Why Healthcare Security Must Be Top Priority for CIOs

Healthcare CIOs admit that it’s not a matter of if their health systems will be breached, it is a question of when their healthcare security systems will be attacked. That was one of several issues discussed by healthcare leaders at the second annual Scottsdale Institute CIO Summit earlier this year.

A Summit report explained strategies that can be used to address emerging informatics requirements for the nation’s healthcare systems. However, finding the best ways to protect against cyber criminals and other health data attacks was a common area of concern among the eight CIOs who attended the summit.

“Absolute security will never be a guarantee,” Sutter Health CIO John Manis said in the report. “We all must understand that we live in an escalated threat environment and this threat environment has become the new normal. Cyber attacks should be considered a constant threat and we need better tools and technologies to mitigate the risk and combat the attacks.”

Integris CIO John Delano agreed, saying that the public relations aspect of healthcare data breaches can also have a huge impact on an organization. Even if a health system is not affected by a breach, extensive public relations work might have to take place because patients were concerned about the privacy of their data, he said.

The report highlighted three strategy areas that healthcare organizations should focus on to help mitigate cybersecurity risks:

Taking a proactive approach to protecting healthcare data is crucial, the report stated. The CIOs agreed that working with vendors to design and outline end-to-end security standards can help create a more secure environment for patients’ data.

“Enterprise standards are a part of ‘tomorrow’s Integris,’” Delano said. “We’re working closely with supply chain and others on standards for security as well as data interoperability, and reorganizing IT to better support an enterprise architecture with standards at the center.”

Comprehensive employee training is also an essential part of creating a well-rounded and secure health system. Moreover, healthcare organizations must monitor employee compliance with policies.

Adventist Health System CIO Brent Snyder said that most breaches are internal, meaning employees took advantage of the system. Healthcare organizations “can definitely do a better job of managing that,” he said in the report.

Finally, healthcare facilities must proactively monitor security logs and network endpoints for unusual patterns and be able to respond quickly to any security breaches, according to the report.

Cloud data storage was one area in particular that the CIOs said that they were beginning to implement. This option is scalable, allows easy accessibility and is a viable, safe alternative, the report stated. Moreover, with the majority of healthcare breaches happening because of lost or stolen portable devices, cloud storage could mitigate those threats by storing patients’ protected health information remotely.

With healthcare security issues evolving, it is important for CIOs to understand the best ways to remain proactive, even if it means working with other members of the C-suite. That is part of the reason why the College of Healthcare Information Management Executives (CHIME) launched two new programs geared toward Chief Technology Officers (CTOs) and Chief Application Officers (CAOs).

The creation of the new associations is an acknowledgment of the interactions today’s healthcare CIOs need to have with other members of the C-suite in order to be successful in their positions, according to senior leadership at CHIME.