Following the Breakfast Insight session on government data centres, OpenGov held another session on July 19, focusing on data centres, this time in the healthcare sector (report from the 2016 session). Senior ICT executives from several public and private healthcare providers joined the discussion, sharing their knowledge and airing their concerns.
After opening remarks by Mr. Mohit Sagar, Managing Director and Editor-in-Chief of OpenGov Asia, Mr. Michael Kurniawan, Vice President, IT Division – Singapore, Schneider Electric asked the delegates how they contribute to their business of caring for patients with their data centres. He said that the objective of the discussion would be to learn the roadmap these healthcare IT leaders in Singapore had envisaged and how Schneider could help them achieve that.
Guest speaker, Greg Boorer (below left), CEO, Canberra Data Centres (CDC) noted that healthcare is undergoing a transition at the moment, as everything is being digitalised. The new hospitals are highly data-centric. They require significant amount of compute capacity to undertake operations. For doctors to have reliable information at their fingertips, reliable IT systems are required, which are based on a foundation layer of power and cooling infrastructure.
Some of the base infrastructure was not designed and built with the highly digitalised outcomes of today in mind. Consequently, they might not have the required level of resilience and redundancy. Moreover, the sector has some of the most unsecure endpoints going around.
The end-to-end integration of the systems and data and growth in the data presents exciting opportunities, as well as threats.
Polling questions and discussion
The first question was, ‘If your data center is down, which is the most critical to your organisation?’ Majority (60%) selected medical records.
Mr. Koh Choon Kiat (below left), Assistant Director Infrastructure Services, H-Cloud (Health Cloud) Services, Integrated Health Information Systems (IHiS[1]) was among the few who selected ‘Patient Admissions and Billing Systems’. He explained that most hospitals will have downtime systems for accessing medical records and for patient care. But there might not be any for the administration work, such as admissions and billing.
Mr. Lau Yock Kai, Manager, Management of Information Systems, Ren Ci Hospital had picked ‘others’. He had communication in mind, saying that once when the servers went down, people seemed forget that there are alternatives like phones, which they hadn’t relied on for a long time.
When asked about the resiliency of their IT and network infrastructure, 56% of delegates rated their resiliency as ‘high’ and 44% as ‘medium’.
Mr. Teo Kah Ling, Chief Information Officer at the Raffles Hospital was among the participants who selected ‘medium’. He explained that some of the ones who responded ‘medium’ might be relying on external network infrastructure. Even if their own data centre is reliable, the ISP’s exchange going down could affect operations.
Mr. Sagar queried that if the external network connectivity goes down, then do the hospitals have the capability to continue operations?
Mr. Koh responded that they have downtime systems, people fall back to paper. But it has an adverse impact on efficiency. Capacity goes down. If patients have to go through that, it could become an issue of adverse public perception. So, the tolerance is very low. Maybe the hospital or polyclinic could rely on downtime systems for at most a couple of hours, while limiting the negative repercussions. So, resiliency is critical for data centres hosting mission critical systems.
In order to address the risk of using telco’s connectivity brought up earlier in the discussion, Mr. Koh said that IHiS follows the path of diversification, diversification in terms of exchanges, hubs and telcos, so as to spread out the risks and have alternatives and back-ups available in all situations. It increases the costs incurred but it significantly improves resiliency.
“Is medium good enough?” Mr. Kurniawan asked.
It might be, depending on the criticality of the infrastructure was the reply from most of the delegates. The Assistant Director of Information Technology at TTSH, Mr. Samuel Wong (below left), elaborated that there are the high reliability data centres run by IHiS and then there are the small, localised data centres located on the hospital premises. Reliability for the latter ones is not at the same level as the H-Cloud. But all the main, mission critical systems, such as patient records, are housed in the centralised government data centre.
Mr. Koh followed up saying that the direction is to continue to move mission-critical systems to the cloud, while systems like those controlling robots stay on ground at the hospitals because they have to be situated near the robots. Systems controlling gantry, visitor systems can also stay on the ground.
But he agreed that the surge in Internet-of-Things (IoT) devices might lead to rise in on-site computing demand. To do more with a smaller footprint, the newer data centres are using virtualisation and higher density racks.
The delegates were asked which day-to-day operations in their data centre were employees are doing manually. Around 43% selected IT asset inventory management, 29% said hardware planning and implementation management and 14% answered maintenance management and facility monitoring each.
The answer to this question could be dependent on what exactly is meant by automation. Mr. Koh said that IHiS data centre operations are around 80% automated (does not mean through the use of AI or bots), including automated collection of data for decision-making. But human involvement is still usually required at some stage.
‘Safety and security’ was selected by 70% of attendees as the most urgent data centre issue to be resolved. This answer turned the flow of the conversation towards cybersecurity, in the context of data centres and otherwise.
Mr. David Wong, Deputy Director Information Technology, Agency for Integrated Care (AIC) and Ms. Saraswathi Sinnappan, Senior Manager, HR, Admin & Information Technology at Singapore Cancer Society talked about governance, access rights, having the right policies in place
and ensuring compliance.
It was pointed out the security issue isn’t just a data centre issue. Several applications are not designed with security focus. In fact, the data centre is locked down and has multiple layers of security and it would be easier to train data centre management in the adoption of best practices. The applications and end users might pose a bigger risk.
With IoT devices, the challenge is to segregate the IoT systems from the critical systems and still allow the former to function smoothly.
For IHiS, the focus has shifted from perimeter defence to the human factor. There are continuous efforts to educate and test people’s awareness. No amount of investment in perfect systems can help if the people issue is not fixed.
Energy efficiency, power and cooling capacity and manpower constraints pose challenges but ongoing technological innovation can help in those areas. Technology cannot resolve the security/ safety concern.
Notwithstanding the challenges, everyone agreed that going back is not an option. You cannot go back to paper for cybersecurity. So, the risks have to be managed through due diligence and if a successful attack happens, the damage has to be contained.
[1] IHiS is the public healthcare IT shared services provider in Singapore. H-cloud is the consolidated cloud which hosts mission critical systems for all public hospitals, specialty centres and polyclinics. The H-Cloud was developed by IHiS together with Schneider Electric and is based on a modular architecture that provides a single platform for clinicians to access, analyse, and update patient EMRs, while also guaranteeing disaster recovery and uptime for all clinical centres during and after any emergency.
