Inside CHIME: Crafting a Cybersecurity Plan for All of Healthcare

Inside CHIME - header

Weinstock 70x70 9.1.16 by Matthew Weinstock
Director of Communications and Public Relations, CHIME

CHIME board member Theresa Meadows, R.N., is leading a federal effort to craft a set of recommendations that the entire healthcare industry can use to better protect patients and sensitive information.

Navigating the complexities of cybersecurity for a hospital is tricky enough, but try developing an action plan for the entire healthcare industry. Where hospital leaders are worry about protecting patient data and keeping life-saving devices operational, big pharma is concerned about trade secrets and strategic plans falling into the wrong hands. Insurers fear a breach that leaves millions of patient records and payment information vulnerable. Then there are labs, small physician offices, home health agencies, medical device manufacturers, and so on. Add in the Internet of Things, mHealth and consumerism, and the web gets much more tangled.

“Healthcare is different from any other industry,” says Theresa Meadows, R.N., CHCIO, senior vice president and CIO, Cook Children’s Health Care System, Fort Worth, Texas. “We have multiple sectors that comprise one big sector, each with different vantage points and resources.”

As co-chair of the federal Health Care Industry Cybersecurity Task Force, Meadows is tasked with leading a group of 20 experts in analyzing what other industries are doing to shore up their defenses and developing a set of recommendations that could apply across healthcare. While it is a daunting assignment, Meadows says that the task force, which has held two face-to-face meetings since April, along with monthly teleconferences, has made a fair amount of progress. There’s a common concern for data integrity, whether its patient information or intellectual property. Additionally, all of the stakeholders see value in improving information sharing; figuring out how to leverage what’s out there is another story.

The federal task force was created under the Cybersecurity Information Security Act of 2015. Meadows was one of nearly 200 people to people from across healthcare to apply for a seat at the table. She wasn’t a household name in cybersecurity circles, so, admittedly, it seemed like a long shot.

“I was taken aback when I got the call that they wanted me on the task force and that they wanted me to be co-chair,” she says. But Meadows’ diverse background, as well as serving on the CHIME board, were major pluses. A registered nurse by training, Meadows found her second calling in health IT. She earned a master in informatics at a program that was specifically designed to train people to become a CIO. Her career took her from consulting to a web developer and, ultimately, back to healthcare. She was mentored by Tim Stettheimer, senior vice president and regional CIO at Ascension Health Information Services, before being named CIO at Cook Children’s six years ago.

Ultimately, Meadows hopes that the task force can create a set of recommendations that anybody in healthcare can utilize.

“We need to make information sharing work for everyone,” she says. “It’s one thing to get information, but we need to help people understand what to do with it.”

Beyond getting the industry to be in lockstep on a set of recommendations, Meadows acknowledges that the task force faces another unique challenge – its report will come out early next year, after a new administration has taken office. Keeping the issue front and center will be critical for the task force and the industry as a whole.

As it continues to study cybersecurity, the task force is looking for feedback from the industry. Join the conversation on the task force’s blog page. Meadows and fellow task force member David Ting, co-found and CTO, Imprivata, will provide an update on task force activity at the CHIME16 Fall CIO Forum, Wednesday, Nov. 2.

On a related note, CHIME and AEHIS are asking members to complete a brief cybersecurity survey to better inform our advocacy. The results will be shared with the task force.

More Inside CHIME Volume 1, No. 25: