The rapid evolution of technology is changing the way virtually every business runs. In healthcare, whether it's program development, workflow, supply chain or care delivery, technology plays a critical role. And although technology offers multitudes of opportunities to provide better, more efficient care, it also creates new areas of vulnerability — which is why it demands attention from the entire leadership team.
While CEOs have traditionally viewed technology as a responsibility belonging only to the CIO and IT department, that mindset can be detrimental to healthcare organizations in today's rapidly changing environment. It will lead to missed opportunities for innovation and growth. Although IT professionals provide expertise and support, CEOs must be closely involved in technology strategy and management.
We've seen this in the widespread implementation of EMRs. This technology requires massive financial and time investments, system-wide coordination and concerted efforts for training and acclimating staff. The adoption of EMRs is as much a strategic management issue as it is a technology issue. Another example: As health systems continue to invest in telemedicine, healthcare leaders — including the CEO, CIO and clinicians — must work together to determine the scope of such initiatives, as well as a myriad of other details.
And of course, the stakes around cybersecurity are enormous. The issue requires significant attention from the entire leadership team. News of security hacks appear in the headlines regularly — a study from the Protenus Breach Barometer found an average of more than one health data breach occurring per day in 2016. Keeping private information secure is not just the responsibility of the IT department, but it should be a top imperative for executives, managers and staff across all levels of the organization. Everyone plays a part.
As the rate of technology development increases and its application in healthcare grows, CEOs must be aware of the unbelievable opportunities technology offers, but equally cognizant of the dangers it poses.
Cybersecurity as a systemwide imperative
There's no such thing as total security anymore. You must make every effort to strengthen security as much as possible, but operating under the assumption that your organization is completely immune to or protected from a breach is negligent.
One thing Northwell Health has done — and something I've seen more health systems begin to do — is create a role wholly dedicated to enhancing the security of patient data, and the network and systems the health system depends on every day. A chief security officer ensures the organization's systems are as safe as possible. The CSO and cybersecurity department test the organization's security system for holes to find out how hackers could break in and gain access, then determine how to mend those holes. This work is incredibly valuable and important.
Investing in a CSO and security department is an important step, but employee education remains a critical aspect of robust cybersecurity. We must educate all employees on all of the ways a breach can occur, as well as how to handle sensitive material. For example, they need to know how to secure their laptops, make sure they know which information cannot be shared and what types of information shouldn't be communicated through email.
Cybersecurity education is more than a one-time, two-hour seminar as part of the onboarding process. Truly effective education is ongoing and comprehensive. I cannot emphasize this enough — cybersecurity is not just the job of the IT department. It is every member's responsibility in the organization to mitigate risks of a breach and protect private information.
How CEOs should approach tech
Some CEOs are tech savvy, but many are not. Personally, I am far from being as knowledgeable as I should be. However, I educate myself on the dangers and risks that exist. This is something I believe every CEO should prioritize. We should engage heavily in understanding this world, because as technology continues to progress, its prevalence in healthcare will only increase.
Technology offers unbelievable opportunities in healthcare — both on the clinical side and on the business and operations side — but it also carries serious risk. Hacking and data breaches are realistic and stubborn dangers we face each day. No CEO in healthcare has the luxury of dismissing these threats or viewing the work to prevent them as optional.