Moving towards an entirely digital world of healthcare can be very appealing in a lot of ways. Having everything digital means better interoperability, increased patient access, and more. However, with the ever-increasing cybersecurity threats and attacks moving more digital can also be very scary. And it is in these uncertain and scary times that people turn to their leaders for guidance. This leaves us with the big question of what role Health IT leadership plays in ensuring the security and privacy of patient data, and what strategies can leaders employ to address emerging cybersecurity threats.
We reached out to some fantastic leaders in our Healthcare IT Today Community for their insights into this big question. The following is what they had to say on the matter.
Ravi Soin, Chief Information & Security Officer at Edifecs
HIT leadership is critical to ensuring the security and privacy of patient data. A security breach can be potentially catastrophic to an organization and every leader must understand that this must be a strategic priority for their organization. Organizations that prioritize security and compliance will provide the appropriate training, tools, and technology to safeguard patient data and in turn, safeguard their business. Addressing emerging cybersecurity threats requires a comprehensive and proactive approach from leaders. This starts with continuous learning, fostering a culture of cybersecurity, risk and security assessment, incident response plan, and implementing a defense-in-depth strategy. Healthcare security and privacy frameworks like HITRUST align best practices in establishing a baseline level of security.
John Johnson, Chief Information Officer at Savista
Cybercriminals continue to develop more sophisticated and creative ways to steal sensitive data. Zero-day exploits, deepfake threats, and ransomware attacks are on the rise with catastrophic consequences. Health IT leaders must instill vigilance in their organizations through policies, practices, and continual education and training. Staying informed about evolving regulations, standards, and laws is a required prerequisite to any successful cybersecurity program.
Health IT leaders must partner with business leaders to establish and enforce security policies. Leaders should take the time to research emerging threats and incorporate those changes into their security programs. Regular risk assessments should be performed to identify vulnerabilities, and corrective actions should be prioritized. Health IT leaders should develop comprehensive incident response plans, and test those plans to ensure the organization is prepared to handle incidents. As cybersecurity threats continue to emerge, Health IT leaders must develop a comprehensive program to address those threats. The security program must include foundational security practices to reduce risk such as multi-factor authentication (MFA), data encryption, patch management/software updates, network segmentation, and ongoing employee awareness training.
A mature security program should include the adoption of systems and services for continuous threat monitoring and intrusion detection. Those systems will allow IT leaders to detect unusual activities in near-real time, improving response time, and decreasing the overall risk to the organization. Health IT leaders should consider the adoption of a cybersecurity framework (ex. NIST) to enhance the organization’s cybersecurity maturity. Engaging with 3rd party security experts to conduct regular security audits can help the Heath IT leader continually evolve their security program and roadmap.
Caryn Hewitt, RN, BSN, CENP, CPHQ, Senior Director of Consulting Services at CenTrak
An organization has to proactively invest in its people and tools to assure privacy and security. It’s non-negotiable to maintain the security of data for an organization. It’s also crucial that the leadership is ahead of the curve. They need to know what’s in the market, what’s occurring in the world, and be huge proponents of the conversation to maintain patient privacy.
Wes Wright, Chief Healthcare Officer at Ordr
The Healthcare IT leader’s responsibility is to make sure that the entire organization realizes that cybersecurity isn’t just an IT issue, it’s a patient safety issue. Once you can get your healthcare organization to realize that, it becomes a team effort, not just the IT or security department trying to drive it. You’ll see exponential returns once you embed that thought in your organization — that cybersecurity isn’t just done by the IT folks, cybersecurity is an organizational priority because it’s a patient safety issue.
Chris Toth, Director of Compliance and Risk Management at hc1 Insights
The security of all data is not something to be taken lightly and regardless if it is customer or patient data, it should be encrypted from cradle to grave as it takes the guesswork out of it. As cybersecurity threats continue to emerge, health IT leaders need to demonstrate that their organization takes not only data security and privacy but risk management seriously. Working with a third party to conduct a risk management assessment provides external validation and added confidence that your organization has gone above and beyond to implement and enhance information risk management and compliance programs.
So many great things to think about here! Thank you to everyone who took the time to submit a quote for us and to all of you for reading this article! We couldn’t do this without your support! What role do you think Health IT leadership plays in the security and privacy of patient data? Let us know in the comments down below or over on social media. We’d love to hear from all of you!
