1 / 21

Operating as a Hybrid Entity at Cornell

Operating as a Hybrid Entity at Cornell. John Ruffing – jr17 @cornell.edu Assistant Director, Center for Advanced Computing (CAC ) Cornell University Associate Director, Information Technology and Services Weill Cornell Medical College. Overview. Informing Perspectives

ricky
Download Presentation

Operating as a Hybrid Entity at Cornell

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Operating as a Hybrid Entity at Cornell John Ruffing – jr17@cornell.edu Assistant Director, Center for Advanced Computing (CAC) Cornell University Associate Director, Information Technology and Services Weill Cornell Medical College www.cac.cornell.edu

  2. Overview • Informing Perspectives • Organizational “Objects” • Cornell Logistics www.cac.cornell.edu

  3. Perspectives • Institutional • Individual www.cac.cornell.edu

  4. Perspectives: Institutional • Medical campus • Significant separation • Distance, governance, ERP • Burdens • Extensive • Expensive (potentially) www.cac.cornell.edu

  5. Burdens: Extensive • Executing • Administrative • Technical • Physical • Maintaining • Documentation • Training/Awareness • Periodic Review www.cac.cornell.edu

  6. Perspective: Individual • Medical campus • Previously led • EHR implementation (Epic) • SAP technical teams • Coordinate IT aspects of audit www.cac.cornell.edu

  7. Overview • Informing Perspectives • Organizational “Objects” • Cornell Logistics www.cac.cornell.edu

  8. Organizational Objects • Covered Entity • Organized Healthcare Arrangement • Business Associate www.cac.cornell.edu

  9. Covered Entities • Health Plans • Healthcare Clearinghouses • Healthcare Providers who • Electronically transmit • Any health information in connection with • Transactions for which HHS has adopted standards www.cac.cornell.edu

  10. Typical HPC Providers • Not covered entities themselves • Not part of covered entity • Handling identifiable data • Within the same institution • Ultimately from a covered entity www.cac.cornell.edu

  11. Covered Entity Trap • Entire legal entity • Often more than really applies • Unnecessary burden • Extent • Expense www.cac.cornell.edu

  12. Hybrid Entity Escape? • Covered components • Same criteria as entity • Distinct and relevant • Function • Governance • Formal designation www.cac.cornell.edu

  13. Cornell as Hybrid Entity • Four components • Medical campus • Student health center • Benefits • Counsel • Where is HPC? www.cac.cornell.edu

  14. Typical HPC Providers • Not covered components themselves • Not part of covered component • Resistance to including • Burden • Definition www.cac.cornell.edu

  15. Business Associate • Relationship to covered entity • For or on behalf • Other than in the workforce • Separate legal entity www.cac.cornell.edu

  16. Overview • Informing Perspectives • Organizational “Objects” • Cornell Logistics www.cac.cornell.edu

  17. Where is HPC? • Privacy Rule • Extend the workforce • Security Rule • Extend the protections • Only as needed www.cac.cornell.edu

  18. Including HPC at Cornell • Reminder: medical campus perspective • Extending walled garden • Potential savings • Not yet trying to share full resources • Three aspects www.cac.cornell.edu

  19. Including HPC: Physical • Co-lo • Already has personnel controlling and logging • Rationale for remote location • Separate racks • Separate keys and associated controls www.cac.cornell.edu

  20. Extending to HPC: Technical • IP Network • Extension of med network into data center • With all security trimmings • Air gap (garden wall) to other networks • Storage • Separate physical disks • Shared array, on private management network • Shared storage switch • Separate when volume makes feasible www.cac.cornell.edu

  21. Extending to HPC: Administrative Sharing • Workforce • The lesson of athletics • Sysadmins leverage med training and awareness, follow documentation and procedures • Joint position supervision (direct control) • Compliance • Elements accountable within garden • E.g. shared array, on private management network • Other frameworks and HITRUST www.cac.cornell.edu

More Related