Duke ITAC - May 11, 2006 Minutes
May 11, 2006
Start time : 4:04PM
I. Review of Minutes and Announcements:
John Board – We’re not meeting in two weeks (May 25). Attendance is down today due to a Common Solutions Group meeting; in four weeks when we meet we will find out from Mike/Michael what insight they’ve gleaned from the event.
II. Duke Medical School - Singapore - IT update - Rafael Rodriguez
Rafael Rodriquez: Singapore does have a medical school based on British model in which students enter med school right after high school, do 5-6 years of school; get an undergraduate degree, and have an exam called the MCAT. Singapore started looking at someone to partner with in 2001. Duke was selected because there is a medical school at Duke. We call it the graduate medical school: students take two years of basic sciences, and we free up the third year for research. Singapore has a made a decision that they want to make their mark in biomedical science, and what they call medical school is GMS, graduate med school. The announcement was made in 2003 that Duke is doing that, and last summer we launched an informational site off of the
Duke site here. This February we did the Singapore website.
[Rafael walks people through medical center website]
The dean of Duke Medical School is also the dean of GMS-Singapore. The same application process used here at the med school is used there. They will have double enrollment in 2008. Since it was launched earlier this year, usage of the website has gone up impressively. The most interest is in the admissions site. We are trying to take advantage of Internet2 and trying to find out where bottlenecks are.
George Oberlander: Is the issue of private data comparable to ours, is that an issue?
Raphael: There’s a lot of misunderstanding. First of all, for any patient what’s called private information can be shared for health reasons, but usually when you’re having a research program you have the human give you permission for research. You can’t use the information outside of the scope of the research project. As for Singapore, I don’t’ know what the government regulations are over there
John Board: What is the path to Singapore in Internet land? Trans-Pacific cable?
Raphael: Tokyo to Singapore
John Board: In principal, that is a good, solid connection.
Raphael: We’re not on the main site, we are in temporary quarters.
Raphael is asked: What are you doing about giving databases to students?
Raphael: That’s a good question: students are not given access; faculty are. That is a problem. We are having a meeting later this month to solve the problem. The licensing fee could be very expensive.
Chris Cramer: Can we extend our current licensing?
Raphael: We will have to look at that. We ran into situation even here: people in Raleigh cannot have access to that information. We have problems because a lot of that right now is based on IP address.
III. Selection process for Lenovo desktops in DUHS - Rafael Rodriguez
John Board: Tracy and I got some information on concerns for Lenovo desktops as the default machines in DHTS. Since Lenovo took over from IBM, is there a quality issue? We asked Raphael to talk about the process of selecting Lenovo.
Raphael: The decision was made in the larger context of our relationship with IBM. We had been having a lot of dialogue for a while before the split came on. This program on the standardization part is on DUHS; it’s certainly not mandatory, especially when using private funds or grant monies. The senior vice president for production development at Lenovo was at this level of discussions. The decision was also made with an understanding of access to support and opportunities for Duke and Lenovo to research how to use devices in a clinical setting. Tablets, for instance, in Lenovo have gotten good press. The physical settings were a challenge; the operating rooms were a problem, because there is nowhere else to hang devices. We spent a lot of time with regard to their efforts on quality and service. Jim Rigney was part of that. Jim’s comment to us was that recently the quality of Lenovo has been better than Dell: Dell has run into a processing issue. Jim’s concern was about delivery, and this has proved to be true. Lenovo bills it to order and ships it from China. Part of the SLA was a 15-day; what they’ve agreed to do to improve delivery issues. They’re stockpiling at their expense at RTP; if there are enough models, Jim Rigney has agreed to have some on-hand; we have been working on that with Lenovo, as well as some video card issues.
John Board: What’s IBM’s continuing involvement?
Raphael: IBM is the sales agent and has an interest in Lenovo. We’re holding both accountable for these things. Some of the things about quality [hands out research piece] says that to a significant degree they tend to be clustered. Since it was acquired, quality has been improved. [Discusses research info, pretty much clustered together.] One problem we’ve had with the video card is it has to be put together separately. They don’t come from China. The are supposed to come with clips, but they shipped wrong clips.
John Board: The machines discussed here are ones you’d find in nursing stations; how big is an install base?
Raphael: Around 60.
John Board: Is it too early to have a sense of longer-term reliability?
Raphael: Part of program was a 4-year desktop warranty and a 3-year laptop warranty.
Raphael is asked: Why has a deal of this magnitude been brought before an advisory committee? It would be very good if people at this table were to give input before a decision could be made
Raphael: We can always review the process issue. We were aware of some of that information in PC Magazine, but the magazine reflects inventory, not the machines being sent.
Kyle Johnson: My sense of the Dell deal was one health system got and universit got in on it. It was a surprise when it actually changed.
Raphael is asked: The difference is between Duke’s computer-savvy population and health system folks who don’t really know a lot about computer. There is a lot of critical care, and the computers can’t go down. That’s why I’m concerned about reliability. I understand nothing can be done at this point, but I wanted to set a precedent for something being made by this committee.
Kyle Johnson: How does the university want to be involved in these decisions? It’s a pretty significant change we’re talking about the health system coming in to talk about.
Raphael: We kept Tracy informed.
Tracy Futhey: I was aware of it, to the point we’re hearing about in the evaluation. There isn’t a group like this on the health system end, which might be good. ITAC has focused on common infrastructure, and there hasn’t been an ongoing expectation that health system decisions be run through this group. There are ripple effect situations.
Raphael: There is no group like this; the evaluation involved people in the school of medicine.
John Board – Was it a formal group?
Raphael: It was convened for this, but we are keeping the group together to see what configurations we want to use.
Ken – The question this raises for me: is it impossible for the university side to be in leverage with the health system to leverage pricing?
In the medical center, we should be going for more reliable rather than for cheaper.
Raphael: I could not agree with you more.
Tracy: It looks from this chart that Q3 2005 was the cross over point from where Dell quality started getting worse.
Raphael: Dell would be affected over time by a capacitor issue.
Brian: To address Ken’s issue, if I remember Jim talking, the reason we could never commit to Dell was because of a decentralization process around purchasing.
Tracy : Duke has already with Dell been one of their platinum customers. It could be more of an issue of exclusivity. We’ve never been willing to commit to that. But I would be surprised if we couldn’t be able to commit to a number of units.
IV. Setting new employee passwords: demo - Chris Cramer, Damon Thompson
Chris Cramer: One of the things we learned from the DEMPO system is that we had a business process issue in that the health system staff were going to need to have NetIDs as soon as they got here. One of the issues is that as you come here as employee, you are not entered into SAP until you get paid. They are being created as affiliates, who are people we know a little about. These will be corrected somewhat by the iForms project. We needed a way to get NetIDs to people as they arrive on campus. We are targeting the DukeCard office. New NetIDs can have their password set through an express station in the DukeCard office.
[presentation about DukeCard express station]
This is a process almost everyone has to go through. We are in the process of making this work with two hospitals: Duke Health Raleigh and Durham Regional. This will minimize the number of card databases that people on the medical center side will need to have. ETA at this point is 30 days within June 12.
Kyle Johnson: With the iForms process coming, we now use NetIDs: how will we be able to look up an employee and see what their NetID is?
hris Cramer: It may be the case that we will have a special or standard lookup; I’m not positive.
V. Linux student computer labs update - George Ward, Kevin Davis
John Board: The Linux clusters have been up for a year, and we’re looking at how it has gone compared to Linux clusters we’ve had before.
George Ward: Last summer we installed Linux to replace Sun system. It went very well. For the imaging, the most critical applications were installed or hosted through Godzilla. We have five programs. One of our biggest concerns was with the environmental compatibility: most students enjoy the environment better than Sun. The same level of support is available. The biggest stumbling block was with professors in the labs. If you reserve a classroom in a lab, we offer a tour of the lab. Only two people have taken us up on the offer.
Kevin Davis: The engineering student government has provided feedback on Linux. They wanted Open Office 2 installed. We’re using Centos distribution. While students understand the environment is good for courses, during the summer they are in a PC environment and are having trouble with Linux 1.101. One ongoing question is when an application dumps core, that eats-up their quota and students have trouble logging in. Students expressed familiarity with X Windows, they want to run lab programs, and when their computers go to sleep, it drops X Windows. We need an educational campaign.
John Board: Do we have a sense of utilization?
George Ward: There are 200 unique logins a day in an average month?
John Board: How does that compare with last year?
George Ward: We will have to pull that data.
John Board: Are the labs busy?
Kevin Davis: Hudson and Teer have been mixed; Social/Psychology is big question mark.
John Board: Do they have remote logins?
Kevin Davis: Low usage may mean the space would be better used by a Mac or PC. Students are fond of using X Windows. A lot of students are interested in having it hosted locally on their machines. We continue to hear about better access to software on personal machines.
John Board: What’s most problematic?
Kevin Davis: Fidap has been the biggest problem; it is a general Linux login environment that will replace Godzilla eventually. The long term goal is to retire Solaris.
John Board: Is it mostly engineering, or Arts & Ssciences?
evin Davis: I haven’t done that analysis: the system purges user names on 14-day basis.
VI. Web security policy – Chris Cramer
Chris Cramer: The last time the Web security policy was presented here was in outline form, saying what things we would want to talk about. It grew out of an incident a year ago in the health system when a DHTS application that had been deployed had been compromised, and had partial social security numbers, passwords, and sensitive information in it. Not everyone has to maintain one-size-fits-all standards. When Rob Adams and I were talking about this, we looked at what applications contained personal information. We want to be able to identify the person responsible for that application. On the health system side it was difficult to find person.
John Board: In terms of shortening, we don’t know if it was the intent, but earlier drafts could be understood as a review of all websites at Duke. Intermediate versions tried to identify which ones were to be checked. What has been produced is that if there’s a site with sensitive information, we have to know about it.
Molly Tamarkin: Should timeframe be addressed? This would be a process whereby if an application is reviewed after five years, etc.
Chris Cramer: If Rob and I had a list, we would try to have an annual review.
George Oberlander: Who is responsible for identifying the responsible person?
Chris Cramer: This is a general statement that Duke, as an entity, must identify the person.
George Oberlander: It’s impossible to say who, we have this responsibility out there, but we’re not mapping it anywhere. At the very least, the head of the organizational unit should be responsible. I personally see a lot of problems making someone responsible without saying who that is.
John Board: There still has to be a Duke person’s name on the form for taking the credit for who’s right and wrong.
Kyle Johnson: My view is to look at moving forward with new systems, but we definitely have to go backwards as well.
Brian Eder: Shouldn’t the responsible party simply be a contact?
George Oberlander: To be effective, people have to be educated.
Ken: The text is good, but it needs a more focused title, and perhaps some guidelines as well.
John Board: The policy will be sent back; it is not official yet.