Theresa Meadows: Providers must understand their cybersecurity risk

As a member of the Health and Human Services Department’s Health Care Industry Cybersecurity Task Force, Theresa Meadows has been called upon to represent the perspective of hospital chief information officers. The 21-member group is charged with analyzing how several industries, including healthcare, address cybersecurity; it ultimately must present a report to Congress on its findings and recommendations.

Meadows (pictured right), who serves as CIO at Dallas-based Cook Children’s Health Care System, calls cybersecurity among her biggest priorities; she is also a co-chair on the task force.

In an interview with FierceHealthIT, Meadows shares her thoughts on the group, what it means for the industry and its impact on her work at Cook Children’s.

FierceHealthIT: How do the meetings work? Does everyone get a particular assignment at a meeting and report back?

Theresa Meadows: We will have four face-to-face meetings and monthly conference calls. We have had two face-to-face meetings and several calls. We have several objectives for which we are trying to develop recommendations and have divided these items into work streams. We are having these groups meet in between the conference calls and face-to-face meetings.

FHIT: What is the most surprising thing you’ve discovered as a member of the task force?

Meadows: I don’t know if I would call this surprising, but the group that was chosen has great synergy. We are all very passionate about this issue and we all have spent a great deal of personal time to ensure the recommendations we make are achievable.

FHIT: How would you rate the state of cybersecurity in healthcare?

Meadows: I do think healthcare is a bit behind, but that is mostly because of the complexity of the industry. There are many points of entry and many subsectors--hospitals, physician offices, health plans, software vendors, medical device manufacturers, laboratories, pharmaceuticals, etc. Each of these subsectors have unique security challenges, but there are many common security challenges across all subsectors. The task force has chosen to focus on common things across all subsectors.

FHIT: Is there anything you’ve learned from other task force members that you’ve been able to take back to Cook Children’s and apply?

Meadows: The biggest thing is understanding your risk and developing plans to ensure you can mitigate the risk. This seems simple, but this is something many organizations do not do.

FHIT: Cybersecurity aside, what are your biggest priorities as CIO at Cook Children’s and how are you addressing them?

Meadows: Cybersecurity is always at the top of my list of big priorities. We also are beginning an organization-wide electronic health record system conversion. This is a large strategic initiative and we will be putting a heavy focus on this implementation for the next 24 months.

Editor's Note: This interview has been edited for clarity and length.