TRENDING:

Healthcare CISO Association Launched

New Group Designed to Boost Professional Development Marianne Kolbasuk McGee (HealthInfoSec) • August 4, 2014    
Healthcare CISO Association Launched

Healthcare information security leaders face industry-specific challenges, ranging from patient safety and clinical workflow concerns to HIPAA compliance. Now the College of Healthcare Information Management Executives is launching a professional organization that's designed to help CISOs deal with critical issues.

See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion

CHIME, which serves healthcare CIOs, says its new Association for Executives in Healthcare Information Security, or AEHIS, is the first group designed specifically for chief information security officers and other top-ranking infosec leaders who work at healthcare entities of all types and sizes.

The CIO group decided to launch the new association for CISOs after seeing a need for educational resources, professional development and networking, says Russell Branzell, president of CHIME, and former CIO of Poudre Valley Health System, which is now Colorado Health Medical Group, a division of the University of Colorado Health.


Russell Branzell

In CHIME's work educating healthcare CIOs, including boot camps that are also sometimes attended by CISOs, it became apparent that there is a significant void in the educational, professional development, and peer-to-peer collaboration resources available for healthcare CISOs and CSOs, Branzell tells Information Security Media Group.

"A lot of healthcare CISOs come from other industries, other sectors of the economy. And there's a pretty big gap for them to learn healthcare," he says, including specifics such as HIPAA regulations. "In banking, you secure it... and if [security technologies] slow things down, you don't care. But what they've learned painfully in many cases in healthcare is that security needs to somehow complement patient care," he says. CHIME leaders believe "there's an opportunity, but even more so, a requirement, for us to support that segment of the industry," he adds.

AEHIS will offer in-person educational events and online resources, says George McCulloch, CHIME executive vice president of membership and professional development. For instance, the new group is working with professional development and education organization, Institute of Health Information Technology Transformation, also known as IHT², to offer healthcare CISO activities co-located at upcoming IHT² events. AEHIS also has a new LinkedIn group for its members, he says.

On a related theme, accreditation organization (ISC)² last year began offering a new certification aimed at healthcare infosec professionals. The HealthCare Information Security and Privacy Practitioner certification is designed to validate that a practitioner has the core level of knowledge and expertise required to address specific security concerns (see New Health InfoSec Credential Debuts).

Key Topics for CISOs

The new CISO association's topics for discussion and educational resources will include best practices, trends, security alerts, reminders about upcoming regulatory deadlines, and materials that "help [members] be more proactive, rather than reactive, which is more beneficial in helping them get ahead in their careers," McCulloch says. That includes resources and professional advice sharing for CISOs who have aspirations of one day becoming a CIO, Branzell says.

Security is "a huge emerging focus for healthcare, including the CIO," Branzell notes. He recalls that when he was a CIO, "one of the few things that kept me up at night was security. Was someone going to do something dumb with a laptop? Or was there a huge vulnerability in our network? Or was there a back door that some vendor left open?"

Because the size of healthcare entities range from the smallest doctors' offices to the largest academic medical centers, AEHIS is open to professionals who don't necessarily hold the "CISO" or "CSO" title, but are the highest ranking person in charge of information security matters at their organizations, McCulloch says. That could include leaders who oversee both security and privacy matters at smaller organizations.

Those who apply for AEHIS membership before Dec. 31, 2014, will be recognized as founding members and will receive a one-year free membership, McCulloch says. After that, annual membership will cost $99. "We're not looking at this as a money-making operation," Branzell says. "We want to help people by filling a gap."

Professional Collaboration

Christopher Paidhrin, manager of information security technology at the information security division at PeaceHealth, a healthcare delivery system in the Pacific Northwest, says he's already signed up to join AEHIS.

"Healthcare has multiple regulatory interests - including HIPAA and the HITECH Act ... that are not common to all CISOs," he explains. "I routinely network in my local northwest community, and there is great value in this. But the number of CISOs are too small a sampling for a number of topics. A national representative group could make healthcare-centric information security collaboration much easier. Additionally, a national group would alleviate the local competition issues that, at times, stymies peer collaboration."

Previous
Data Destruction Law Allows Civil Suits
Next
Target's Breach Costs Continue to Mount

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.



Around the Network

Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs
Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
Aité-Novarica's Cybersecurity Impact Award
Aité-Novarica's Cybersecurity Impact Award

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.