Sanjeev Sah – Medical University of South Carolina

Given the choice, no parent would ever want to have their child hospitalized. But if it happens in the Charleston, South Carolina area, Sanjeev Sah is certain the soon-to-open MUSC Shawn Jenkins Children’s Hospital will offer the best care a patient and family could ask for.

Sah is not a pediatrician or health care specialist, but his work is becoming just as critical. As chief information security officer for the Medical University of South Carolina, or MUSC, Sah leads the team that provides the cybersecurity to protect patients and their families at the new hospital—and throughout the MUSC system.

Sanjeev Sah | Chief Information Security Officer

The opportunity to do so drew him to the organization in January 2019. From the start, Sah was in awe of the high-tech innovations changing the nature of pediatric care.

“What is happening in the hospital is very groundbreaking when you think about transforming patient and family centered care delivery, and we are leveraging cybersecurity and innovation to make it happen,” Sah says.

A long tradition

Based in Charleston, MUSC was founded in 1824 and provides services throughout the Palmetto State. At its core are a 700-bed medical facility that includes the Hollings Cancer Center and the forthcoming 250-bed children’s hospital and companion Pearl Tourville Women’s Pavilion, both of which will occupy the same building.

The MUSC Shawn Jenkins Children’s Hospital will offer a neonatal intensive care unit and pediatric heart center, as well as an entire floor dedicated to pediatric cancer care. The Pearl Tourville Women’s Pavilion seamlessly merges obstetrical and pediatric care in one building while offering two obstetrical operating rooms, 29 mother-baby postpartum rooms, five antepartum rooms and seven couplet care rooms.

“In this particular facility, we have reimagined the approach of clinical rounds, using a multidisciplinary team of leaders, staff, patients and family advocates, allied health professional teams and more,” Sah marvels.

Making the rounds

Those daily rounds where physicians, nurses and other specialists assess patient conditions and needs are going high-tech and will now center on engaging families and multidisciplinary care team members in care planning, Sah says.

Gone are the days of metal clipboards used for jotting notes and keeping charts. In their place, teams will use portable devices including iPads and slim laptops to access and update medical records and share information with patients and families. Lab results, vital signs and radiographic images can be displayed using either the iPads or the patient’s in-room screen.

It’s a new, intricate and personalized approach that took years of thoughtful planning and careful implementation—and it barely scratches the surface of what’s to come. In all, more than 40 new technologies will be used for delivering health care, through as many as 7,000 devices: 1,700 facility devices for monitoring and diagnostics; 1,600 computers; 1,000 Apple devices and hundreds of other medical devices.

According to Sah, the tech ranges from systems for in-room patient entertainment to diagnostic equipment, medicine dispensers and clinical devices, all integrated into the network.

Choosing the tech—and deciding how to use it—was a collaborative process spearheaded to a large degree by Dr. S. David McSwain, the chief medical information officer at MUSC. Designing the intricate architecture policies and registration authentication models—all while securing the networks and preventing breaches for wired and wireless devices—fell to Sah and his team.

“We are incredibly fortunate to have an information security team that genuinely fosters collaboration and innovation,” McSwain says. “They are a vital part of our care team and a huge benefit to the patients and families we serve.”

Security is also a layered model, built not only to protect patient data and comply with HIPAA and other state and federal regulations, but to control internal access for staff—basically installing cyber gates, Sah says.

To serve and protect

As exciting and transformational as the MUSC Shawn Jenkins Children’s Hospital will be, it comprises only part of the MUSC mission Sah and his team support.

MUSC hospitals are all teaching hospital and the health care system also has a research center, where Sah’s day-to-day duties include integrating and maintaining network elements, setting up new access accounts when needed and, of course, protection and risk mitigation.

Sah notes there is never a shortage of bad actors looking to breach MUSC’s systems. He and his team not only respond to threats and incidents; they take a proactive approach by performing risk assessments to be certain the right protection is in place.

Sah is also the liaison between his team and hospital administration to show what security is in place, the risks involved and how plans to manage it are being executed.

Caring from experience

Guiding cybersecurity at MUSC as the system expands dramatically may be a culmination of Sah’s career—one that has seen him work in both higher education and health care.

He grew up in Michigan, and earned a bachelor’s in information technology from Phoenix University, but has by and large worked in the South as a CISO at the University of North Carolina Charlotte; the Texas Children’s Hospital in Houston; and as vice president of information technology at UNUM in Baton Rouge, Louisiana.

A father of three, he’s also had times when his children needed critical or emergency care–-experiences that continue to inform his approach as a CISO.

“When you see a young child on a table attached to any number of those medical devices, and you see those devices work and to not have an adverse effect—that is the sense of responsibility I and my team bring to work,” Sah says.

He came to MUSC while construction was underway at the new children’s hospital and women’s pavilion, drawn to the promise of IT innovation—and the challenge of making it as impactful as possible.

“It was an opportunity to serve and make things better,” Sah says. “This significantly advances not just the hospital but cybersecurity. So my attraction is to the mission and the contributions I can make working with all my stakeholders enhancing cybersecurity and compliance posture.”