www.healthcare-in-europe.com 5NEWS & MANAGEMENT A five-point roadmap to success The German IT security actGerman hospitals, having ‘critical infrastructure’ components, are granted a two-year transition period to comply with the IT security act (ITSiG) the German Parliament adopted in June. Many hospitals are already bellyaching about the financial burden being too high with tran sition period too short. According to the recently published Hospital Rating Report 2015, every sixth hospital in the country faces insolvency. Is a hospital infarction imminent? Frederik Humpert-Vrielink, Managing Director of CETUS Consulting, believes misguided investment decisions are the real cause of the financial plight of many. He has developed a five-point plan to make compliance with ITSiG less painful. Tighten the organisation – The first point in Vrielink’s five-point plan is tightening of the organisation of the IT environment and structures to ensure secure operations. ‘There are still many hospital IT departments that operate on an ad hoc basis without clearly defined responsibili- ties. Tightening organisation here means spreading the IT tasks across the team in such a way that each team member is assigned tasks that fit their qualifications and compe- tencies,’ he explains, adding that he is increasingly seeing facilities where the IT team leaders and their deputies carry 90 percent of the operational responsibilities with the entire rest of the team carrying only 10 percent of the weight. This, he claims, is not only a waste of secu- rity resources; it wastes of economic resources. Needs to focus on own role Vrielink suggests creating different IT sub-teams based on department size, which are in charge of defined applications (HIS, RIS, PACS, etc.) or network in respect of infrastructure. Additionally, he underlines, ‘respon- sibilities of department or division heads must be adjusted: manage- ment has to manage more and leave operations to their staff’. Documentation is another impor- tant issue. All activities should be documented following unambiguous standards so as to trace and man- age changes. Vrielink favours role- specific task definitions with clear- ly defined qualifications because, ‘This ensures each team member has or acquires appropriate quali- fications and that new staff can be recruited according to actual need’. Investments in competent staff with As a next step an evaluation of the prototype is planned in public partner hospitals to investigate on usability aspects and other effects related to the age of patients. Another problem the researchers found with some smart watches and third-party apps that collect vital data is a conflict with data safety and privacy. ‘Sensitive questions, such as where are collected data transferred to, and who has access to these data, must be discussed.’ Martin Wiesner is with the department of Medical Informatics of Heilbronn University. He received the Diploma in Medical Informatics (comparable with a MSc degree) at the University of Heidelberg in 2007. Since then he has been teaching database and information systems at the joint Medical Informatics study programme of the two partner universities. His research on health recom- mender systems is closely related to the PhD thesis he is currently developing at Heidelberg University’s Medical Faculty. In 2013 Wiesner received the Certificate of Medical Informatics by the German Association for Medical Informatics, Biometry and Epidemiology (GMDS), in which he co-founded, in 2014, the national working group for Consumer Health Informatics. THE FIVE-POINT PLAN: 1. Increase the degree of organisation in the IT department and create structures that allow safe and secure operations 2. Define responsibilities for documenta- tion, operations and applications 3. Invest in competent staff with an ade- quate professional background 4. Quantify the resources required for secure IT operations 5. Re-assess building and medical technol- ogy to identify new security risks Continued on page 6