Charles Christian, new chairman of the College of Healthcare Information Management Executives and CIO of St. Francis Hospital in Columbus, Ga., suggests healthcare CIOs need to implement a security strategy that includes a blend of technologies, policies and best practices.
In an interview with Healthcare Info Security, Mr. Christian reiterated CIOs' growing concern with data security, adding that to address it, CIOs need to focus on a multitude of areas.
"There's not just one thing that we have to do," Mr. Christian said. "In order for us to secure the data that we have, we have to have a blended strategy."
Such a blended strategy includes proper policies, staff training and education, audits and "routine things" like network access control, Mr. Christian said in the interview.
More specifically, Mr. Christian said, "You have to have policy in place, you have to make sure your staff and teams are educated and the regular employees are educated. You have to audit that to make sure that the education is sticking….You have to have firewalls and encryption. You need to make sure any mobile data that can be taken out of the data are encrypted. You have to get and audit those. It's not just one or two things. It's a variety of things that we must do."
Doing so is a necessary preemptive approach to cybersecurity, he said.
"You can't wait until the barn burns down to take the horse out. You have to take the horse out beforehand."
More articles on information security:
New Jersey passes health data encryption law
President Obama calls for improved cybersecurity legislation
Employee security training can reduce cybersecurity risks by 70%