CHI Strengthens Information Security
CHI is developing a formal, structured program to safeguard the security of millions of bytes of information, including the patient, clinical and business information collected and used by employees across CHI every day.
"CHI, and the health care industry in general, has realized the need for greater focus on information security," said Sheryl Rose, vice president and chief information security officer for CHI. "We're well underway with an initial, 12-month CHI strategy for information security."
Most CHI employees are familiar with the process of employee ID and password management, but there is much more to a comprehensive information security program. "We'll address the awareness and identification of security risks, manage compliance with HIPAA privacy standards and meet industry standards for credit card processing, among other initiatives," said Rose.
Rose joined CHI in October 2010 from the financial industry, which has a strong focus on information security. "We all go to automated teller machines to make deposits or withdrawals and don't question the need to provide a password, because we know that banks use information security procedures for our protection," said Rose. "In health care, information security is for the protection of CHI, our employees and our patients. And, it's very important to address security needs in a way that patient information is protected, but patient care is not affected."
CHI's initial plan is to develop three main security programs:a
To oversee these programs as they grow, CHI created a Security Steering Committee, which includes senior national and market-based organization leaders. "This committee will set priorities for managing identified risks," said Rose.
Rose and her team already have two important information security initiatives ready for introduction:
For more information on CHI's information security initiatives, contact Sheryl Rose.