Duke ITAC - December 16, 1999 Minutes

DUKE ITAC - December 16, 1999 Minutes


December 16, 1999

Attending: Ed Anapol, Pakis Bessias, John Board, Jim Coble (for David Ferriero), Patrick Halpin, Alfred Trozzo (for Paul Harrod), David Jamieson-Drake, Ken Knoerr, Betty Leydon, Roger Loyd, Melissa Mills, Caroline Nisbet, John Oates, George Oberlander, Lynne O'Brien, Mike Pickett, Rafael Rodriguez, Mike Russell, Leslie Saper, Robert Wolpert, Charles Register (guest), David Kirby (guest), Billy Herndon.

Call to Order: 4:05 pm, by Wolpert (chair).

Review of Minutes and Announcements:

  1. Minutes of 12/2/99 were approved for posting with minor corrections.


  2. No ITAC meeting on 12/30/99.
  3. O'Brien: CIT incentive grants for teaching with technology: A new round of proposals is being invited, with a big publicity push to follow the holidays. She will circulate the announcement to the ITAC list. It has gone in paper form to all teaching faculty at Duke, and by email to departmental contacts. Grants are for up to $5,000 for more routine projects, and up to $50,000 for more innovative ones. Key words: collaborative and leverage. See web site for details: http://www.lib.duke.edu/cit/CITgrants2000.html
  4. Leydon: congratulated Wolpert on being promoted to full professor; Oates added congratulations for Wolpert's election to the executive committee of Arts & Sciences faculty.
  5. Leydon:: Computing staff will be on duty (along with others) as 2000 arrives, to assist with Y2K issues that may arise.


David Kirby presented on HIPAA (the Health Insurance Portability and Accountability Act). His PowerPoint slides, including material he did not have time to cover, are at: http://www.oit.duke.edu/itac/minutes/hipaa.ppt (right click and choose "Save" to download)

The website for HIPAA is: http://aspe.hhs.gov/admnsimp

Brief summary: HIPAA imposes large costs on health care providers, especially ones our size. The regulations are being published in December 1999 and early 2000, and providers have 2 years (in most cases) to comply. There are substantial penalties for non-compliance. The program is legislation, not simply departmental regulations, and there is little to no chance that its requirements will be reduced. It is presented as a program of 'administrative simplification.'

The goal: To make the person to become owner of his/her own information about health care, so that one's information can move from job to job with one.
Further goal: to increase dramatically the privacy of identified health care information, and to standardize the way that all health care providers and entities record and bill for services.

Implications: New or greatly revised systems for IT throughout the health care system. Rigorous controls on information, including audits for who reads information covered by HIPAA. Enforcement by Health and Human Services (Office of Civil Rights), the Department of Justice, and the FBI. All electronic forms of information, and any paper used in creating or produced from the electronic information, are covered.

Uncertainties: It is unknown what will be regarded as reasonable and acceptable compliance with HIPAA. Some think HIPAA may provide information by which health care organizations' strategies for delivery of services at cost-effective rates can be improved. Implementation of HIPAA may create problems for other enterprise systems at Duke, such as HR and SISS, in keeping patient data private while maintaining necessary employee and student records. This privacy approach is likely to be extended to other areas of federal regulation (perhaps FERPA?) in due time.

Important IT Issues for The Coming Year

    2. Impact of Curriculum 2000: how to provide effective computing support?
    3. Integration of instructional technology with the library.
    4. Need for fine-grained authorization of users, not simply relying on those who have acpub addresses.
    5. Costs of public printing (estimate: 2 million pages printed in libraries).
    6. Extending support hours of Help Desk at least to cover evening hours.
    Customer relationship is very important, especially the student population.
    2. Invest in wireless technology, 'untethering' from fixed computers.
    3. Untethering equipment as a whole (see Nevin Fouts' presentation at last ITAC).
    Get better system for gathering resources and support necessary to do instructional technology. Consider how to package resources university-wide, not only by school/department.
    Improve the way the Duke IT community reaches out to individual research labs across campus. May need some standardizing; take advantage of economies of scale.
    2. Need for home or remote access that will be HIPPA-compliant. In effect, need a virtual private network.
    3. HIPPA may drive the university and health system apart; need to work to avoid that.
    4. Computing for genetics.
    2. Security.
    3. Knowledge transfer: where to go to get key information re: IT?
    2. IT skills expected of employees.
    3. Improved resources to support IT. Began small in departments and schools, but the need has grown and will continue to grow.
    How much computing should students provide versus what Duke provides? Should all students buy their own computers and be expected to use them for word processing etc.? This would relieve computer classrooms for use in teaching. Perhaps Duke should provide only print stations.
    2. Support for research computing, esp. as NSF funding dwindles.
    3. Bandwidth.
    4. Telephony (Duke should be the best 'deal' for everyone. Provide cellular as an offering?)
    2. Research computing.
    3. Tactical delivery of security.
    4. Hiring and retaining IT staff needs much improvement. Slowness of creating a position cost him a valuable hire recently.
    2. Remote access.
    3. Security.
    2. Electronic options for textbooks and reserves.
    3. Electronic books.
    Need support in use of computing in research, across the university, esp. in Arts and Sciences.
    2. Dissemination of knowledge.
    3. Rapid pace of software/hardware change creates less depth in support from vendors and consultants.
    4. 'Expertise islands' where highly-expert people in fields such as security could be identified. Set up demonstration labs.
    5. Emphasize the workgroup aspects of Lotus Notes.
    6. Security is a 'war' with a counter-culture out to destroy the electronic community. Keep up our efforts.
    Create an inventory of student skill sets expected of Duke students for computer use.
    2. Security.
    3. Finding qualified IT support staff for Duke.
    4. Inventory of IT skills needed. There's a gap between need and what's available.
    5. Train and support for users should be at a university level.
    6. Instructional technology is also a university-wide issue. The content is in the schools, but the overall vision of where we're going needs to be larger.
    2. HIPAA.
    3. Payroll (R3).
    4. SISS.
    2. We need a robust, reliable, dependable network. Downtime, even an hour, hurts, because we are increasingly reliant on the network.
    3. Security.
    4. IT training and staffing.
    5. Document imaging: a good initiative, and saves space.
    6. Coordination on a larger scale, especially for enterprise-wide systems, and it should begin much earlier in the process for local teams that will be affected.
    7. Look at the big picture when systems are redesigned (SISS was done well).
    8. Equity and access to computer resources (haves/have nots)
    2. Support for IT.
    3. Security.
    2. Emergence/convergence of network and phones.
    3. What can we do differently as a result of that convergence?
    Administrative systems' goal is to become transparent, because they are not the core mission of the university/health care system.
    Need a better system of hand-off between the Help Desk and the more expert members of the IT community. Frustrating to take a problem to the desk and get no help.
    For the essential services, need them to be highly reliable. Also need to identify funding models that make sense for them.
    ITAC needs to educate the wider community at Duke about these issues. Have to do a better job of selling the need for increased resources. The strategic plan is a good opportunity to do so.
  2. Members were asked to reflect on how ITAC can continue its mission, what changes and issues are most important for the group to attend to, and what priorities and risks lie ahead. Rafael Rodriguez took notes on newsprint and will synthesize them for further reflection and refinement (see below). Following are comments by each person present.


























The meeting adjourned at 5:30 pm.

Important IT Issues for the Coming Year


  • Impact of Curriculum 2000 on IT
  • Customer Relationship Management for student population
  • Computing resources required of students vs. university provided
    (graduate and undergraduate students)
  • Require students to bring PC?
  • Textbooks/reserve process
  • E-books - What can be done?
  • Support for institutional technology and link to library
  • Support needed for institutional technology
  • Instructional technology needs to be brought together at the university level


  • How university reaches out to specific labs (research) and better support
  • Need for genetic research
  • Research computing support
  • Research computing needs
  • Need for IT in-house support to assist Research


  • Finer grain authorization (than ACPUB user) to use library services
  • Amount of time staff needs to devote to security
  • Getting a handle on security issues
  • Tactical delivery of security
  • Security (drain on resources)
  • HIPAA, R3 Payroll, SISS - Ensuring security and accuracy


  • Investment in wireless
  • Portable (un-tethered) technology
  • Robust/reliable network
  • High availability
  • Need for VPN (HIPAA) may drive wedge between medical side and others
  • Need for remote access that is not being met


  • Extending Help Desk support hours
  • Knowledge transfer and sharing IT knowledge gap of staff
  • Resources needed by departments to support distributed computing
  • Resources needed from multiple areas
  • Leveraging, technical expertise using electronics means
  • Basic IT skills that should be required
  • IT skills inventory
  • Addressing the IT skills gap
  • Identified knowledge experts


  • Cost for printing
  • Funding model(s) that help us do the right thing
  • How do we "sell" the need to invest in IT


  • Duke HR Management System
  • Finding IT staff


  • Document imaging
  • Use of Notes for workflow
  • Higher degree of coordination with departments (SISS is a positive example)
  • Equity/access to computing resources
  • Telephony - paradigm change
    • Cell phones
    • Other telephony/communications changes