Penn Medicine Academic Computing Services Newsletter
Newsletter

IS Leadership Insights from Brian Wells

Leadership Insights

At the end of January, a major milestone was reached in clinical research informatics at Penn Medicine. To prepare for this milestone, on 12/2/2016 patient registration data began flowing from the PennChart EMR into our enterprise Clinical Trial Management System (CTMS). On 1/30/2017, information collected on newly created cancer studies in Velos automatically creates new study records in the EMR. This data will show the enrollment status of subjects (who are also patients at Penn Medicine) and will remain electronically synchronized between the two systems. These automated electronic interfaces now eliminate the manual duplicate data entry processes; improve data quality, provide timeliness and accuracy; ensure that clinicians are aware of a patient’s research status; and lay the foundation for future improvements to occur later this year in research billing reconciliation.

These links between the PennChart EMR and Velos systems have been in the works for two years as part of a significant investment made by Penn Medicine in clinical trial informatics improvements. This milestone could not have been achieved without a strong partnership between the Office of Clinical Research (OCR), Information Systems and our shared user community. Congratulations to all!

After the second PennChart 2 go live on 3/4/2017, additional departments will begin the transition from their existing trial management processes to the Velos system and associated processes. OCR, IS and department leaders are now working on the implementation order. The enterprise wide deployment of Velos could take several years. Once complete, it will place Penn Medicine among a small number of academic medical centers using an enterprise EMR that is tightly integrated with an enterprise CTMS. This is an impressive accomplishment - one that will benefit researchers, their subjects and other clinicians that are members of the care team.

Metrics

HPC Statistics

(November 2016)

  • CPU Hours — 1,208,300
  • Disk Activity (TB) — 1,380
  • Archive Activity (TB) —766
  • Total Number of Users — 425
LIMS Statistics

(November 2016)

  • Total Number of Users — 115
  • Total Samples — 398,310
CTMS Statistics

(November 2016)

  • Total Studies – 2,897
  • Total Subject – 79,311
  • Total Active Accounts - 317
Customer Service Group (CSG) Tickets

(November 2016)

  • Total Number of Users — 1,781
  • Total Support Hours — 3,263.16

Technology Initiatives

Administration

AMP Admissions System

In 2002, the School of Medicine Information Services (SOMIS) team built the existing student admissions system used by Undergraduate Medical Education (UME). This build was driven primarily by 1) the lack of vendor software available for the medical school market 2) the cutting-edge Perelman School of Medicine UME curriculum that did not fit into traditional university admissions software model. The SOMIS admissions system, now owned and maintained by PMACS, has served us well. However, given the rapid evolution of programming languages and systems emerging over the past several years, there are now better options on the market.

In light of these developments, the Admissions office and PMACS are working together to replace the existing admissions system with a combination of vendor and custom software. The project is underway with the goal of implementing AMP by June 2017. In the first phase of the project, we will be implementing a vendor solution named AMP to replace common admissions functionality such as admissions applications and status pages. In phase two of the project, the PMACS software development team will focus on refactoring the admissions processes that are unique to the Perelman School.

The new approach of leveraging both vendor and in-house developed software provides a way to eliminate aging, hard to maintain software while maintaining the unique characteristics of our admissions process.

Directory Consolidation Project

In computing, a directory service is a repository of computing resources on a network. These resources can include data volumes, folders, files, printers, users, groups, devices, telephone numbers and other items. Given the information the directory service holds, it is a critical management resource for all information service teams.

When PMACS was formed, we inherited multiple directory services from the various predecessor teams (e.g., CCEB, ACC/AFCRI, SOMIS, etc.). We spent the last two years consolidating these services into one new directory built on Microsoft’s Active Directory (AD), an industry standard. Every directory service that was converted had its own methods and structures for tracking resources which had to be migrated to a common approach.

In December 2016, we successfully completed the consolidation for all Windows-based devices and resources. There are multiple benefits gained from the consolidation:

  • For PMACS
    • Simplified administration and resource management
    • Reduced administration costs, increased security, and additional functionality
    • Interoperability with other directory services (e.g., ISC, UPHS)
  • For PMACS users
    • Increased network security and reduced number of accounts and/or single sign-on

Going forward, PMACS will continue the second phase of the project, binding Apple resources to Active Directory. The ability to join Apple devices to directories is a recent development facilitated by Apple’s move to be more enterprise-friendly. Finally, PMACS will be looking for ways to establish more security trusts with UPHS to facilitate better information security, streamline user accounts, and system access.

Education

New Information Security Policy

Data security has become a tougher challenge in the modern age, with increased threats of ransomware and phishing attempts along with the existing computer viruses. Hackers are increasingly targeting their attacks on high-value data such as credit card information, social security numbers, intellectual property, and health information. Universities and health systems are among the prime targets for these data.

In light of these increasing threats, the Perelman School of Medicine has just published a new data policy for the storage and transmission of Protected Health Information (PHI) and other personally identifiable information. This policy is a result of a joint effort between Penn Medicine, the University’s Office of Audit, Compliance and Privacy, and the Institutional Review Board (IRB).

Please take some time to review the policy:

http://www.med.upenn.edu/policy/user_documents/PSOMElecDataPolicy-signedversion.pdf

If you have any questions, please contact Information Security at medsecurity@mail.med.upenn.edu.

Research

Working Across the Penn Medicine Continuum

Like many processes and systems in our academic medical center, delivery of information technology often aligns across both the school of medicine and health system. While PMACS’s primary mission is to support the education and research missions in the Perelman School, we often work with our UPHS-focused peers to deliver IT solutions. Recent examples include the following projects:

Chronobiology Lab

Working together with our UPHS peers, PMACS helped outfit the new chronobiology lab on the HUP (Hospital of the University of Pennsylvania) campus. PMACS deployed desktop, laptop, and tablet computers in addition to data center-housed servers and storage. We also provided support to the Perelman School’s Media Technology and Production (MTP) team that supports the video components with the Chronobiology Lab.

Abandoned Housing Trial

Recently, Dr. Charles Branas, Professor of Epidemiology in the Perelman School, had a need for secure tablet computers that could be used in multiple locations for a study. An additional requirement was that the computers needed to be remotely managed in case of loss or theft. One of our Service Information Officers, Vince Frangiosa, worked with the Telecommunications team to provide Dr. Branas and his research team with iPads that are managed with the Mobile Device Management (MDM) software used to protect UPHS mobile-devices. Increasing integration in Penn Medicine was a chief reason for making PMACS part of Information Services. We continue to leverage the division’s multiple resources to support the educational and research missions of the Perelman School.

Update - PennChart Research

As noted in the spring 2016 newsletter, the PennChart Phase 2 Implementation includes substantial integration with the current PennChart Research application and provides significant improvement for research workflows. The new integrated platform will allow more streamlined enrollment and patient management within PennChart as well as streamline the billing processes related to research activities.

The October implementation for Chester County and Pennsylvania hospitals was successfully completed. Now, the March 2017 implementation at Hospital of the University of Pennsylvania (HUP), Penn Presbyterian Medical Center (PPMC) and Homecare/Hospice comes next. More information on the PennChart implementation is available on the UPHS intranet home page.

User Tip

Avoiding Phishing Attempts

Phishing is a form of social engineering that attempts to ‘con’ users into giving up sensitive information, for example personally identifiable or financial information. Communications that seem to be from popular social web sites, financial institutions, well-known companies, IT support staff, etc. are used to lure people into giving up information which could then be used to impersonate the individual for financial gain or some other reason.

Phishing is typically carried out through e-mail spoofing or instant messaging and it characteristically directs users to enter information at a fake website that looks very much like the legitimate website. Some quick tips to stay safe:

  • Be suspicious of attachments and unexpected e-mail messages.
  • Never reveal personal or financial information in e-mail, and never respond to e-mail requests for this information.
    • Legitimate organizations will never ask for this type of information in an e-mail.
  • Pay attention to the ‘make up’ of the message. It may look authentic, i.e. logos, URLs, etc., but there are typically mistakes, for example with grammar.
  • Never click on a link in a suspicious message; it could be used to spread malicious software. The domain name may appear to be the real domain name but it may have been altered. If you have reason to believe that the message is real, call the organization or go out to a web browser and enter the web address but don’t click on any links in the message.
  • Ensure that your antivirus is up to date and running in real time scan mode.
  • Take note if the message contains threats or a sense of urgency.
    • Cybercriminals often use threats to get what they want. The threat could make you let your guard down and cause you to respond quickly without thinking.

Remember, you can usually trust your instincts; if you think the message is suspicious it probably is, just delete it. If you continually have an issue with phishing, please contact the PMACS Service Desk or Information Security for assistance. Remember, security won’t work without you. YOU are the key to security at PSOM.

If you have questions or receive a suspect communication, please contact the PSOM Information Security Office at medsecurity@lists.upenn.edu or 215-898-8132.

For more security-related information, visit the PMACS Information Security web page: http://www.med.upenn.edu/pmacs/

Back to Top ↑