A CIO Outlines Top Security PrioritiesSpooner of Sharp HealthCare Also Analyzes Survey Results
"Almost every week there is some kind of a reported breach around the country involving thousands of patient records being potentially compromised," Spooner notes in an interview about the survey results with HealthcareInfoSecurity. Fear of bad publicity, and potential fines, stemming from breaches are "increasing the emphasis ... on improving our security profiles,' he says.
Another priority at Sharp HealthCare this year, Spooner says, is implementing "a more formalized governance, risk and compliance program."
The survey also shows that top security technology investments for 2013 include an audit tool or log management, a data loss prevention system and a mobile device management system.
"Like many organizations, we are implementing a mobile device management product that includes a security suite to help secure mobile devices in recognizing that we are seeing more and more requests to use iPads and other similar mobile devices on our system," Spooner says. "We really need to ensure that we're providing adequate protection around that."
In the interview, Spooner also discusses:
- His surprise that less than half of survey respondents say their organizations have a documented information security strategy, which he sees as essential;
- Why updating a risk assessment annually is an important way to deal with emerging risks;
- Why winning support from senior executives for security investments can be difficult. "Unfortunately, I think the key to winning senior executive support is to have a breach or have your neighbor have a breach," he says. "There's nothing that gets your attention more than a bad experience."
Spooner has been at Sharp HealthCare, a San Diego-based provider organization with seven hospitals, for about 30 years, and he has served as CIO for more than 15 years. In 2009, he was the recipient of the John E. Gall Jr. CIO of the Year award from the College of Healthcare Information Management Executives and the Healthcare Information and Management Systems Society. He was chair of CHIME in 2006.