Tony Douglas entered the healthcare technology field in 2001 inspired by the mission of patient care. He wanted to be part of an industry that focuses on a meaningful function in society. Since the start of his career, Douglas has been hooked on technology within healthcare because of the benefits realized, ranging from operational efficiencies to break-through enhancements to patient care. He initiated his career at Kodak within its health imaging division and has since accelerated to become vice president of sales and operations for healthcare at Symantec, a Fortune 500 cybersecurity software and services provider.
There is no doubt that technology has advanced healthcare by leaps and bounds. Conversely, it has also added a layer of complexity, especially with regard to data security. “With the inception of the HITECH Act in 2009, hospital systems rushed to adopt EMR capabilities; however, cybersecurity was a bit of an after-thought,” Douglas says.
As protected health information and sensitive data were being shared electronically with minimal security measures in place, systems became a prime target for malicious hackers, who swooped in with a wide range of targeted attacks on the provider community and a plethora of reported breaches. The good news is that healthcare leaders now understand that security is a necessity, as it poses major consequences and risk to patient safety.
Now, more than ever, security needs to be an enabler of innovation. The proliferation of mobile devices, benefits of cloud computing, AI, and machine learning are just a few examples of how hospital systems are embracing their digital transformation journey to drive improved outcomes. Douglas contends, however, that until a sound approach is adopted to securing the data, hospitals will not move as fast as they’d like. In order for organizations to truly benefit from the digitalization process, he explains, they must embed cybersecurity as a core tenet of each project.
While this concept may seem obvious, this mind-set often gets overlooked and causes detrimental effects for organizations who neglect to do so. Considering the amount of sensitive data that a health system maintains, hurrying through the initial steps to ensure a safe digital environment could lead to potentially damaging consequences, including patient harm, loss of revenue, and even reputational impacts to the health system’s brand. As Douglas puts it: “If you don’t build your home on a solid foundation, then the entire structure is at risk.”
For the VP, keeping security at the forefront of this transformation is vital—making sure information is accessible solely to the right people and routinely assessed for risk is key. Douglas shared with America Healthcare Leader three key precautionary steps for providers to consider, when executing their digital transformation initiatives and revolutionize the way patients, doctors, and stakeholders alike experience healthcare.
Devote Appropriate Resources to Security
Healthcare consistently lags behind other industries when it comes to investing in cybersecurity. “Industries that are technologically driven and subsequently more mature with respect to IT security will allocate an average of twelve percent or more to their overall IT budget to security,” he explains. “Whereas, healthcare today typically devotes an average of six percent. IT leaders must ensure that funding is being proportionately allocated to make sure the security program established can meet the needs of the overall health system as they continue down the path of digital transformation.”
The industry has also struggled with recruiting and retaining a workforce with the necessary skill set to protect their organization from cyberthreats. To help solve for this, Douglas recommends that hospitals consider outsourcing areas within their security operations that can serve as an extension of the team to guarantee a constant watch on the environment. In turn, this will return valuable time to the internal team to focus on more strategic initiatives.
“I believe that by demonstrating a commitment to IT security up front, we will give patients the same level of trust and confidence with their data as patients do with their clinicians.”
Give Security a Voice
“IT security needs to be properly represented when changes or new endeavors are pursued within the health system,” Douglas says. “Security, historically, has been an afterthought. Security must have a seat at the table when decisions are made, whether it’s being part of the due diligence process of a potential acquisition—or say, if the organization is pursuing a cloud initiative. Any endeavor that will have a technology impact, must incorporate input from security and be factored into the overall decision process.”
Reduce the Complexity
As the traditional four walls of a hospital dissolve, the security environment is becoming even more complex on its own accord. “As providers continue to embrace the cloud, and the definition of an endpoint expands to IoT and mobile devices, it’s imperative that security programs and corresponding controls extend out to those expanded areas,” Douglas says. “Be sure to define where your IT environment begins and ends, and where you and your business associates assume responsibility.”
“Vendors, too, have played a part in creating some of this complexity,” he acknowledges. “We’ve been selling tools to fix one specific problem, causing tool fatigue and putting the integration in the hands of the customer.” Douglas recommends that hospitals look to adopting an integrated cyber defense approach to ensure they can adapt their security to meet the changing needs of patient care.
Douglas and the Symantec team are working to solve this dilemma by helping organizations shift from a reactionary position to a more strategic approach of holistic security. “We want to be a trusted advisor for our clients as they go through this digital transformation. We are here to partner long term and help the health care community achieve their digital goals and objectives. It’s important that we align by understanding the organization’s strategic objectives and map the necessary security framework to ensure those objectives can be achieved safely, securely, and with confidence. That’s our mission.”
Digital transformation can mean different things to different stakeholders depending on the initiative. “Whether it’s leveraging technology to reach a better patient outcome or streamlining operations to create better efficiencies and reduce costs, digital transformation is fundamentally about patient care,” Douglas says. “The core of the success of these initiatives is a confidence that the data used is secure and reliable. I believe that by demonstrating a commitment to IT security upfront, we will give patients the same level of trust with the handling of their data as patients do with their clinicians.”