Collaboration is the Key to Cybersecurity in Healthcare

In the span of ten years, Martin Littmann transformed Kelsey-Seybold Clinic’s IT infrastructure into one of the most sophisticated in the healthcare industry

Martin Littmann isn’t a healthcare provider himself, but he’s been an important player in the southeastern Texas medical community for more than a decade. “I’ve always wanted to be part of a business where the focus is on making a positive difference in people’s lives,” Littmann says. “Kelsey-Seybold is an organization that is about keeping people healthy. There is no more exciting pursuit to me.”

After working as a consultant for IBM, Littmann joined Kelsey-Seybold Clinic in 2006 and became the organization’s chief technology officer and chief information security officer. The multispecialty physician group has twenty locations in the greater Houston area, and Littmann manages thirty of the clinic’s 140 IT professionals. His team works across the organization’s network, systems, security, and compliance functions.

Littmann’s first initiative was to upgrade the organization’s antivirus and Internet protection. From there, he and his staff implemented geographic blocking, encryption of all desktops and laptops, and the use of the FairWarning protected health information system.“When I came here in 2006, what we had at Kelsey-Seybold was fairly rudimentary,” he explains. “We beefed up what we were doing to ensure the protection of patient data. We achieved full encryption status before pretty much any other healthcare facility.”

Although these advances made a big difference, a natural disaster posed a new challenge. In 2008, Hurricane Ike swept through Houston. The tropical cyclone caused power outages and generator failure at Kelsey-Seybold’s primary data center. After, Littmann and his team took steps to be better prepared for future natural disasters. They consolidated their data centers into a single facility one hundred miles northwest of Houston in Bryan, Texas. The Tier 4 site now meets the most stringent requirements for a data center.

“We achieved full encryption status before pretty much any other healthcare facility.”

“The data center is highly secure and has highly redundant infrastructure,” Littmann says. “It is outside of the hurricane zone but still within a couple of hours’ drive from Houston. We have a storage management program that automatically backs up our data from local computers to a protected network.”

The enhanced emergency plan also included network and desktop virtualization to allow employees to work remotely in disaster situations. “We have done a significant amount to mitigate for disaster, and we have done it at a fairly economic pace,” Littmann says. “Our approach allows us to recover from situations and return to operational capability quickly.”

Littmann had also introduced another efficiency initiative that improved recovery in August 2007. That’s when Kelsey-Seybold began converting from paper documents to Epic EMRs. Littmann says Kelsey-Seybold was among the first major medical entities in Houston to use the software.

Patients can use the MyKelseyOnline Epic portal from a desktop computer or mobile device to refill prescriptions and access medical records, in addition to scheduling appointments, e-visits, and video visits. Kelsey-Seybold healthcare professionals also use Epic’s Care Everywhere tool to exchange relevant patient information with each other and with other Epic healthcare organizations throughout the United States.

The Epic implementation contributed to Kelsey-Seybold’s 2012 recognition as the first accredited accountable care organization in the country. It received a Level 2 designation, the highest achievement available in the first year of accreditation. “We have been on the leading edge with Epic for some time,” Littmann says. “We do Epic upgrades regularly. We work closely with their technology people. Our focus is to administer a private and secure system that supports the clinic’s mission to provide proactive, coordinated care and evidence-based medicine.”

To protect from data loss, Littmann restricts nonessential use of social media to read-only and blocks uploads to cloud storage services. He also strengthened the employee password policy by prohibiting the use of dictionary words. “Through third-party risk assessment and vulnerability testing, we’ve found that the ability to crack internal passwords has decreased from 40 percent to less than 5 percent,” Littmann says.

Littmann is also a member of the Houston chapter of InfraGard, an FBI-private sector alliance.

“We receive appropriate briefings from the FBI on cybersecurity and physical security issues,” he says. “Everyone who is in InfraGard is vetted by the FBI. It’s a great information-sharing opportunity, and it is exciting to be involved.”

Littmann credits the progress he has made in Kelsey-Seybold’s technology and security to the support of his staff and the physician leadership. He says he feels empowered to do his job well. “I have a great amount of management autonomy to have an impact on what Kelsey-Seybold does,” Littmann says. “I have the respect and the ear of leadership. In managing my team, I take a collaborative approach. I prefer group consensus instead of mandates when making critical choices. That has been a big part of our success.”

Innovations have led to great success for Kelsey-Seybold, something of which Littmann is incredibly proud. The organization has invested more than $200 million into recent capital improvements, including a new, state-of-the-art radiation therapy center. It also launched a telemedicine service that allows doctors to treat some patients through video and e-visits. “Our cancer therapies are among the most advanced in the country,” Littmann says. “We continue to expand into additional specialties and investigate new growth paths that will improve patient care. I love working here, and my intention is to be a significant contributor at whatever level I have the honor to be able to serve.”