Mike Luessi, global head of healthcare and life sciences at ServiceNow and Dillan Yogendra
Using workflow automation to reimagine a total healthcare experience
Bill Hudson
Embracing innovation on the quest toward excellent customer service
Brad Newton, Vice President of Information Technology Administration, Wellstar Health System
Meeting the needs of clinicians while modernizing information technology
Erik Zempel, Director of Performance and Improvement Management at University of Michigan — Michigan Medicine
Q&A: Leveraging technology to improve the customer experience
Doctor using a computer.
UnitedHealth Group relies on user-centered design approach to improve customer service

Additional Resources

Build your AI-first strategy with a digital business platform
Build your AI-first strategy with a digital business platform
Demonstrate the value of generative AI with a cloud-native platform
Demonstrate the value of generative AI with a cloud-native platform
Enhance patient and staff experiences with generative AI
Enhance patient and staff experiences with generative AI
Discover the top 10 healthcare industry trends for 2024
Discover the top 10 healthcare industry trends for 2024
Maximize your current technology investments with generative AI
Maximize your current technology investments with generative AI

Sponsored

Global Edition
Privacy & Security

Balancing cybersecurity concerns with patient needs in an era of increased risk

Walking the fine line between optimal communication and regulatory compliance, IT must engage business leaders with the results of the risk assessments they routinely perform.
June 24, 2019
07:07 AM

Significant security incidents are common occurrences in healthcare organizations worldwide. In fact, 82% of hospitals reported they had experienced a significant security incident in the past 12 months, according to the 2019 HIMSS Cybersecurity Survey.1

“Today, information security is a top C-suite priority in the healthcare industry,” said Paul McRae, senior director of global healthcare programs at ServiceNow, as he kicked off a panel discussion on cybersecurity at the ServiceNow Knowledge 2019 Conference in Las Vegas. “Patient care, safety, and privacy are at risk. Healthcare as an industry has responded by creating a culture of governance, risk management, and compliance.”

The challenge for healthcare organizations, then, is to optimally communicate necessary information to patients while also managing compliance with regulations such as HIPAA.

To address this challenge, an important first step is to identify all the critical systems and their business owners. Healthcare organizations should consider their business partners’ systems, as well, said Fausto Grelli, Head of Digital Services Enablement at Novartis. “We have a significant number of third-party vendors in every area of the organization. Tracking the risk with our vendors is crucial for us.” 

Achieving the balance between optimal communication and regulatory compliance is a sticky wicket for healthcare, said Claude Council, senior manager of cybersecurity at Shriners Hospitals for Children. “The problem is that we could quickly bankrupt the organization if we provide absolute security with zero risk. There has to be a balance between risk and providing patient care, which is the organization's main mission.”

Of course, not providing enough security can result in dire consequences, said Michael Parisi, vice president of assurance strategy and community development at HITRUST. “At the end of the day, if there is a medical device that could be compromised, if there's information that is incorrectly input into a EHR or into a medical record, if a prescription is incorrectly administered, all of that can ultimately result in the loss of human life. It doesn't get any more real than that.”

IT leaders also should perform risk assessments based on HITRUST and then notify business owners of where they need to increase security. To accomplish this, IT leaders can use an algorithm to calculate risk in each system and then let business leaders decide if the level of risk is acceptable. This approach makes it possible for organizations to balance between providing security and allowing internal customers to provide patient care.

Communicating risk to leaders, however, can be labor-intensive. Doing so can involve scouring through spreadsheets, sending control leaders emails pointing out where security weaknesses exist and asking for updates to their systems — and then repeating the same thing two weeks later with the business leaders.

The ServiceNow platform provides timely and consolidated summaries of healthcare system weaknesses to all business owners and leaders. “What we're finding is that the business owners are becoming more engaged because they're seeing it,” Council said. “It's in front of them.” Because of this automated communication, in fact, Shriners has reduced control weakness by a significant percentage.

Reference
1. HIMSS. 2019 HIMSS Cybersecurity Survey. https://www.himss.org/2019-himss-cybersecurity-survey.

Topics: 
Patient Engagement, Privacy & Security, Workflow

More regional news

Clinician in scrubs at a hospital computer

CommonSpirit partners up with U of U for clinical collaboration

By
Andrea Fox
November 22, 2024
Stethoscope on an iPad

HIMSSCast: Care provider or tool? When and why patients like AI

By
Andrea Fox
November 22, 2024

EHR tips on migrating an all-digital hospital to Epic

By
Bill Siwicki
November 22, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story
EHR tips on migrating an all-digital hospital to Epic

Most Read

In Colorado, telehealth for maternal medicine improves quality, patient experience
Meridian, Mae partner to boost maternal outcomes, lower disparities
Particle Health files antitrust suit against Epic
Choosing a managed IT service for aged care
Patients with sensitive health issues more comfortable making appointments with chatbots
ASTP intros 2024 draft Federal FHIR Action Plan

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

David Miles at Oklahoma Heart Hospital_Part 2_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
Switching from Cerner to Epic? Meet a CIO who made it out alive
David Miles at Oklahoma Heart Hospital_Part 1_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
The CIO of an all-digital hospital walks readers through its successes
Dr Alice Sutedjo Lisa at SMC Telogorejo Hospital_HIMSS24 APAC
Assisting the elderly in digital care
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive

More Stories

Agency cybersecurity infosec illustrated by many colored streams harnessed by a lock
OIG again deems HHS' infosec program ineffective
Joanna Lucas, RN, of St. Luke's University Health Network
Case and referral management technology gets big results for St. Luke's
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive
Northwestern Medicine
Northwestern Medicine announces international healthcare collaboration
BJ Schaknowski of symplr
Too many IT systems with limited alignment impacts care quality
Doctor in scrubs using computer
Tenet to deploy AI platform across its physician network
Healthcare CIO with other healthcare executives
Health system CIOs' strategic responsibilities continue to evolve
George Pappas at Intraprise Health_Digital shield and lock Photo by da-kuk/Getty Images
Tighter cyber mandates hold New York providers to higher security standards