ViVE 2023: Hospitals, health tech companies face shortages in data privacy, security talent. Recruiting 'outsiders' could be one fix

NASHVILLE—It’s no secret that healthcare organizations across the country are grappling with a widespread shortage of frontline clinical labor.

But beyond the need for more nurses, hospital IT and medical device company leaders say their teams are landed in a similar bind due to the miniscule supply of healthcare data privacy and security talent.

What’s more, they said the issue is being compounded by a growing need for such specialized expertise due to rising healthcare organizations’ cybersecurity risks, increasingly connected digital offerings and stricter federal enforcement of data privacy requirements.

“Security and privacy … kind of outpaced the general market in terms of the demand being so high and the supply of talented people being so, so under the need,” Bill O’Connell, head of product security and privacy operations at Roche Information Solutions, said to a co-panel of device maker and health system executives. “So, I think it’s important to get creative about what are the specific roles you need.”

In other words, healthcare organizations will likely need to expand their nets to capture potential candidates, panelists said. While some groups may have the “luxury” of permitting remote work and enticing talent outside of their local setting, for many the more realistic option will be to consider more applicants who don’t have healthcare on their resumes.

O’Connell said he’s primarily had success pulling in employees from industries like finance “because they really understand what it is like to operate in a regulated environment where customers have a very high expectation that, sometimes, exceeds what the regulations dictate.”

Sherri Douville, CEO of healthcare software platform Medigram, said that those candidates don’t necessarily need to be from highly regulated industries. Rather, with the right educational materials, training and certification courses, individuals with “the right values [and] the right skills” can be brought into healthcare.

“We need people with … other IT infrastructure experiences, security experiences, implementation experience, project management—and a lot of that is not native to healthcare,” she said. “So we have to go out and get it, and we have to upskill them to be really effective.”

St. Joseph’s Health’s Jesse Fasolo, a technology infrastructure, cybersecurity and information security head (as well as a finance industry convert), noted that it’s important for health systems and other organizations to adopt training methodologies that emphasize being up-to-date with the fast-changing times.

“The [external] talent is not learning in the capacity that technology and security regulations and privacy is growing,” he said. “It’s hard to get new skills, or a person with those new skills, in your door. You almost have to nurture and develop within, or identify at a lower cost an individual that can become successful or succeed at a higher level.”

Even with these open-minded approaches in place, fierce competition from the other regulated industries already has the health industry at a disadvantage, health system representatives said.  

“It’s almost impossible to source candidates nowadays when other industries are paying approximately 30% to 40% more,” Fasolo said. “That leads to issues with privacy and security, especially around your data [and] especially around your devices and infrastructure as well, because they’re coming with less experience and less exposure because that’s what’s available. You really need to robust your program with education and development and … certifications.”

The hill is steeper still for under-resourced hospitals forced to compete with larger systems. Marti Arvin, chief compliance and privacy officer at Chattanooga, Tennessee safety-net hospital Erlanger Health System, said her organization has been “trying to do some of that grow-your-own,” but finding that the trainees only stick around for roughly half a year before jumping ship for higher pay.

“Particularly with work remote now, we have a lot of people who say ‘I can go to work for an East Coast entity that’s going to pay me a lot more than Chattanooga, Tennessee, but I can still stay and live in Chattanooga, Tennessee,” she said.

“It’s incredibly competitive to try to fill those positions—we have a number open if anybody’s looking,” she added for the audience.