Like any risk measure, the level of insider risk in a health system is never static, despite the fleeting comfort a snapshot might provide. Thus, it's helpful for security and privacy professionals to contemplate the reasons spikes occur so mitigation measures can be implemented at the right time and place. For example, if we consider that issuing …

The pressures that go along with leading cyber in a healthcare institution are daunting; some of which include the need to be perfect all the time, the fact that the industry is under almost constant attack, and the presence of financial margins that don’t leave IT with money to burn. Of course, combine all that […] Source: Q&A with United Musculos…

The recent rash of ransomware-induced outages has truly created a "not if, but when" dynamic for health systems. And with that feeling must come a commitment on the part of all leaders to ensure their organizations can continue safely treating patients and maintaining critical business operations during such an ordeal. To do that, downtime plans ne…

In a perfect world, the only thing imaging professionals would have to consider is how to improve clinician workflow and thus, satisfaction, along with patient safety. Of course, the world is far from perfect, as demonstrated by healthcare’s shrinking margins. So those professionals must do their part to keep the enterprise as robust as possible. […

Application rationalization is one of those thorny projects -- absolutely necessary and extremely challenging. It's absolutely necessary because millions of dollars are potentially being wasted on applications that are little used, if at all, while their mere existence increases the cyber attack surface. And it's extremely challenging because, even…

The only way to solve the many problems plaguing physicians is by involving those who “understand the work, understand the problems, and live them every day, and partnering them with technology experts.” In this interview, Eve Cunningham, MD, Chief of Virtual Care and Digital Health at Providence, talks about her team’s objectives, the clinical sup…

The community hospital market is struggling with razor-thin margins, according to John Gaede, CIO, at San Juan Regional Medical Center; the result of increasing payroll and technology costs, along with the sunsetting of pandemic-related government programs. CIOs, he says, are in the critical position of making sure every dollar of those technology …

AI has the potential to address dozens of efficiency challenges that health systems must solve in order to flourish in today's world of staffing shortages and increased burnout. As such, there is no lack of requests by users to interject it into this or that workflow. In many instances, however, the problem with moving forward is a red light put up…

For the better part of a decade – from 2010 to 2020 – CIOs were busy implementing and optimizing their EMRs. And since 2020, it’s been all about cost cutting via application rationalization, integration and, of course, security. But there’s another massive challenge that stands to benefit from CIO leadership – the journey from a […] Source: Q&A wit…

Unless they work for technology companies, CIOs aren’t technology executives, according to Maria Sexton, CIO at the University Medical Center of Southern Nevada. Rather, they are business executives with technology expertise. It’s a nuanced definition, she admits, but one whose understanding makes all the difference. And with that understanding com…

“I want to avoid rushing into things and making mistakes you can’t recover from,” said Donna Roach, CIO at University of Utah Health. In this interview, she talked about the value of doing things “in a thoughtful way,” the platform-first approach her team has adopted, and what they’re learning by letting users play in the AI sandbox. Source: Q&A wi…

Whereas AI has some excessive enthusiasm around it (especially in the clinical realm), automation is a no-brainer. Well, not exactly. That's because -- though automation may work magic when done on the right workflow, at the right time, and in the right way -- getting all three right (without understanding some nuances) is a long shot. In this prac…

On most days in cyber, it can seem like there are a million things to do. For Jim Kuiphof and his team, that was probably the case in 2022 when Spectrum Health and Beaumont Health merged to become 22-hospital strong Corewell Health. Of course, there was much foundational work to be done, but Kuiphof notes […] Source: Q&A with Corewell Health Deputy…

It’s the key question all CISOs have to ask themselves – especially those at small- to mid-sized organizations whose cyber teams run in the single digits as opposed to hundreds: how do I operate so as to get the biggest bang for my limited buck? For Blaine Hebert, VP and CISO at Yuma Regional Medical, […] Source: Q&A with Yuma Regional Medical Cent…

With organizations heavily focused on EHR rollouts and optimizations, the “critically important” administrative systems took a back seat, said Craig Kwiatkowski. In this interview, he talks about the “major overhaul” Cedar-Sinai has undergone to centralize services, the keys to success with its Accelerator program, and his interesting career backgr…

You might think a former drill sergeant turned CISO would lead with a ‘my way or the highway approach,’ but for Terry Grogan, VP of IT Assurance & CISO at Tower Health, that couldn’t be further from the truth. That’s because, according to Grogan, such leadership will only see you followed when seas are calm, […] Source: Q&A with Tower Health VP of …

Recent industry-shaking events have made it clear that serious points of risk lurk throughout healthcare. They’ve also revealed that operational risk and IT security risk are deeply intertwined, making it incumbent for CISOs and CIOs to work with others in their health systems – from the chief risk officers, to clinical leaders, to emergency manage…

Enterprise imaging is similar in scope to the EHR, and it allows clinical users to properly identify, acquire, store, manage and visualize imaging studies from across their enterprise, regardless of device, modality, department, service line or location. Historically, each imaging department made its own decisions and purchases regarding these serv…

The IT stack of the past cannot service the health system of the future. That’s one of the main sentiments that runs through the following thoughts offered by Franciscan Missionaries of Our Lady Health System (FMOLHS) SVP/CIO Will Landry. For example, legacy and on-prem technology cannot provide the business continuity and disaster recovery capabil…

It's the dirty little secret among healthcare cyber professionals -- they don't know where all their ePHI is; not even close. And while those professionals are not to blame (healthcare workflows and, thus, data flows are messy business); they do have to get their arms around the problem. The first step? Understand it. In this unique webinar, we'll …

With the right strategy and partnerships in place, there’s a way to “address the health system’s key challenges around capacity constraints while emphasizing patient comfort and privacy,” said Heather O’Sullivan, President of the Healthcare at Home Division at Mass General Brigham. In a recent interview, she talked about what it takes to break with…

Savvy healthcare IT security professionals are as focused on an efficient recovery if something goes down as they are on keeping the enterprise up. And to be positioned for success around recovery, it's imperative business continuity plans are right sized to address the large amounts of data that health systems are amassing every day. In this timel…

For a whole host of reasons -- security, cost and interoperability to name a few -- heath systems are looking to shrink the number of vendor/partners they work with. To that end, hospitals have launched application rationalization efforts seeking to retire one-offs or little used apps, along with raising the bar to bring in new ones. One area where…

They represent the crown jewels for cybercriminals -- legitimate login credentials that will allow them an undetected entrance to your network. And while security executives are doing everything possible -- such as extensive training and phishing tests -- to guard against compromise, it's not a question of if but when someone will make a mistake an…

There’s an old parenting saying, “Do as I say, not as I do.” Of course, it’s meant to get parents off the hook for not demonstrating the behavior they want emulated. Unfortunately, it rarely works, as the disconnect between talk and action isn’t lost on the little ones. When it comes to recent conferences, some […] Source: HIMSS24 Conference Wrap: …

Then only thing that’s constant is change, which means the key is being observant. At least that seems to be the key when navigating the industry’s changing mega-conference dynamic. In the spring, there used to be just HIMSS, with the CHIME Spring Forum affixed to the front-end. Now, CHIME partners with HLTH on ViVE. With […] Source: HIMSS24 Confer…

All the fancy apps in the world won’t do users a bit of good if the network is down. And, in fact, sometimes having a bunch of fancy apps from different vendors introduces the type of complexity that makes it more likely the network will, in fact, go down. So it’s no surprise that a […] Source: Partner Perspective: Application Rationalization Combi…

Like any cost center, IT departments are continually asked to spend less, without reducing either the quantity or quality of services they provide. If it sounds like a tall order, it is. That's why many health systems, though they've tried mightily over the past few years, have seen limited success in doing more with less. But, believe it or not, t…

With resources becoming increasingly scarce, it’s more important than ever to prioritize value, said Inderpal Kohli, CIO at Englewood Health. During a recent interview, he talked about what it means to be “a use case and outcomes-driven organization,” how he works to connect his team with the mission of the organization, and the real challenge with…

The cloud can be a magical place of value and optimization – but only yields its secrets to those with the expertise to master it. The problem is that many health systems moved in too quickly or without that expertise, leaving IT executives in the position of having to go back and retro fit important […] Source: Live @ HIMSS Partner Perspective Q&A…

Healthcare is dynamic, some might even say chaotic. Anyone who has spent five minutes in a busy hospital will attest to the fact that caregivers, patients and equipment move through the hallways, and in and out of rooms, at a dizzying pace. And with all that movement, it's no surprise those same caregivers are often slowed down when they can't find…

As the old expression goes, time is money. For executives like Keith Duemling, Senior Director of Cybersecurity Technology Protection, Cleveland Clinic, time is also about focus. That’s why he’s laser focused while at shows like HIMSS on finding ways to better protect the clinic’s patients and their data. To that end, exhibit floor games that […] S…

When IT folks are handed just about any situation, they find solutions – it’s in the DNA. So it’s not surprising that when Mike Mistretta, SVP & CIO at VHC Health System, was handed finished plans for a new outpatient building, he and his team went to work outfitting it with the latest and greatest […] Source: HIMSS Conference Preview: Mike Mistret…

Though health systems talk about what they want their "digital front door" to look like, the reality is they usually have many; none of which provide the same experience. That's because often their individual hospitals, departments, service lines and physician practices -- especially those recently acquired -- have their own digital front doors, if…

It’s the old preconception that’s kept security out of the equation for far too long – if cyber gets involved, the whole project is dead, or at least not going anywhere fast. Luckily that dynamic is falling by the wayside, as business leaders have to come to realize that not including security means taking on […] Source: Q&A with Children’s Hospita…

Healthcare is complicated. So it’s not surprising that healthcare cybersecurity is just as complex. But what shouldn’t be complicated is the guidance health systems are given to deal with threats. In the past, a number of well-meaning entitles – from government to private to hybrids of the two – have put out roadmaps, frameworks and […] Source: Liv…

Healthcare is abuzz with talk of artificial intelligence. And when it comes to cybersecurity, that buzz both has to do with how the bad guys are going to use it, and how the good guys can apply it to defense. But Ryan Witt, VP, Industry Solutions, Healthcare, Proofpoint, warns that today, the time of small- […] Source: Live @ Vive Partner Perspecti…

“The power of any type of EHR is how it’s being utilized, not only by clinicians but also by your patient population,” said Raymond Lowe, SVP and CIO at AltaMed Health Services. In this interview, he talked about how his team’s recent Epic achievement, how they’re leveraging data to help enable “culturally competent care,” and why it’s not always w…

In an effort to better engage with patients, many health systems have gotten themselves into a pickle by going overboard. Today, with almost every department running its own patient engagement efforts, those at the end of all that attention are feeling overwhelmed. But there’s a better way, and it starts with governance, according to Guillaume de Z…

How much of an impact can Generative AI have – if leveraged properly, and if all the necessary pieces are in place? Quite a bit, according to Michael Hasselberg. “This is the first time in my career thus far that I’m hopeful that technology will actually make the lives of our clinicians better.” In a recent interview, he explained why, and talked a…

It’s the foundation of any care access experience offered by a health system or hospital. Provider data powers a myriad of experiences that impact patients, providers, and staff members enterprise-wide. Unfortunately, the many back-end systems that house this data are often out of date and inconsistent, leading to a disjointed experience as people …

One of the keys to meeting Penn Medicine’s core objectives – improving efficiency, reducing clinical burden, and delivering a better patient experience – is in establishing partnerships, said Anna Schoenbaum, VP of Applications and Digital Health. The other? Having “strong governance and engagement. That’s part of our DNA.” Source: “We’re All Learn…

When Skip Sorrels, Director of Cybersecurity with Ascension Health, tells a clinician who may be frustrated with IT that he knows what they are going through, he means it. That’s because, in a past life, Sorrels served as an ICU nurse before moving to cyber. As such, he understands what it’s like to have a […] Source: Q&A with Ascension Health Dire…

If burglars were consistently entering houses in your neighborhood though the back door, it wouldn’t make much sense to spend the majority of your home defense budget fortifying the windows. According to Ryan Witt, VP of Industry Solutions, Healthcare, for Proofpoint, figuring out where to spend your cybersecurity budget should work much the same w…

Cybersecurity in healthcare is at a tipping point, poised to move from the voluntary to the mandatory, although not quite yet. For now, it’s still up to organizations as to whether not they want to comply with any specific framework or set of best practices. Of course, demonstrating adherence to 405(d)’s HICP should get some […] Source: Q&A with In…

IT executives have always had a challenging time ensuring their users were operating securely; but since the Covid pandemic larger workforce trends have seen those challenges multiply. Those trends include fully remote work, a gig economy that sometimes involves the use of short-timers like traveling nurses, and an overall trend of higher turnover …

It’s been said by many a CISO that they essentially function as the chief risk officer. What they are trying to say, of course, is that the job is all about understanding and communicating cyber risk. Interestingly Jacki Monson – currently Chief Integration Officer, CISO & Chief Privacy Officer at Sutter Health – once also […] Source: Q&A with Sutt…

No matter the size or scope of an organization, "you still need to have boots on the ground in IT," says Ray Sharp, CIO at Katherine Shaw Bethea Hospital. In this interview, he talks about the value of rounding, the pros and cons of being a community health organization, and what he learned by spending time outside of healthcare. Source: Q&A with K…

When Swathi West started at Summa Health in early 2023, she embarked on a 90-day assessment that included reviewing job descriptions, along with policies and standards. It’s an approach she heartily recommends for a number of reasons. First, in reviewing job descriptions, West founds a lack of detail that could cause confusion around roles and […] …

Having risen through the IT ranks (often coming out of infrastructure or networking), CIOs know technology inside and out, but when they do hit the C-suite, there is another skill and relationship that is almost as important in determining success -- and that's the understanding of finance and their relationship with the CFO. So what financial chop…