Back to Top Skip to main content

Oak Harbor achieves first with crucial new information technology milestone

Naval Health Clinic Oak Harbor seal Naval Health Clinic Oak Harbor seal

Recommended Content:

Military Hospitals and Clinics | Research and Innovation

Due to a rigorous and lengthy process to ensure patient information and privacy standards are now more secure than ever, Naval Health Clinic Oak Harbor (NHCOH) has been awarded the first ever three-year Risk Management Framework (RMF) Authorization To Operate (ATO) for a Navy Medicine command.

The ATO falls under the Defense Health Agency’s (DHA) new RMF process and is contingent on a command such as NHCOH effectively minimizing risk in protecting patient information, including Health Insurance Portability and Accountability Act (HIPAA) and Personally Identifiable Information (PII).

“It is commonly understood that the threat to healthcare systems from cyber security attacks is among the greatest risks in the world of information management. Patient records are highly sought after by cyber criminals and many healthcare networks in America have recently been targeted by a wide variety of cyber threats to illegally obtain medical records or simply hold healthcare institutions hostage,” said NHCOH’s Director for Administration, Navy Cmdr. Tim Coker.

“Reducing risks so that our patients' information is as safe as we can make it is a top priority for the DoD and for the DHA,” stated NHCOH Executive Officer, Navy Capt. Denise Gechas. “This ATO represents a very long process of setting in place the security and controls needed to keep those records safe”.

According to Coker, implementation of the RMF process began several years ago. It involved mitigating cyber security risks, building a new secure network, and developing and documenting hundreds of pages of evidence related to the security of the command’s network.

“For our Information Management staff, this represents several years of dedicated effort to achieve something that has not been done before in Navy Medicine,” explained NHCOH Commanding Officer, Navy Capt. Christine Sears. “The health, wellness, and peace of mind of all our patients has always come first in everything we do, and this commitment to ensuring all personal information is safe and secure is another example of that.”

Mr. Greg Carruth, NHCOH Chief Information Officer, attests the hard work required for this accreditation will have long-lasting ramifications for other Navy Medicine commands. By providing a blueprint that others may follow, NHCOH’s lessons learned can be utilized to ensure patient information is secure and privacy standards are fully met, while minimizing risk to the network.

“It was an intense effort for an extended period of time. The process itself made it a learning exercise at all levels,” said Carruth.

Mr. Rex Collins, Information Systems Security Manager for NHCOH, added that there was significant dedication required. “This was the longest IT project in my 20 years as an IT professional. It took 37 months from the first e-mail to DHA requesting resources and guidance to the final ATO itself,” noted Collins.

Disclaimer: Re-published content may have been edited for length and clarity. Read original post.

You also may be interested in...

Military Health System's Guide to Access Success


This document establishes roles, responsibilities, definitions and guidance for implementing, sustaining and managing military treatment facility (MTF) Access to Care (ATC) in the Military Health System (MHS).

Recommended Content:

Access, Cost, Quality, and Safety | Access to Health Care | Military Hospitals and Clinics
Showing results 1 - 1 Page 1 of 1

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing. Download a PDF Reader or learn more about PDFs.