Industry Trends

The Role of the Healthcare CIO Yesterday, Today, and Tomorrow

By Susan Biddle | June 22, 2017

Today’s healthcare networks are intricate ecosystems of different networks comprised of a wide variety of connected devices and moving data, but they weren’t always this open. The industry as a whole has had to rapidly shift gears. Healthcare data now flows faster than ever, and it isn’t slowing down. As a result, the role of the healthcare chief information officer (CIO) has had to expand and adapt. As networks expand and connected devices permeate the healthcare landscape, the CIO will continue to play an increasingly important role in an institution’s success.

Below, we will examine the role of healthcare CIOs in the past, present, and future.

Healthcare CIO Duties of the Past

There was a time in the healthcare sector (not long ago) when the CIO’s job description lacked clarity and the position itself was more of a broader technology manager function. The data was localized and access was limited to a handful of authorized users. Main tasks included keeping up with network security, configuring devices, and resolving any access issues. This all began to change at a rapid rate in the 2000s.

A 2008 report published by Dartmouth University explained the potential widespread benefits of expanding healthcare networks and digitizing information. It reads, “Healthcare information systems are largely viewed as the single most important factor in improving US healthcare quality and reducing related costs. According to a recent RAND study, the US could potentially save $81B annually by moving to an Electronic Health Record (EHR) system.”

At the same time, the U.S. Congress had been considering various new legislation in order to “improve the privacy protection offered under previous regulations by creating incentives to de-identify health information for purposes necessary, establishing health information technology and privacy systems, bringing equity to healthcare provision, and increasing private enterprise participation in patient privacy.”

Data in healthcare systems once flowed at a sluggish pace, and while there were simple server issues that demanded attention, outside threats hadn’t become a reality. The rise of interconnectivity and the demand for accelerated access to patient and medical data changed that.

Healthcare CIO Duties of the Present

Due to the sensitive nature of medical data, the healthcare industry has been a bit slower to join in on the technology takeover that other industries have experienced. However, healthcare institutions risk falling behind if they don’t adjust, and the CIO has been tasked with overseeing this transition. Security plays a paramount role in making this transition possible.     

In order for patients and healthcare professionals to maintain a mutually beneficial relationship, there must be a foundation of trust. To put it simply, security must operate at the same speed as the rest of the institution. Until the digitization of patient data and addition of countless connected devices, the CIO and IT department had very clear parameters for their work and a blueprint for protecting patient trust. Now, those responsibilities and goals are fluid.

In order to make the leap to an electronic healthcare system seamless, there needs to be an adaptive security infrastructure in place that is designed to handle and defend it. When networks and data aren’t properly secured, not only will there be no improvement in the quality or cost of healthcare, but healthcare systems will also continue to be a preferred target for cybercriminals.

With so much information and so many critical devices being housed on the network, an increased focus on keeping it secure is the natural next step. While the web of connected devices provides an opportunity to improve healthcare services, it also simultaneously provides potential entry points to the network for unwanted visitors. As a result, healthcare networks are now firmly in the crosshairs of the cybercriminal community, looking to capitalize on the value of patient data and prey on the urgent need to keep healthcare networks, and the devices they support online. The CIO now has to oversee the management of a constant flow of sensitive information between departments, hospitals, doctor’s offices and suppliers, while keeping critical medical devices online. The protection of this information plays a direct role in maintaining the integrity of healthcare institutions.

Healthcare CIO Duties of the Future    

The breadth of sensitive patient information that is collected, shared, and stored makes healthcare an attractive target for cybercriminals. Medical records are worth ten times more than credit card numbers on the black market because they contain valuable data that can be used for such things as identity theft. Today, healthcare institutions are dealing with threats that will only become more complex in the future.

Mobility threats have also emerged as a direct result of the newfound reliance on laptops, tablets, and other handheld devices that connect administrators and care providers to healthcare networks. Outside threats, like those that attempt to extract sensitive information from employees or medical professionals via social media or e-mail have also complicated security.

And most recently, we have seen an alarming rise in ransomware attacks targeted at healthcare institutions. Because lives actually depend on healthcare networks being online and available, many healthcare organizations have felt compelled to pay ransoms when their networks and data have been frozen. And as can be expected, this has simply served to redouble the efforts of cybercriminals to exploit this opportunity.

Going forward, all of these attack vectors are expected to grow in complexity and frequency as the healthcare industry becomes more invested in advanced technology. In order to keep pace with the growing threat landscape, CIOs will need to increasingly rely on security partners and a network of alliances.

With this increased scope of responsibility, it is reasonable to expect CIOs will need to continue the trend of establishing themselves as key executives with the power to make decisions that could alter the institution’s future. The CIO will be expected to blend advanced technology and services while building a team of tech professionals and an integrated and adaptive security infrastructure that is prepared to adapt to increasingly sophisticated and complex threats. In this role, they will be the point person on everything pertaining to system data, system security, and analytics.

The Bottom Line

Putting a premium on the protection of patient data can stretch an institution’s IT department thin if a proper solution isn’t installed. The burden to address this challenge falls squarely on the CIOs shoulders. With Fortinet Solutions for Healthcare, including the highly adaptive Fortinet Security Fabric, however, those fears can be alleviated. The role of the healthcare CIO has been evolving at the same rapid pace as the technology that is driving the healthcare sector forward, and will not slow down any time soon. It is imperative that they choose and adopt a security strategy that is designed to evolve with them.

Let’s get a conversation going on Twitter! Where do you see the role of the healthcare CIO heading as we move into the future?