CISO: Security must work within workflow

'If it’s not working, they are going to do something else – and usually what they’re doing is probably much less secure'
By Patty Enrado
09:59 AM
Flow chart

"The speed at which everything is happening is quicker than ever, and IT needs to be more agile than ever," said Connie Barrera, director information assurance and CISO of Miami-based Jackson Health System, speaking Wednesday at Citrix Synergy 2015 in Orlando.

Indeed, "we are, right now, facing a completely new era of healthcare," said Kurt Roemer, chief security strategist for Citrix, adding that "speed is the essence of everything for healthcare technology these days."

That includes being able to log-in quickly, move from technology to technology with ease and do one’s job without wasting valuable time documenting at the end of one’s shift, he said.

At Jackson Health System, an integrated healthcare delivery system serving Miami-Dade County, clinicians prefer mobile devices over PCs, said Barrera. While her main job is ensuring security, she must also balance functionality and consumption. "If it’s not easy to use, they’re not going to consume [the technology]; they’re going to circumvent," Barrera said.

[See also: CISO's biggest fear: 'what I don't know']

Jackson Health System includes a large research community, which means Barrera’s team must also enable its researchers to collaborate with other researchers – all the while keeping the data secure.

"That means we need to use secure solutions, we need to keep the data in the data center and we need to give them the freedom while being compliant and secure," she said.

Barrera spends a lot of time walking the hospital floors and asking clinical users how the technology is working or not working for them.

"If it’s not working, they are going to do something else," she warned. "And usually what they’re doing is probably much less secure."

"They want to do it right. They just need the right solution," she added. "The mission of IT to me is to enable the business. The main way that we enable the business is by safeguarding the data."

With so much data being produced and aggregated, Barrera insists that healthcare organizations need to streamline their operations by only protecting what really matters.

In addition to streamlining operations, healthcare organizations must also streamline clinical workflow – which is critical if clinicians are going to adopt new policies and technologies.

"Remember that the strategy is not the how and the what; your strategy is the why," Roemer said. "That security strategy that used to be very technology and facilities focused didn’t include a lot of workflow. Now it has to be focused around patients, caregivers, workflows and instrumentation. It’s going to be everywhere."

From an operational perspective, implementing virtualization solutions from Citrix, global provider of server, application and desktop virtualization, networking, software-as-a-service, and cloud computing technologies, has enabled Barrera’s healthcare organization to address both strategic goals of streamlining workflow and safeguarding the data, she said.

Yet, deploying technologies must also go hand in hand with staff training. "We need to train our people better," Barrera emphasized. "We must give them opportunities to learn. They need to understand what they’re working with."

With virtualization technology meeting workflow and data security needs, healthcare organizations can then look to innovative technology solutions to further streamline workflow.

For example, Jackson Health System is testing the use of sensors on patients so physicians who are doing rounds know whether a patient is in the room or not, which would save valuable time and streamline their workflow.

If physicians know what the current state of the patient is in before entering the room, they can determine how much time they will spend with the patient, furthering workflow efficiency. Likewise, if caregivers in the room with the patient can be alerted to the time of physician visits, the quality of the patient experience and satisfaction can be improved.

And in this new era of healthcare, along with data security and streamlined clinical workflow, patient experience, satisfaction and engagement are going to be important metrics that will determine how well a healthcare organization will succeed, Barrera concluded.