Last week I had the opportunity to participate in the CHIME 14 CIO Forum in San Antonio, Texas. This year the College of Healthcare Information Management Executives (CHIME) hosted over 800 industry professionals from all areas of the healthcare field representing the largest forum in their history.
If you aren’t aware, CHIME is an executive organization dedicated to serving chief information officers and other senior healthcare IT leaders. With more than 1,400 CIO members and over 140 healthcare IT vendors and professional services firms, the organization provides a highly interactive, trusted environment enabling senior professional and industry leaders to collaborate; exchange best practices; address professional development needs; and advocate the effective use of information management to improve the health and healthcare in the communities they serve. The CIO Forum is a highlight to the organization’s year round activities.
The Forum is particularly unique from my standpoint because rather than a trade show with vendor booths, it’s an interactive conference that provides a variety of opportunities and venues to interact with colleagues, vendor partners, industry experts and SMEs. CIOs can gather information on vendors and partners at information tables in the Best Practices Institute Solutions (BPI) Showcase as well as meet with them individually over the course of the week. It provides the opportunity for CIOs to review real-life solutions to some of their most difficult IT challenges, which really creates the opportunity for collaboration between health care providers and vendor partners like Avatier.
CHIME CIO Forum Cyber Security Focus
Security was one of the major topics at the CIO Forum. CHIME’s Vice President for Public Policy, Jeff Smith made the comment that hospitals are reeling from the high-profile disclosure of various breaches along with a presidential order to do more about health information security. These factors led to a National Institute of Standards and Technology cyber security framework that came out last February. He added that the conversation in Washington is getting more mature around cyber security, but there is still a tremendous gap between developing an appropriate response without hurting the industry.
In fact, one of the best speakers I heard was during a plenary session featuring Theresa Payton, who is one of America’s most respected authorities on Internet security, net crime, fraud mitigation, and technology implementation. As White House Chief Information Officer from 2006 to 2008— the first woman ever to hold that position, she administered the information technology enterprise for the President and 3,000 staff members.
She pointed out that the specter of a massive cyber attack is the most urgent concern confronting the nation’s information technology infrastructure today and suggested solutions that she feels will strengthen cyber security measures and neutralize cyber criminals in the future.
As a result of this focus, I was pleasantly surprised at how much interest there is in Avatier. The majority of the people I spoke with were quick to point out how much the industry must increase its commitment to identity and access management. They recognize a growing need for tighter controls on access, management, compliance, auditing and governance. The government, of course, is driving some of this, but the way they asked the questions made it apparent that this concern extends way beyond existing regulations.
Avatier’s IT Risk Management module was of particular interest. Everyone I talked with saw the benefit of an alert mechanism in an IAM and governance framework. They were specifically intrigued by our contextual approach, which give the option of deciding which requests and access levels are specifically more critical within their operation by applying visual risk identifiers from green, yellow and red. They were impressed by the fact that our risk analysis can be applied not only to access (system access and password reset), but also to physical access (for example the allocation of security cards and badges); and assets (determining and monitoring who gets which devices—everyone wants an iPad). And I got a lot of questions and interest around our Risk Scoring. They immediately saw its advantage in use across their departments or the entire organization for comparisons and trending analytics. Several people commented that this would be helpful to reveal cyber security risks through security audit and compliance management information that in the past generally remained hidden or was simply unreported. In other words, they got it. Even more important, several said they want it…after a week at the CHIME CIO forum, I understand why.
Get Your Free Top 10 Access Governance Best Practices Workbook
Learn the top 10 Access Governance Best Practices for successful implementations from experts. Sidestep the challenges that can derail GRC software and compliance management projects.
