From Cyberattacks to SMART Apps

How Dr. Daniel Nigrin builds, grows, and protects information systems as CIO of Boston Children’s Hospital

Ask Dr. Daniel Nigrin what drew him to practicing medicine, and he’ll tell you he’s always been a fixer. “It started off with bicycles and other broken things around the house, and I guess I just took a somewhat extreme but natural extension and said, ‘Well, let me see if I can fix people.’” He’ll also tell you, with a laugh, that his mother says he got into medical school by telling a version of this same story.

In 1995, Nigrin began a fellowship in pediatric endocrinology at Boston Children’s Hospital, and as he did, he found yet another natural extension of his fixer’s mind-set. Nigrin took on a concurrent fellowship in medical informatics. It was the perfect challenge for a fixer like Nigrin; the work of information sciences is rooted in finding problems and building solutions.

Nigrin has been at Boston Children’s ever since. Today, he serves as senior VP and chief information officer. In his role, Nigrin stands at the helm of clinical, research, teaching, and administrative IT systems at Boston Children’s. He oversees a team of nearly 375 people, including everyone from health information management professionals to page operators to scores of programmers. On top of that, Nigrin continues to practice as a pediatric endocrinologist, though his clinical hours are fairly limited: he sees patients one day out of every two weeks and attends the endocrine inpatient service two weeks each year.

Still, those clinical hours give him a unique opportunity as CIO: the chance to be a true, hands-on user of the systems his IT team implements. Nigrin readily admits he wears many hats, but he stresses that there’s really nothing like having to use the tools he would otherwise just be administering over. Nigrin sees continued clinical exposure as an integral part of his job. “I always say to my CIO colleagues who I know from around the country, ‘I don’t know how you do your jobs without having the clinical experience that I have.’ I look to it all the time; it informs me in a real way.”

Nigrin cites those same colleagues as a valuable resource in keeping informed about his ever-evolving field. “I’m fortunate, in the Boston area, to have many CIOs and other technology leaders literally within blocks of me,” he says. “Despite the fact that many of us are from competing organizations, in some way, we’re all very friendly, and we collaborate and share all the time.” This cooperative spirit is a hallmark of Nigrin’s work. As he notes, he favors we over I, and it’s clear creating and nurturing a strong team is of core importance to him.

That robust team was put to the test in 2014, when the hacker collective Anonymous launched an attack on Boston Children’s. Luckily, the hospital had seen rumors of a potential attack in advance, and rather than treating the situation as a potential hoax, Nigrin and his team enacted a full-scale plan. “We mobilized the hospital’s incident command structures,” he explains. “The same teams of people who would be convened for any sort of disaster—for example, in the Boston Marathon bombing—all of those same teams were convened. These are not just IT people; these are people from across every department in the hospital.” With a plan in place, Boston Children’s Hospital had a proactive response, putting up safeguards and contracting with third-party protection companies before the attack began in earnest.

“We took some really big and disruptive but proactive steps,” Nigrin says. “We actually turned our entire e-mail system off for about twenty-four hours to make sure that we had gotten all of the malware-laden messages filtered off. We took down every externally facing website that we had, and this included patient portals, provider portals, and philanthropic portals, where we took donations for the hospital. We basically wanted to eliminate any mechanism by which they could get in.” After the attack subsided, Nigrin was left with one key takeaway: “Don’t assume that because you’re a healthcare-providing entity, you’re immune from any of these kinds of cyberattacks that you read about.”

As passionately as Nigrin reiterates the need for cybersecurity as a core priority in healthcare, he speaks with equal, if not greater, passion about what lies ahead for his team. There are great opportunities in using video technologies to deliver patient care at a distance, and there are challenges to be met in finding ways to store complex genetic information. But Nigrin sounds particularly enthused about a Boston Children’s development that has the potential to revolutionize EHRs. In an article in The New England Journal of Medicine, members of the hospital’s informatics department wondered whether it was possible to create an EHR system as customizable as apps on an iPhone. The article asked the question, “What if EHR systems publicized their application programming interfaces that allowed users to access or write data from and to their system very easily?”

That theoretical paper became a program called SMART (Substitutable Medical Apps, Reusable Technologies), which Boston Children’s created and implemented an example of. “The SMART application worked beautifully, and, in fact, we still have it deployed today,” Nigrin explains. “It will allow, we hope, the functionality and the usability of EHR systems to really open up and be developed in a much better way over the course of time.” That theoretical paper was written seven years ago. Now, SMART applications are being plugged directly into EHR systems. “In the world of healthcare IT,” Nigrin says, “It’s been lightning fast.”