that CHOA is able to achieve excellence in pediatric care.

John Schlichter (OPM Experts LLC) led the program to implement our first Break-the-Glass system to protect VIP patients at Children’s Healthcare of Atlanta, securing records of high profile patients and establishing need-to-know tracking protocols. This high priority and highly visible project involved a range of executive stakeholders including the Chief Operating Officer, the Vice President of Physician Practices, the Senior Vice President of Operations Scottish Rite, the Senior Vice President Operations Egleston, the Senior Vice President MAC, the Vice President Ops HSOC, the Chief Privacy Officer, and the Director of Information Security. The project launched successfully with zero issues and is now a live capability.
— Joyce Coleman, CHOA’s Chief Nursing Officer
The way John Schlichter managed this program is how we should manage all programs.
— Stoddard Manikin, Director of Information Systems Security

Challenge

Children’s Healthcare of Atlanta (CHOA) treats more than 326,000 children every year and is the largest Medicaid provider in Georgia. Imagine a situation where the child of a public figure or a child at risk of kidnapping or at risk of information about their medical situation being leaked arrived in one of CHOA’s emergency rooms. How would they lock that situation down to secure the child? CHOA urgently needed to establish an emergency-access solution called “Break-the-Glass” to allow operators emergency access to systems in cases where normal authentication protocols could not be successfully completed. These systems included medical data acquisition devices and other systems collectively referred to as Medical Information Systems.

Solution

We facilitated the initiating, planning, executing, controlling, and closing of the projects required to implement Break-the-Glass based upon pre-staged emergency user accounts that could be managed in a way that would make them available with reasonable administrative overhead. The solution could be used with a broad range of existing systems and architectures that required operators to login before access was formally granted. Any VIP patient would be designated VIP upon arrival at the CHOA facility, at which point only the team members treating the patient would be allowed access to the patient and the patient’s records. Anyone else attempting to gain access would trigger alerts, their actions would be monitored automatically, and security protocols would engage.

Results

We managed the program from cradle to grave. We led design of the system through articulation of user stories, which were used in turn to test the system, which completed one day before going live. We deployed the system with zero defects. The methods we used to manage the program were new to CHOA, which had not used Agile techniques before, but the sponsors asked for our approach to managing the projects of this program to be institutionalized for all similar projects going forward. CHOA gained a capability to protect its patients with a level of rigor that was unprecedented in its history.