by Matt Ferrari
Chief Technology Officer
As I write this I am realizing a goal that I’ve been striving for – to launch a podcast series.
The new series – CTO Talk – will explore the issues, challenges and opportunities impacting healthcare technology today. Each episode will initially air on HealthcareNOW Radio for a month, then will be available on my SoundCloud channel.
You can stream this first episode on demand here.
In this first episode, my guest is Chris Bowen, ClearDATA’s chief privacy and security officer. With decades of expertise, Chris joins me to discuss what you need to be thinking about with regard to security incident management in healthcare. We’ll explore how you can utilize people, processes, and technology to not only identify, but mitigate and respond to security incidents.
Building out an incident response team is a complex process. Sometimes in healthcare I see a rush to call things a breach based on an IT perspective, not from a legal perspective, and this is a mistake, so building and educating a team on the right process is critical. The best way to approach it is to plan for it before it happens, because it will certainly happen at some point. Your incident response team is a big part of that equation.
Do you know who should be on your team? Do you know the legally-required process for analysis from the OCR when you suspect data has been compromised? We’ll walk you through that and more on this podcast. Some of the topics we’ll cover are:
- The most prevalent security vectors we see in breaches. What doors are hackers using to enter your data perimeter and what can you do to better protect it?
- What a defense-in-depth strategy does to protect your data, and why the cloud is well- suited to start that defense from your data, then build outward for security.
- Why you need to be sure your Business Associate Agreement (BAA) partners deeply understand not only the cloud, but also healthcare to ensure their decisions around data storage, security and networks are based on HITRUST requirements and principles.
- The important role “professional passion for security” plays when selecting your incident response team members.
- When to announce a breach, and who should announce it. This is critically important, and yet many healthcare organizations have not created simulations or scenarios to play this out, making themselves vulnerable to mistakes in the event a breach occurs.
- How to balance the pace of innovation within your cloud service provider, security, and dev ops teams to maximize your ability to focus on your core competence – providing excellent patient care.
So, give it a listen during your commute or your workout, and let us know what you think. We’re looking forward to many more conversations on the road ahead. You can follow this podcast series on Twitter with #CTOTalk and I’m on Twitter @mpferrari.