Exclusive | Leading the charge in healthcare IT

As the Chief Information Officer (CIO) of All India Institute of Medical Science (AIIMS), Delhi, what key responsibilities do you handle?

The role of a healthcare CIO is ever-evolving, with responsibilities expanding to include advanced technological implementations, cybersecurity, regulatory compliance and strategic decision-making. Key responsibilities include:

Strategic planning: Developing and implementing a comprehensive IT strategy aligned with the organisation’s overall healthcare goals, including patient experience, quality improvement and adaptation of new technologies.
Technology evaluation and selection: Researching and selecting new IT systems and applications, such as Electronic Health Records (EHRs), automation of labs, Artificial Intelligence (AI), Augmented Reality (AR)/ Virtual Reality (VR)/ Extended Reality (XR), patient portals, telehealth platforms and data analytics tools.
IT infrastructure management: Overseeing the day-to-day operations of the IT department, including network management, DC management, system maintenance and data backup.
Digital transformation: Leading initiatives to modernise the organisation’s IT infrastructure and business processes
Cyber security leadership: Implementing robust security measures to protect patient data and comply with the Electronic Medical Record (EMR) standard.
Clinical collaboration: Working closely with clinicians to understand their needs and ensure that new technology seamlessly integrates into clinical workflows.
Budget management: Developing and managing the IT budget, including vendor contracts and cost optimisation strategies.
Staff training and development: Providing training to healthcare staff on new IT systems and applications.
Data analytics and reporting: Utilising data analysis to identify trends, improve patient care, and inform decisionmaking.
Vendor management: Negotiating contracts with IT vendors and managing relationships with external technology providers.
Compliance and regulatory adherence: Ensuring that IT systems comply with relevant healthcare regulations like HIPAA and Meaningful Use.

Some of the important aspects of a healthcare CIO’s role are as follows:

Understanding clinical needs: A CIO must have a deep understanding of clinical operations and patient care processes to implement technology solutions that enhance patient experience.
Communication and collaboration: Effectively communicating with various stakeholders, including clinicians, administrators and IT staff is crucial for successful technology adoption.
Leadership and vision: A healthcare CIO needs to be a visionary leader who can guide the organisation towards utilising technology to achieve its strategic goals.
Sustainability: Implementing green initiatives to help the organisation to be more environmentally responsible
Teaching: Teaching to M.Bio Tech, M.Sc and B.Sc (Nursing), teaching to the students who are in fellowship
Research: As CIOs, participate in the research activities that bring new technology in healthcare.
Training: Two-year training programme for defence doctors on medical informatics

AIIMS is a leading healthcare institution. How does your IT strategy align with its long-term vision and objectives?

Aligning an IT strategy with a long-term vision and objectives means ensuring that the technology investments and initiatives chosen are directly supporting quality patient care, operational efficiency and future growth, by utilising technology to achieve desired outcomes like improved quality, cost reduction and enhanced patient and doctor experience over a sustained period.

Key aspects of aligning IT strategy with long-term vision:

Patient-centric focus: Prioritising technology solutions that directly improve the patient experience, such as patient portals, telehealth capabilities and personalised care plans, aligned with the vision of providing patient-centred care.
Data-driven decision making: Implementing robust data analytics systems to gather and analyse patient data, allowing for informed decision making and strategic planning based on long-term trends and insights.
Interoperability and integration: Choosing systems that can seamlessly integrate with the existing and future healthcare infrastructure, facilitating data sharing and collaboration across different providers and departments, crucial for long-term coordination.
Innovation adoption: Staying abreast of emerging technologies like Artificial Intelligence (AI), Machine Learning (ML), AR/VR/XR and robotics to identify potential applications that can enhance care delivery and support the organisation’s long-term vision for advanced healthcare.
Cybersecurity preparedness: Robust cybersecurity measures to protect patient data and maintain trust, critical for long-term sustainability and reputation of the institute.

The alignment can be achieved via the following:

Strategic planning: IT needs and goals into the overall institute strategic plan, ensuring alignment with the long-term vision.
Collaboration: Foster open communication between IT leadership, top management, clinical staff and administrative teams to understand the needs and priorities for technology solutions.
Cost-benefit analysis: Evaluate the potential Return on Investment (RoI) for technology initiatives, considering both short-term and long-term benefits.
Regular evaluation and adaptation: Continuously monitor the performance of IT systems and adjust strategies as needed to maintain alignment with evolving healthcare landscape and long-term goals.
Key Performance Indicator (KPI): To monitor and assess the quality of care provided to patients, identify areas for improvement, and ensure accountability across institutes.

AIIMS faced a major cyberattack in 2022. What lessons were learned, and what security enhancements have been implemented since then? How is the institution incorporating Digital Health Records (DHRs) and Electronic Medical Records (EMRs) to enhance efficiency?

The magnitude of these breaches in healthcare organisations is alarming. The year 2023 set a new high for the number of breached healthcare records, totalling over 133 million. This represents a 156 per cent increase from the previous year, demonstrating not only the frequency, but also the scale of these incidents.

Cyber security: Cyber security in healthcare involves the protecting of electronic information and assets from unauthorised access, use and disclosure. There are three goals of cyber security: protecting the confidentiality, integrity and availability of information. It consists of a range of actions to safeguard AIIMS from internal and external cyber-attacks, guarantee the availability of medical services, maintain confidentiality, ensure the proper operation of medical systems and equipment and integrity of patient data, and comply with industry regulations.

SOC in AIIMS on Open Source Application: Security Operations Centre (SOC) devices in an organisation like AIIMS play a crucial role in maintaining the security and integrity of sensitive data, particularly in a healthcare environment where patient information and other sensitive data must be protected.

Common causes of data breaches in healthcare in India: The healthcare industry, while advancing in digital capabilities, faces significant vulnerabilities that attract cybercriminals. The common causes of data breaches in this sector can be broadly categorised into system vulnerabilities, human error and cyber attacks. Each category presents unique challenges and requires targetted strategies to mitigate risks effectively.

Preventive measures for healthcare data security: To safeguard sensitive health information effectively, healthcare organisations must establish a robust cyber security infrastructure. This involves implementing strong encryption protocols for data at rest, and, in transit, ensuring that even if data is intercepted, it remains secure and unreadable. Additionally, robust access controls are crucial. Adopting the principle of least privilege ensures that employees have access only to the data necessary for their roles, thereby minimising the risk of insider threats and reducing the potential for unauthorised data access. Regular updates and reviews of access controls are essential to adapt to changes in staff roles and responsibilities.

Regular audits and risk assessments: Conducting regular security audits and Cyber Security Maturity Assessments (CSMAs) is vital for identifying and addressing vulnerabilities within healthcare systems. These audits, carried out by internal or external experts, help to ensure that security measures are up-to-date and effective. For organisations facing financial and logistical constraints, prioritising audits of the most critical systems offers a manageable approach. Regular risk assessments are also crucial as these help healthcare organisations to identify potential risks to patient safety, data privacy and regulatory compliance, thereby enabling them to prioritise resources and implement appropriate mitigation strategies.

Staff training and awareness: The human element plays a significant role in cyber security. Providing comprehensive Security Awareness Training (SAT) helps to change employee behaviour and strengthens the overall security posture of the organisation. Training should include topics such as recognising phishing attempts, the importance of strong password practices and the proper handling of patient data. Regular and focussed training sessions enhance staff awareness and preparedness against cyber threats. Additionally, including simulated phishing emails and reviewing actual scenarios of healthcare breaches in training sessions can be particularly effective in educating staff about the best practices in cyber security.

Implementing these preventive measures is essential for healthcare organisations to protect against data breaches and cyber-attacks, ensuring the security and privacy of patient information.

Digital Health Records (DHRs), particularly Electronic Medical Records (EMRs), enhance efficiency in healthcare by providing quick access to comprehensive patient information, streamlining administrative tasks, enabling better coordination of care across different providers and facilitating data analysis for improved decision-making, ultimately leading to faster and more effective patient treatment.

Key ways EMRs improve efficiency:

Faster access to patient data: Doctors and nurses can instantly access complete patient history, lab results, medications and previous diagnoses, eliminating the need to search through paper charts, which saves time and minimises delays in treatment decisions.
Reduced administrative burden: Automated tasks like generating prescriptions, appointment reminders and billing codes reduce administrative workload for healthcare providers, allowing them to focus on patient care.
Improved care coordination: With a centralised digital record, different healthcare providers involved in a patient’s care can easily access and update information, promoting better communication and coordinated treatment plans.
Clinical Decision Support System (CDSS): EMR systems can provide real-time alerts and reminders based on patient data, like drug interactions or necessary follow-up tests, helping clinicians to make informed decisions.
Data analysis and reporting: EMRs enable easy aggregation and analysis of patient data for research, quality improvement initiatives and population health management.
Patient engagement: Patient portals allow patients to access their medical records, view test results, communicate with providers and actively manage their health.

The integration of 5G in healthcare is a hot topic. How do you think it will impact medical institutions like AIIMS?

The 5G technology, with its low latency, high speed, enhanced high-resolution bandwidth, superior reliability and less energy consumption, is bound to transform telemedicine and the healthcare industry as a whole. This next-generation wireless networking technology has many far-reaching implications in both preventive and therapeutic care of patients. Remote monitoring of patients is possible with wearables facilitated by robust sensors coupled with a 5G network. Virtual patient consultation, AR- and VR-based simulated surgeries, AI-powered robotic surgeries, real-time maintenance of ambulances and other medical devices, and dynamic huge data repository are some of the other applications of 5G technology in the health sector.

The adoption of blockchain in healthcare is gaining traction. Do you see AIIMS implementing such technologies in future?

In AIIMS, there are five stage-integrated recruitment processes for selection at different levels– to integrate the end-to-end recruitment process of vacancy and advertisement, online application, scrutiny of the application, governance of CBT and interview process, and declaration of results as per reservation criteria and norms. The end-to-end software data (roster, recruitment rules, reservation rules, Preliminary Applicant Score (PAS), final results) is on blockchain technology and database for security and privacy.

The processes and data are strictly confidential which have the capabilities of developing dynamic, responsive forms, capturing biometrics and its verification at the appropriate time, integrated AIIMS’s old interview system, preparation of results, developing and integrating applications including a mobile app (android and Mac) for different stakeholders to capture details as per the requirement of AIIMS at every stage and integrated into Examinations Block Chain.

The software helps the process of creating enterprise-grade, private permissioned distributed digital ledger frameworks and code bases to store examination-related transactions in a secure, transparent, immutable manner in the blockchain. It will be a convergence of high-speed computing and storage interconnected as per set SOPs and authentication, creating a fabric for storing transactions in a distributed manner to achieve the following:-

Distributed digital ledger for transactions at various stages of examination
The ledger will be immutable
To build trust, transparency and good governance.
The fabric will be extended in future towards quantum computing

AI-powered chatbots and virtual assistants are also transforming patient interactions. How do you see AIIMS incorporating these technologies?

Healthcare chatbots play a crucial role in initial symptom assessment and triage. They ask patients about their symptoms, analyse responses using AI algorithms, and suggest whether immediate medical attention is required, or if home care is sufficient.

AI chatbots are commonly used in social media messaging apps, standalone messaging platforms, proprietary websites and apps, and even on phone calls (where they are also known as Integrated Voice Response (IVR)). Typical use cases include: timely, always-on assistance for customer service or human resource issues.

The future of chatbots in healthcare lies in AI advancements, enabling more accurate diagnoses, integration with wearable devices for real-time monitoring and voice-based AI assistants for enhanced accessibility.

What’s your opinion on the key emerging technologies in healthcare IT that you believe will revolutionise patient care? How do you see the role of a CIO evolving in the healthcare industry, particularly in an institution as large as AIIMS?

The key emerging technologies in healthcare IT that will be seen in next few years are as follows: