[ISN] Presbyterian CISO stresses importance of governance

http://healthitsecurity.com/2013/07/22/presbyterian-ciso-drives-home-importance-of-governance/ By Patrick Ouellette Health IT Security July 22, 2013 Without the right governance in place, a Chief Information Security Officer (CISO) is unofficially on their own island with little help from the outside, according to Kim Sassaman, CISSP and CISO of Presbyterian Healthcare Services of New Mexico. During last Wednesday’s Institute for Health Technology Transformation (iHT2) “Governance is the Key to Enterprise Execution of your Security Program” webinar, Sassaman explained why governance can be misinterpreted and how it’s applied at Presbyterian. Sassaman, who is also the Information Security Director, began by explaining how Presbyterian is an integrated system, health plan and delivery system with eight Hospitals, 80 clinics and 400 employed providers. He said that historically, security has to kick open doors but that governance is the key to opening closed doors. In the past, according to Sassaman, the clinical side thought IT folks were against them and didn’t know how they could help. Whereas now, the paradigm shift has enabled IT to be in the driver’s seat and force decisions upon clinical staff. In an ideal world, both sides would work in unison. “You want to get to the point where physicians are embracing the controls and policies that you’re deploying and they’re even the ones championing it,” he said. “And the best way to do that is governance.” […]