As the leader of a healthcare organization’s IT department, a CIO’s days are naturally segmented based on the different projects being worked on at the moment and filled with meetings, updates and reports from other officers. But as those in support roles, such as Chief Information Security Officers (CISOs), continue to take on more responsibility because of the unique needs of their specific departments. As a result, a CIO needs to be confident that their CISO is up to date not only on the latest IT security threats, but has a deep knowledge of the healthcare industry as well.
To help ensure those needs are met for its members, the College of Healthcare Information Management Executives (CHIME) announced during HIMSS14
that it will offer professional support and education to executives that work closely with CIOs and are shouldering increasingly heavy roles in healthcare organizations. CHIME will aim to boost the amount of high-level educational and development opportunities for key members of the CIO’s executive team by providing some similar educational opportunities that CHIME provides CIOs.
CHIME CEO Russell Branzell told HealthITSecurity.com that CHIME is a member-driven organization and it heard from its members loud and clear that security is a topic that needs to be addressed. While he was in a CIO role, Branzell learned that the next level of leadership for the C-suite of the CIO really sometimes doesn’t get the support, networking and education opportunities that CHIME CIOs receive to help them be successful in their jobs. “If those people aren’t being successful at what they do, then CIOs aren’t being successful, so we’re working with a subset of our members and several CISOs to understand what their needs are as we build this program,” he said.
The educational support will be divided into three areas: CSOs, Chief Application Officers and Chief Technology Officers. But Branzell explained that the biggest point of contention among CHIME members was security, which he described as an emerging area and a great opportunity for CHIME. Because IT security in the healthcare industry is significantly underemployed, CHIME has its work cut out. As for how these executives will receive this education, Branzell said there will be everything available from online collaboration, social media connections, best practice opportunities via webinars. These executives will have every environment that we exist in today, as well as their own education programs, where they can receive continuing education and best practice sharing with each other. “We also launched regional education events this year on the strategic application of security, which will work in collaboration with the CIOs in terms of the topic areas that we’re looking to hit upon this year and even next year,” he said.
CHIME CIOs, though it’s dependent on scale and need of the organization, require an IT security professional to also serve as an executive leader for security and to take control and really run it for the CIO so the CIO can focus on strategic application of technology, said Branzell.
There must be someone behind them at the appropriate executive level driving, leading and managing the security initiatives. There are so many things to keep up on with security – I try to read every security magazine I can and [I feel like] I know about 5 percent of what I need to know. A true security professional knows what needs to be done and how to deploy it within an organization on behalf of the organization’s IS division.
It’s not just about how you take care of the basic technical security, it’s how to deploy technical security solutions that don’t just meet the technical security requirements, but also enhance the business. This includes the delivery of care, remote accessibility, mobile health – security should extend the process so it’s part of the solution rather than being basic security layer technology.
Branzell was sure to drive home the point that CIOs need someone who’s worked in security and can run the IT security program from a leadership perspective. He said he was talking to a CIO last week and she said “I talk more to my CSO now than I talk to my Chief Applications Officer (CAO) and Chief Technology Officer (CTO) combined.” When you consider how much is going on in the CAO’s and CTO’s spaces, for her to talk to the CSO twice as much as the others meant two things to Branzell: (1) The CAO and CTO are mature leaders that don’t need a lot of guidance and (2) there is just a lot going on in security.