Electronic Healthcare Records , Governance & Risk Management
Working with EHR Vendors on Security
Indiana University Health's Mitchell Parker on Collaborative EffortsIn a sign of progress, more small healthcare organizations are collaborating with each other - and with their electronic health records vendors - to bolster their information security efforts, says Mitchell Parker, CISO at Indiana University Health.
See Also: OnDemand | Making the Connection Between Cybersecurity and Patient Care
"The trend that I've seen over the past few months has been a lot of the [EHR] vendors working with their customers to better improve their security," Parker says. "The healthcare environment is a lot more complex than a bank or a small business. ... It takes a lot more work to secure a doctors' office or a small hospital than it would a comparable bank or smaller organization. ... There's a lot more support you have to be able to provide. So it's a lot more complex."
Smaller organizations also are increasingly working together on governance and compliance issues through such organizations as the National Health Information Sharing and Analysis Center and the Information Systems Security Association, he says.
In a video interview at Information Security Media Group's recent Healthcare Security Summit in New York, Parker also:
- Describes how smaller organizations can improve data security through outsourcing;
- Discusses the collaborative approach to information security taken by the dozens of units within Indiana University.
Parker is executive director, information security and compliance, at Indianapolis-based Indiana University Health. He formerly served as CISO at the four-hospital Temple University Health System as well as CISO for Temple's clinical faculty practice plan, Temple University Physicians. Previously, he was an information security consultant to the Defense Logistics Agency and others.