Healthcare Information Security

Cybersecurity News

Cybersecurity, Patient Trust, Data Sharing Top Health CIO Priorities

A new report from CHIME and LexisNexis found that CIO priorities varied by the current phase of their EHR implementation, from infrastructure to consumerism.

healthcare CIO security leadership priorities

By Jessica Davis

- The top priorities of healthcare chief information officers and other leaders are cybersecurity, interoperability, patient trust, data governance, and other areas, depending on the stage of their EHR implementation, according to a new report from CHIME and LexisNexis Risk Solutions.

The second annual focus group included feedback from 31 healthcare executives from hospitals, nursing homes, and health plans of varying sizes. The researchers found that, overall, healthcare executives are more concerned with earning and retaining patient trust than with checking boxes for compliance regulations.

What’s notable, is the report found that the priorities for each security leader varied, depending on the maturity level of the EHR implementation within their organization.

Those in the early stage of adoption and upgrades are primarily concerned with infrastructure, including cybersecurity and interoperability. The report found that protecting patient data is necessary, from both inside and outside of the organization.

Additionally, those surveyed said they lean on multiple security layers, including one-time use passwords, biometrics, and knowledge-based authentication to address infrastructure vulnerabilities. In addition, multiple access points pose a real challenge as it requires daily monitoring and each access point needs to be secured.

“Cybersecurity is a major priority, particularly as organizations expand system access to third-party vendors, patients, auditors and others,” the report authors wrote. “There’s a consensus that up-front investments to protect patient information is paramount.”

“They likened their strategy to that of plugging holes, with each additional security layer plugging more vulnerabilities in their system infrastructure,” they added.

Further, interoperability was seen as more than an internal and external data exchange issue. The researchers noted: “They underscore data consumption and its meaningful use; specifically, the need to deliver information into the clinical workflow of providers.”

“Once this foundation for secure data input and exchange is laid, priorities shift to data governance and data cleansing that is, stabilizing the data so it can eventually be used for business intelligence,” the report authors wrote.

Those surveyed with an established data input and exchange infrastructure were primarily concerned with data governance and patient/provider directories. Specifically, they noted that a siloed approach to governance is ineffective. Rather, they lean an enterprise-wide approach, with significant input from information management and quality assurance.

Lastly, data analytics and patient engagement were the top priority for those security leaders currently with a mature phase of EHR deployment. Those organizations are primarily concerned with garnering meaningful patient insights, along with developing a strategic initiative for fully engaging patients in their care.

“Organizations are driven by the desire to do what's right for the patient, not merely complying with a regulation,” Josh Schoeller, LexisNexis Risk Solutions Health Care Senior Vice President and General Manager said in a statement.

“This is evident in how they approach every challenge inherent in various levels of EHR integration: from ensuring accuracy of patient data, protecting it, and sharing it in a meaningful way to collaborating across departments to deliver personalized, high-quality care, to innovating to engage patients,” he added. “Data governance is a complex, evolving journey, not a destination.”

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...