KCH Dubai improves EHR performance and security with Oracle Cloud Infrastructure

KCH Dubai improves EHR performance and security with Oracle Cloud Infrastructure

King’s College Hospital London in Dubai (KCH Dubai) has halved the time required to access critical patient information, significantly reduced time spent on administrative tasks and enhanced EHR security.

Kimberly Pierce, Chief Executive Officer, KCH Dubai

KCH Dubai has become one of the first UAE-based health systems to migrate its Oracle Health Electronic Health Record (EHR) to Oracle Cloud Infrastructure (OCI).

With OCI, KCH Dubai is improving the security, performance and usability of the EHR resulting in a better experience for its patients and providers.

KCH Dubai is now providing more than 1,000 concurrent users across its facilities with access to more efficient workflows and improved system performance. Moving to the cloud has also provided the hospital network with the scalable foundation it needs to simplify integrations and meet its goal of innovating in critical areas such as population health.

Following its rapid migration to OCI, KCH Dubai is seeing positive results across the hospital including cutting the time it takes to access patient information by 50%, a 20% reduction in reviewing each patient’s medical chart, and a 25% overall reduction in time spent in the EHR due to faster screen loads and transaction response times.

The overall increased speed and responsiveness of the system is helping to streamline processes so clinicians can complete tasks more quickly and free up more time to spend with patients. The performance gains also enable more comprehensive and real-time updates to the patient record, which strengthens communication and care co-ordination across all caregivers to enhance patient care.

“With Oracle Health, we’ve seen substantial improvements in our clinical processes, including an increase in the system’s speed and responsiveness and a noticeable deduction in the time spent reviewing patient charts across various specialties,” said Kimberly Pierce, Chief Executive Officer, KCH Dubai. “Oracle’s cloud offering has the technological infrastructure we need to fully embrace future advancements in areas such as Generative AI that will benefit our patients and how we deliver care while better supporting our practitioners.”

Rajiv Ganapathy, Head of Information Technology, KCH Dubai

With OCI, KCH Dubai can also now rely on Oracle’s real-time threat detection and monitoring, autonomous systems, and team of experts to help protect its networks against the constantly changing cybercrime landscape. In addition, OCI will support scalability of healthcare technology as KCH Dubai expands with new facilities and specialties, ultimately growing its overall operation and capacity to care for its community.

“The combined power of OCI and our EHR is enabling KCH Dubai physicians to be more productive, waste less time in medical records, and refocus more time on patient care,” said Seema Verma, Executive Vice President and General Manager, Oracle Health and Life Sciences. “Moreover, they have the comprehensive platform to continually be able to plug-in the technologies they need to solve their toughest challenges and be more adaptable, predictive and responsive to evolving healthcare needs.”

We asked Kimberly Pierce, Chief Executive Officer, KCH Dubai, and Rajiv Ganapathy, Head of Information Technology, KCH Dubai, further questions to find out more about the project.

How has migrating your EHR system to OCI enhanced the overall cybersecurity posture of KCH Dubai?

Kimberly: In healthcare, particularly, cybersecurity is a major concern. We’ve seen the impact of cyberattacks firsthand, especially in the UK recently, where a cyberattack directly affected patient care. One of the risks of moving to an Electronic Medical Record (EMR) system is that if it’s compromised, you can suddenly lose access to critical information needed for patient care.

All of us are now focused on how we can maximise cybersecurity while minimising the chances of cyberattacks. The number of attacks we’ve experienced has risen exponentially, according to our data.

Migrating to Oracle Cloud was a key decision for us because it enhances cybersecurity by adding multiple layers of protection. While no system is completely immune to attacks, as technology always evolves, this is currently the best solution available to safeguard medical health records.

That’s why we chose Oracle Cloud. Additionally, Oracle Health, our EMR provider, has undergone one of the most thorough due diligence processes regarding cloud compatibility and security protocols. This ensures that each step in the system’s pathway is much safer. Although there are other options on the market, most of us, including internationally, are using Oracle Health as our EMR system.

What cybersecurity measures has KCH Dubai implemented to protect sensitive patient data in the cloud, particularly with the real-time threat detection and monitoring provided by Oracle Health?

Rajiv: Building on what Kimberly mentioned, moving to the cloud was a very conscious decision for us, and it comes with its own set of checks and balances. As you know, OCI holds SOC 2 certification and ISO 27001 compliance, so it meets all the necessary checks and balances needed for protecting data.

One key advantage is that their databases offer autonomous patching. When we were on-premises, we had to constantly stay on top of updates and patches, which meant there was always the risk of missing something. That was one of the challenges of hosting our own data. Now, on the cloud, we have greater flexibility, along with encryption and other security features that OCI provides.

Oracle Cloud also comes with built-in real-time threat detection, as part of its out-of-the-box setup. With the multiple security layers that Kimberly mentioned, there’s less space for anyone to breach this kind of environment. The threat protection includes about six to eight layers, so in terms of securing patient data, we are in a much better position after moving to the cloud.

In the context of the constantly evolving cyberthreat landscape, how does KCH Dubai ensure that its network security protocols remain ahead of emerging threats?

Rajiv: Cyberthreats are constantly evolving. The hackers and those posing cybersecurity risks are always finding new ways to challenge us, so we must continually adapt to keep up. In that regard, we have not only met the necessary requirements but have gone above and beyond.

We’ve implemented endpoint detection and response (EDR) into our networks, and more recently, we’re working on extended detection and response (XDR). These systems use algorithms that can detect anomalies, such as Distributed Denial of Service (DDoS) attacks. With automation and Machine Learning built in, they can sift through millions of logs to identify potential threats and stop them before they penetrate the network.

These measures have been integrated into our network, so internally, we are doing everything we can to secure ourselves. Even though we are on the cloud, we are still the gateway for all of these processes. Our security is in place and continues to be enhanced.

Kimberley: Another key area we focus on, besides the technical aspects, is recognising that some things will inevitably slip through, as staff are constantly using computers. We now have alerts that pop up for everything. Even I get frustrated sometimes when I can’t access certain things because of the security blocks in place.

We’ve put a lot of effort into educating staff about phishing, which is becoming increasingly difficult to keep up with. The sheer volume of attempts, from post office fraud to bank fraud, is overwhelming, and they’re incredibly clever in how they try to trick people. One thing we do is send staff updates on the latest threats, even if they aren’t relevant to their work environment. This also helps protect them at home.

We know we have to stay on top of these risks. OCI has provided us with a strong foundation, but we also rely on them to continually refine and update their security as hackers become more sophisticated in the future. While we’ve taken steps to safeguard ourselves now, the concern is how long that protection will last. I think this is a worry shared by everyone in healthcare. We’re protected for now, but for how long, I can’t say. That’s why we can’t afford to take our eyes off the ball. This is just the first layer of defence.

The next question is, with the integration of autonomous systems through OCI, how has the automation of security processes improved your ability to respond to potential cyberincidents?

Rajiv: One key advantage of being on the cloud is that, as I mentioned, the multiple layers of protection safeguard our patient records and keep the data secure. In this regard, OCI provides a strong backbone that manages most of the security processes for us. However, we also have our own networks and data centres to consider.

For instance, we have a dedicated security person monitoring emails and classifying them. Once that’s done, the algorithm takes over, sorting emails into high-risk and low-risk categories, providing an additional layer of protection. We’ve also updated our antivirus system, which, while frustrating for some users, is essential for maintaining security.

We are also looking into Data Loss Prevention (DLP) for the coming year. This will help prevent users from copying sensitive data out of the system, especially patient records. Although we can’t stop someone from physically taking a picture of the screen, we can at least prevent the copying of PDFs or other sensitive files. Patient data belongs to the patients, not us, so we act as moderators and gatekeepers to ensure its safety.

We’re exploring these types of automation to make it much harder to breach our systems. Additionally, the Machine Learning algorithms we use for classifying emails, managing the firewall, and handling extended detection and response (XDR) help prevent DDoS attacks. These are some of the automation tools we’re implementing to strengthen our cybersecurity.

Kimberley: We receive a report that shows how many events occurred on the website, including the number of attempted attacks and how many managed to get through. This data allows us to analyse trends and take action. What’s interesting is that, although I’ve been a CEO for a while, this is the first year that cybersecurity has become a formal agenda item in terms of reviewing these reports.

Cybersecurity has always been a priority for the C-suite and the board, but now we’re asking for exact details on the number of attempted attacks and how we’ve responded to them. It’s become a real-time concern that we’re fully aware of.

I believe keeping this issue front and centre is half the battle. When Rajiv comes in and requests additional funds for cybersecurity, the C-suite and the board should already be aware of the rising number of attacks. If we notice that fewer are being stopped, we’ll know we need to act. Staying on top of this is crucial, and this reporting process is one way to ensure that happens.

What role does real-time threat detection and autonomous systems within OCI play in improving data centre security and protecting against evolving cyberthreats in healthcare environments?

Rajiv: Oracle is a leader in the database world, and with their autonomous databases, they offer significant advantages. These self-patching databases automatically address threats and enhancements without requiring human intervention. With OCI, this is a major benefit. We no longer need to play catch-up with patching; it happens automatically and in real time. This ensures that we are always up to date, which is crucial for minimising threats – whether on phones, laptops, or large databases. Staying current is essential for security, and moving to the cloud provides this flexibility.

Just as physicians can save up to 30% of their time with advancements like ambient listening, our IT team can also regain time to focus on improving our own networks and data centres. This enables us to enhance our overall security posture.

Browse our latest issue

Intelligent CISO

View Magazine Archive