Data attacks on healthcare organizations continue to rise, with the most recent impacting 4.5 million patients at Franklin, Tennessee-based Community Health Systems. And when it comes to security at Texas Health Resources, a 25-hospital organization, CIO Edward Marx says it is every employee's responsibility in an interview with Healthcare IT News.
Marx, a member of FierceHealthIT's Advisory Board, says his security teams is made up of 24,000 people--the total number of employees at the health system. Every employee at the system must, once a year, take a privacy and security class as well as a proficiency test, he tells Healthcare IT News.
"We're learning through experience, and what we see happening out there, that more and more of the focus of breaches and attempts to get into systems is being turned toward healthcare," Marx says.
Cincinnati Children's Hospital also is taking a proactive approach to training employees to keep data secure. Yiscah Bracha, an enterprise data strategy technical specialist at the hospital, says the facility has made training widely available, covering not only how to navigate and use the data, but how to do so securely.
Texas Health Resources also has a security task force, according to Marx, which reports up to the audit committee of the health system's board. Marx and the system's chief security officer also sit before the audit committee and the board to ensure "a direct line of sight from the chairman of the board ... all the way down to the individual employee," Marx says.
He says he sees his security team continuing to expand and doubling down on its security efforts.
Healthcare organizations should also focus on security skills over healthcare acumen when it comes to hiring for IT positions, according to security expert and author Mansur Hasib. He says it is best hiring security pros who can learn the business and run a tight ship while doing so.
To learn more:
- read the Healthcare IT News article