In their response to Hurricane Florence as well as in ongoing projects in cloud services, identity management and cybersecurity, North Carolina technologists have emphasized working together.
Working holistically is a key to his state’s participation in a new four-state National Governors Association (NGA) cybersecurity partnership, North Carolina CIO Eric Boyette said recently. But an “all inclusive,” we’re-better-together perspective also informs ongoing initiatives in health care, cloud services and identity management, he explained.
With millions evacuated from the Carolinas before the September arrival of Hurricane Florence, North Carolina officials realized many thousands of unsuspecting travelers would likely be away from home without one modern essential: online access to health records. During the first 48 to 72 hours following the storm’s passage, North Carolina Department of Information Technology (NCDIT) officials worked with state Health Information Exchange Authority (NCHIEA) Executive Director Christie Burris and other partners to ensure those vital statistics remained in easy reach.
North Carolina’s statewide health information exchange, NC HealthConnex, enhanced connections through the national eHealth Exchange Network to regional health insurance exchanges (HIEs) and their counterparts in neighboring states, enabling bi-directional queries and the exchange of patient records, the state said in a news release. Regional HIEs the state circled in included Coastal Connect HIE in Wilmington. Organizations in other states included East Tennessee Health Information Network, Georgia Regional Academic Community Health Information Exchange in Augusta, Ga.; South Carolina Health Information Exchange and MedVirginia in Richmond, Va.
In a statement, Burris pointed out HIEs were born from the desire to facilitate the secure exchange of information during emergency situations, but there are more use cases emerging.
“We have just established our health information exchange; we started having our connections with our local hospitals here, our local facilities, so this is a first for us. Now, we’re really working toward making sure we have all of our citizens covered,” Boyette said, indicating the arrangement will continue as needed during the state’s recovery from the hurricane.
Many state agencies already operate in the cloud, the CIO said, in capacities ranging from hosting applications in Microsoft Azure to enabling election services. But a new contract awarded Sept. 8 to Deloitte brings the tech company onboard in an arrangement that should make it easier for agencies to move to cloud in the short term — while providing officials a longer-range education in cloud.
Deloitte will act as a cloud services broker to help agencies that come to NCDIT with cloud needs understand data classifications, which cloud options are most appropriate and total cost of ownership, the CIO said.
“Our thought process is, over time, that our employees will gain more knowledge as they work side by side with the broker and hopefully — we don’t know what that timeframe is yet — but we’ll replace the broker with our own employees as we mature our effort here,” he said.
The award amount for the contract’s first phase is $810,000.
“Some customers may not need the broker, they can go straight to the technology, some of the more savvy customers. But we want to make sure we have all of our customers covered,” Boyette added.
North Carolina already employs an on-premise identity access management solution, the CIO said, but is currently evaluating a robust 15 responses to an RFP to identify newer solutions. North Carolina Identity Services offers residents, business owners and state and local officials secure, real-time access to state apps and information. But officials are interested to identify more flexible, more secure solutions that could offer easier user authentication — and streamline common requests like password resets. They’re also mulling whether the next solution should be on-prem or hybrid, and whether it might incorporate technologies like biometrics, artificial intelligence or even blockchain.
“We’ve got a current system that has served its purpose, done very well, so we want to move on to the next generation. I’m hoping to get that accomplished as soon as possible because this is a service that we need,” Boyette said, noting that the hope is to potentially start implementation as soon as late fall.
The state is also several months into the Policy Academy on Implementing State Cybersecurity, a partnership with Indiana, West Virginia and Wisconsin that’s convened by the National Governors Association. Their association began June 4 and aims at helping states modernize cybersecurity and related infrastructure. NGA will offer states technical assistance around planning, it said in a news release and provide the agencies “a new opportunity to defend themselves against increasingly advanced and globalized cyber threats.”
Participants in the state’s effort include the Department of Public Safety, National Guard, the state’s Homeland Security teams, its Bureau of Investigation and cybersecurity officials. Boyette said the state is taking a holistic approach toward cyberdisruptions that may target critical infrastructure as it develops plans to meet such a challenge and move forward in the days afterward. Roles and responsibilities within groups at the state need to be considered, he said, along with the possibility some laws and practices may have to change or be updated to support new aspects of security and privacy.
“We have something that we we feel like we’re comfortable with, with the policy and our outreach, but we don’t feel like it’s all-inclusive. We want to learn about this — is there a better approach than what we have, and what would that look like?” Boyette said.