Why CISOs should report to the CIO at healthcare organizations

Every healthcare organization arranges its hierarchy of executive positions differently, but that still begs the question: To whom should the chief information security officer report? This is especially pertinent, as healthcare security and privacy woes increase across the country.

Heather Roszkowski, CISO at University of Vermont Health Network, tells Healthcare IT News that colleagues in her position should report to the chief information officer, with the CIO reporting to the CEO.

Indeed, that’s how many executives feel, according to the article, particularly because of how connected the CIO and CISO roles are today. While some organizations may have the CISO report to someone in the compliance or legal department, many tell Healthcare IT News that the CIO is the best choice.

“Over the last few years, there has been an explosion of security-related issues. So I moved the security responsibilities to a CISO, who reports to me,” John Halamka, CIO at Beth Israel Deaconess Medical Center, says in the article.

The CIO, he adds, is the “strategist,” with the CISO, the chief technology officer and the chief medical information officer all reporting to that office.

To learn more:
- here's the article