http://healthitsecurity.com/2013/10/22/a-healthcare-ciso%E2%80%99s-primary-customer-the-clinician/
By Dom Nicastro
HealthITSecurity.com
October 22, 2013
It's clear by now CISOs should work closely with the CMIO and physician
leaders responsible for clinical care and clinical systems. They can start
by attending and presenting at medical staff meetings, department
meetings, grand rounds, etc. on topics of interest to the clinical staff.
"The CISO/ISO should reach out to physicians to ask for advice and support
in developing and enhancing safeguards for information security," Phyllis
A. Patrick, president of Phyllis A. Patrick & Associates in Purchase, N.Y.
said. "The CISO/ISO should promote an 'open door' with clinicians, working
to find effective solutions to help them treat patients and educate others
while maintaining security. The response should always be, 'Let’s see how
we can help you do this securely.' The CMIO/CISO partnership is key."
CISO's must also remember to leverage resources where they can, as IT can
carry out the technical functions. Compliance and internal audit
departments can assist with some of the functions related to training,
auditing and monitoring, risk analysis and risk management and vendor
selection. Human Resources should also work on functions related to
policies for sanctions, training, assignment and termination of rights to
systems and other activities. Biomedical personnel can ensure that
biomedical devices are consistent with requirements for safeguards related
to patient information, proper disposal of equipment, etc...
Purchasing can alert the CISO to possible changes in vendors for office
equipment (copiers, fax machines, etc.) that require security safeguards.
Legal should review all security policies and provide advice regarding
compliance with federal and state regulations and new requirements as they
develop.
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
