The Mayo Clinic has built up a unique experience in the use of intranet for effective health care management. Treatment protocols and information transfer between individual caregivers are no longer organised in physical meetings but through computer communication which saves printing and distribution costs. Since most intranet applications involve the handling of confidential patient records, the security issue has been taking very seriously during the past decade. A separately installed data security department is dealing with the huge technical problems of safe intranet data traffic. The greatest challenge of all lies however in the delicate human factor to make the Mayo health care colleagues, spread over the different departments, aware of the importance of mutual information exchange.
The Mayo intranet links the clinic sites in Rochester Minnesota, Jacksonville Florida, Scottsdale Arizona and a few other, smaller locations, with a double goal. First, communication between health care providers has been improved largely and second, a paperless environment is being encouraged. In Europe, several Esprit-funded projects such as Cobra, Riche, Thesis and Wide, are now developing similar hospital management initiatives but the Mayo intranet already is operational since ten years. The intranet tool enables clinicians to inform each other about work and conference schedules, medical procedures, drug ordering, patient lists, ...
During the past decade, Mayo Clinic has installed many of the Internet protocols and technologies in its internal network which runs off of Unix, Microsoft Windows NT and Apple Macintosh Web servers. Each computer terminal within the Mayo sites can be connected to the intranet. Private leased T1 telecommunications lines guarantee fast and secure data transmission using the common web browser software. Every department has its default home page but any authorised user can navigate to other areas of the Mayo intranet without format, content and access being changed.
Three information categories are provided on the intranet: static material like manuals, procedures guides and policy books; data collection and retrieval functions organising the use of infrastructure, laboratories and surgical rooms and finally, transaction-based applications which have been recently set up and which include the complex patient care-related systems. In this area, the Mayo information services staff has to move carefully by introducing smart card and thumbprint identification systems. At present, Mayo is developing its own computer-based patient records program but hasn't decided yet whether it will be deployed on the intranet or some other platform.
Mayo maintains a severe security policy. Its intranet is connected to the world wide Internet at only one particular place, protected by a firewall that manages all inbound and outbound data traffic. Furthermore, built in technologies such as Secure Socket Layer encryption and basic password protection systems are used throughout the intranet. Every individual user has to take up his responsibility and must thoroughly reconsider the equilibrium between information sharing and confidentiality. The data security department executes a regular check up of the intranet content through a committee of representatives from different departments.
The chief security officer might face a difficult task in safeguarding confidential data but an even more challenging mission is to change individual habits of storing information in order to avoid duplication of work and make it useful to colleagues. Information for this contribution has been gathered from a detailed study on the Mayo intranet by Bill Siwicki. His article can be purchased on the Health Data Management web site. For more details on the European hospital management projects, we refer to VMW's January issue.