Castle Hill Medical Centre

The information exchanged between doctor and patient during consultations is long protected by the highest standards of confidentiality and discretion. It must be preserved from unauthorized access or possession and use when sharing patient records beyond the practice firewall. So, when Australia’s largest independent medical centre needed a highly secure method for externalising data, it turned to Intralinks.

Background

Castle Hill Medical Centre (CHMC) is one of Australia’s largest independent medical institutions, providing superior healthcare and treatment to over 120,000 patients every year. A team of 33 practitioners, 23 nurses and 22 administrators collect and curate patient personal and medical data, which often needs to be shared with medical service providers and specialists in other clinical organisations.

CHMC is also a provider of Pre-Employment Medicals (PEMS) and injury management services to over 70 corporate clients, including serving as principal contractor on the Norwest Rail Link project. This work involves carrying out an average of 100 employee medical checks a week and providing the required reports back to the corporate HR or OH&S teams.

Situation

CHMC is subject to compliance standards set by Australian General Practice Accreditation Limited (AGPAL), as well as standard privacy requirements and regulatory guidelines for the storage, management and sharing of personally identifiable information and sensitive personal information.

Ensuring CHMC remains compliant is one of the primary responsibilities of CEO Ian Lowe, who has recently been appointed to head an aggressive growth and expansion strategy for CHMC. With big plans in place for the business in 2016, preparation in the second half of 2015 included a full review of technology and data management systems within CHMC.

In this review, CHMC paid careful attention to how reports were being delivered to corporate clients, how records were being exchanged with other clinical organisations and how files with patient information were being transferred when patients moved into the care of a new general practitioner or specialist.

Findings showed processes and procedures were generally sound but relied on several disparate systems, some of which were at end of life and not fully supported. Further, there were too many manual processes involved, making tracking very challenging and accountability difficult to enforce; this meant that CHMC faced the risk of not being able to prove compliance or provide correct e-discovery in the event of a legal action.

The clear requirement was for an effective file sharing solution. Although very familiar with various consumer-grade products, Mr Lowe knew the security standards, auditability and compliance controls for CHMC needed to be second to none.

In a very busy practice, it was also important that the solution be affordable and very easy to implement, and require little downtime for training. To support the productivity goals of the practice and ensure adoption amongst the team, the solution also needed to support mobile workflows and collaboration points between the practice, third-party clinicians and corporate clients.

Unwilling to risk CHMC’s reputation on a company with a short shelf life, Mr Lowe also sought a solution from a company with a longstanding reputation and a demonstrable track record of securing extremely confidential personal and sensitive information exchanges for clients in highly regulated markets, including health care and allied industries.

Solution

Following research into various options, Mr Lowe was introduced to Intralinks, a company with a 20-year history and a client base that includes pharmaceutical brands and life sciences companies that use Intralinks’ technology for sharing confidential information related to clinical trials.

While these data points provided initial confidence, it was the features and functionality of Intralinks secure collaboration platform that finally allowed CHMC to tick all of the required boxes.

Intralinks offers a simple, intuitive interface that makes setting up Workspaces easy, while the drag-and-drop functionality means documents and files can be uploaded in seconds.

Users can be added to Workspaces as owners, editors or viewers, with the assigned role then controlling a user’s level of access. Also, through Intralinks’ integrated, plugin-free information rights management (IRM) technology, access rights can be easily managed to either allow or restrict certain functions such as printing, saving, screen copy, snipping or clipping.

As easy as it is for CHMC now to share information outside the practice, it is just as simple to ‘UNshare™’: When IRM is turned on, with a single click, rights to individual files and folders, or to entire the Workspace can be permanently revoked. Once user rights are removed from a Workspace, access to any files previously saved or downloaded is fully removed, regardless of where the files are stored, or on how many devices those files appear.

Equally, it is simple to put an expiry date on a Workspace or folder to manage the period of time access to the Workspace or folder is available.

The Intralinks desktop application ensures documents and files are fully synchronized no matter what device a user is using to access the information, and it provides for offline access to documents and files. At the same time, the Intralinks mobile application ensures that only licenced users and authorised Workspace participants can view and edit documents from popular mobile devices such as iPad® and iPhone®.

Intralinks met all of our requirements. It’s a cost-effective software-as-a-service offering, which means we incur no IT overhead expense. We knew we were investing in enterprise-grade security – something we could never afford to build and maintain for ourselves. Intralinks provided us with full encryption for all our documents and files, in transit and at rest. 

– Ian Lowe, CEO, Castle Hill Medical Centre

Benefits

Before going live, the team at CHMC took three weeks to plan and document the new processes and procedures using Intralinks in the centre.

“It was important we discussed as a team how to get the most out of the product,” explains Mr Lowe. “Implementing the best technology in the world won’t help if you don’t take the time to really consider how to integrate the use of it into your business and how to maximise user acceptance and adoption.”

A decision was made to start the implementation of Intralinks with the corporate clients, where improvements in business process would directly benefit the business relationships.

“We took time to put communications in place to advise our customers (including patients and corporate clients) of our decision to start using Intralinks, why we opted to move to Intralinks and what to expect in terms of the new processes. Investing that time was easy, because once we gave Intralinks a green light, we knew that all our licenced users would be provisioned on Intralinks within a couple of hours and trained on all the functions and features within a week,” said Mr Lowe.

The results for the business were immediate. The acceptance and adoption rate amongst the administration team was 100 percent, and 99 percent of corporate clients have embraced the new way of exchanging information with CHMC.

Intralinks has mitigated the risk that patient records can be misdirected, accessed without authorisation or stolen. CHMC now has an efficient and safe way to deliver patient data to corporate clients and share it among numerous clinics and specialists.

“Where we once had concerns that reports could be accidentally sent to unauthorized people, we have eliminated any chance of that occurring,” said Mr Lowe. “We can now also quickly audit when reports are accessed by our customer base, which has removed any chance of disputes over delivery obligations and deadlines.”

By implementing Intralinks, we have ensured we are ahead of the curve when it comes to service quality and confidentiality regarding patient information. As an organisation, we are now completely confident in our approach with regards to sharing patient files securely, knowing we are doing everything we can, from our end, to maintain patient privacy.