Secure, reliable access to patient data

T-Systems has provided the two Frankfurt hospitals managed by the Red Cross with an end-to-end solution giving doctors effective, secure access to electronic data on patients.

The customer

Two hospitals operated by the Red Cross in Frankfurt.

The two Frankfurt hospitals operated by the Red Cross are amongst the city’s best known and best respected. The first facility has a total of 250 beds, the second 230. Together, they treat around 19,000 people a year.

Inpatients at the two hospitals are treated by physicians drawn from 70 local medical practices in and around Frankfurt, rather than by in-house employees; the hospitals provide the corresponding infrastructure, and nursing and auxiliary staff. In other words, doctors refer their own patients to the hospital, and then treat them during their stay, providing continuity of care. Not only is this popular with patients, it is also good for budgets, for instance by eliminating the need for repeated medical tests. The hospitals are therefore a prime example of how inpatient and outpatient processes can be integrated to improve the efficiency of the healthcare service.

The challenge

Protection of sensitive data

To perform their tasks efficiently, doctors require direct, secure access to up-to-the-minute patient data – often when they are not physically present in the hospital, but working from their local surgery. “To ensure the best possible provision of information to all stakeholders, we require state-of-the-art communications technology,” says Immo Eitel, IT Director for the two hospitals. Patient and other data is maintained on central servers. Doctors can access this information, including electronic patient records, from their offices via ISDN lines. This requires a high-performance Internet connection, as well as a data line linking the two hospitals. Eitel again: “We want doctors to be able to access patient records from their own PC, as if the data were residing on their own hard disk. It should be just like working at a desktop system within the hospital.”

Moreover, the Red Cross wanted safeguards for patient privacy. “Obviously we needed a solution that guaranteed high standards of security. We cannot allow patient information to fall into the wrong hands,” explains Eitel. They found the right partner in the fixed-line telephony division of Deutsche Telekom, today know as T-Com. The communications specialist provided Internet connectivity, the data lines, and – most importantly – the corresponding security systems. Immo Eitel: “Deutsche Telekom was able to provide us with effective, highly compatible products for both data exchange and security functions.”

The T-Systems solution

Secure data communications based on T-Systems products

The primary server is linked to the Internet by means of CompanyConnect, a T-Systems solution. As a result, it guarantees uninterrupted access, with no need for time-consuming dial-up. Bandwidth is 128 kilobit per second for both downstream and upstream transfer. Internet communications are protected against external attacks by means of a made-to-measure managed firewall, which T-Systems monitors continuously, and regularly updates. The two hospitals are connected by means of a city network from T-Systems, with bandwidth of 2 megabits per second in both directions, routed via the T-Com landline network. LineCrypt enables powerful encryption of data transferred.

For Internet-based data transmission to doctors’ surgeries, Deutsche Telekom deployed its OneTimePass technology for one-time password protection. Put simply, the user inserts a smart card into a terminal connected to his PC, and then enters a PIN number to generate a password valid for a single transaction, and confirmed on each occasion by a dedicated Deutsche Telekom trust center.

The scenario: Complete protection for patient information

Both Frankfurt hospitals work with electronic patient records – in other words, patient data, test results, and even x-rays, are stored in digital form. Reports on operations, physicians’ correspondence, and even patients’ menu choices are captured electronically. Hard-copy documents are scanned, and stored on the central servers in electronic form.

Doctors can access the hospital server from their surgery, or even from their own homes, via ISDN dial-up connections. The CompanyConnect solution ensures rapid response times even when multiple doctors are accessing data at the same time. Made-to-measure client-server architecture ensures that the look and feel of the applications are consistent – be it for access via a PC in the home, in the surgery, or in the hospital. Eitel: “The physician employs a virtual PC.” Via the ISDN connection, the doctor is able to reserve hospital beds and operating rooms, and view the results of laboratory tests. And, once the patient has been discharged, the doctor retains access to the electronic patient record.

The future: Further enhancements

Currently, 30 external doctors use the informations and communications system, and more are set to follow. “Online communications with the two hospitals saves doctors time and money, and patients benefit from continuity of care,” concludes Immo Eitel. “The security solution implemented by T-Systems provides robust protection for sensitive data.”

Moreover, the scope of online services for doctors is to be extended. Eitel: “We plan to allow doctors to use our internal procurement system to buy supplies for their own surgeries. They will be able to sign their orders digitally using the Public Key Service from T-Systems.”