The Guam Memorial Hospital is in dire need of critical IT infrastructure upgrades, to include a new electronic health records system, that could cost millions of dollars.

This comes after recent communications and records system disruptions and separately, cyber-security breaches throughout the years.

The Guam Memorial Hospital’s phones and electronic health records system is back online after it was disrupted from power fluctuations last week.

The July 28th incident and following glitches over the weekend impacted billing and patient data access.

Hospital Administrator Lillian Perez Posadas says adapting has been a challenge.

“The patient registration and the patient billing system was impacted. We had to do manual registration of the patient’s names, where they’re at, what room they’re in, what kind of the orders and medications the doctors want the patients to receive, so all of that was being done manually,” said Posadas.

When a hospital’s EHR system is down, it leaves hospital staff unable to access critical patient information and can significantly hinder patient care.

The public hospital’s IT team has ruled out a cyber breach. But GMH needs to harden its IT infrastructure and upgrade multiple packages of software, to include purchasing a new ehr system.

“There’s no indication of any data breaches or any external attacks. It was really our internal infrastructure, our equipment and the power sources,” said Posadas. “We are loaded with patient information, vital and critical patient information. Across the nation, hospitals have been a targeted source for that information. It is our responsibility to protect patient information and even employee information, their social security and all that that’s in our system.”

Their current system, carevue, was recently implemented in late 2022 for $5 million, but later discovered to be unfit for a critical care hospital.

GMH IT Administrator Manny Gabriel breaks it down further.

“For example, the EHR, which is Carevue, is only three years old if you think about it. But it interfaces with systems that are over 20 years old. If the system is 20 years old, it means the software and hardware is over 20 years old. We have been able to get by with basically ductapes and bandaids for a while now, but it’s not sustainable,” said Gabriel.

The much needed upgrades are part of a risk management plan that GMH has to implement after being hit by cyber-security threats in the last handful of years.

One in March 2023 forced GMH to temporarily shutdown their network, prompting the FBI and Homeland Security to get involved.

As reported, two former employees accessed the hospital’s network without permission from the US mainland.

That incident, along with a separate ransomware attack in January 2019, led to a $25 thousand fine from the US Dept. of Health and Human Services for potential HIPAA violations, and for GMH to come up with the risk management plan.

“It’s a five year implementation plan that’s going to cost us maybe $6 million a year. So definitely the budget will be critical for us to get. I’m begging and defending our budget with the legislature,” added Posadas.

So far, as a contingency plan against future power fluctuations, GMH has procured two batteries as a power source, costing $59,000 each, which is still on its way to Guam by ship from Australia.

It should be noted a failing EHR system could also impact accreditation with the centers for medicare and medicaid services, and could result in funding loss.

“We don’t want to lose the reimbursements and plus we want to ensure we comply with the standard of care, that our team is giving their best and quality of care they can given the resources that we have. That’s really what the team spirit is within this hospital,” added Posadas.

The hospital is to put out an rfp for a new records system, which could cost up to $60 million.