Issue link: https://beckershealthcare.uberflip.com/i/777561
66 THOUGHT LEADERSHIP The CEO's Role in Tech and Cybersecurity By Michael Dowling, President and CEO of Northwell Health T he rapid evolution of tech- nology is changing the way virtually every business runs. In healthcare, whether it's program development, workflow, supply chain or care delivery, technology plays a critical role. And although technology offers multitudes of op- portunities to provide better, more efficient care, it also creates new ar- eas of vulnerability — which is why it demands attention from the entire leadership team. While CEOs have traditionally viewed technology as a re- sponsibility belonging only to the CIO and IT department, that mindset can be detrimental to healthcare organizations in today's rapidly changing environment. It will lead to missed opportunities for innovation and growth. Although IT profes- sionals provide expertise and support, CEOs must be closely involved in technology strategy and management. We've seen this in the widespread implementation of EMRs. This technology requires massive financial and time invest- ments, system-wide coordination and concerted efforts for training and acclimating staff. The adoption of EMRs is as much a strategic management issue as it is a technology is- sue. Another example: As health systems continue to invest in telemedicine, healthcare leaders — including the CEO, CIO and clinicians — must work together to determine the scope of such initiatives, as well as a myriad of other details. And of course, the stakes around cybersecurity are enor- mous. The issue requires significant attention from the entire leadership team. News of security hacks appear in the head- lines regularly — a study from the Protenus Breach Barometer found an average of more than one health data breach oc- curring per day in 2016. Keeping private information secure is not just the responsibility of the IT department, but it should be a top imperative for executives, managers and staff across all levels of the organization. Everyone plays a part. As the rate of technology development increases and its application in healthcare grows, CEOs must be aware of the unbelievable opportunities technology offers, but equally cognizant of the dangers it poses. Cybersecurity as a systemwide imperative There's no such thing as total security anymore. You must make every effort to strengthen security as much as possible, but operating under the assumption that your organization is com- pletely immune to or protected from a breach is negligent. One thing Northwell Health has done — and something I've seen more health systems begin to do — is create a role wholly dedicated to enhancing the security of patient data, and the network and systems the health system depends on every day. A chief security officer ensures the organization's systems are as safe as possible. The CSO and cybersecurity department test the organization's security system for holes to find out how hackers could break in and gain access, then determine how to mend those holes. This work is incredibly valuable and important. Investing in a CSO and security department is an important step, but employee education remains a critical aspect of robust cybersecurity. We must educate all employees on all of the ways a breach can occur, as well as how to handle sen- sitive material. For example, they need to know how to se- cure their laptops, make sure they know which information cannot be shared and what types of information shouldn't be communicated through email. Cybersecurity education is more than a one-time, two-hour seminar as part of the onboarding process. Truly effective ed- ucation is ongoing and comprehensive. I cannot emphasize this enough — cybersecurity is not just the job of the IT depart- ment. It is every member's responsibility in the organization to mitigate risks of a breach and protect private information. How CEOs should approach tech Some CEOs are tech savvy, but many are not. Personally, I am far from being as knowledgeable as I should be. How- ever, I educate myself on the dangers and risks that exist. This is something I believe every CEO should prioritize. We should engage heavily in understanding this world, be- cause as technology continues to progress, its prevalence in healthcare will only increase. Technology offers unbelievable opportunities in healthcare — both on the clinical side and on the business and opera- tions side — but it also carries serious risk. Hacking and data breaches are realistic and stubborn dangers we face each day. No CEO in healthcare has the luxury of dismissing these threats or viewing the work to prevent them as optional. n We've partnered with our physicians on imaging centers and cardiac testing centers. We've also partnered with two of the closest medical schools to bring more sophisticated medicine to work with our doctors. We have half a dozen partnerships with the University of California and some with Stanford University, all of which help us remain on the cutting edge of bringing sophisticated care to Marin. As another example, we put together a $90 million, 15-year partnership with Phillips Corp. to take us from the old hospital into the new one. It's a long-term partnership that will embed one or two technologies at the hospital and get us early access to new technology if we choose. In our market there are several large systems. When you're all in- dependent, those systems that were formerly competitive with each other now become potential partners. When you become a free- standing independent hospital, the doors that were closed due to competition become open. Overall, we are partnering to gain what we need that we can't do our- selves so that we can remain freestanding. n