[ISN] How a community hospital CIO stays ahead of the security curve

http://healthitsecurity.com/2014/04/03/how-a-community-hospital-cio-stays-ahead-of-the-security-curve/ By Patrick Ouellette Health IT Security April 3, 2014 When a smaller community hospital doesn’t necessarily have the same level of funding and resources as a larger hospital or healthcare network, it’s forced to maximize what it already has in place while staying in line with federal regulations. In many ways, the type of privacy and security work required of community hospitals may be comparable to a small-market sports team competing against teams that are consistently replete with resources. Jeff Brown, Lawrence General Hospital CIO, explained to HealthITSecurity.com during a recent interview how he and his team deal with the realities of data breaches and potential federal audits on a somewhat limited IT security budget. Brown maintains that his challenges at Lawrence General, of Lawrence, Mass., are representative of the thousands of community hospitals throughout the country. Simultaneously, privacy and security are at the forefront of every CIO’s mind because, Brown said, they are the “custodians” of the data. But to fill some of those gaps, Lawrence General is innovative on the program side. Lawrence General doesn’t have a formal Chief Information Security Officer (CISO); instead, Brown serves as the de facto CISO and there’s a separate Privacy Officer, who is a domain expert. Though this is fairly standard practice for smaller community hospitals, Brown said Lawrence General’s robust information security (IS) program and team help set it apart from other organizations. Brown, of course, must maintain an equilibrium when working with new technology products and building a secure infrastructure. […]