Healthcare organizations are facing a persistent, accelerating barrage of cybersecurity threats that pose risks to data security and patient privacy. Increasingly, healthcare CISOs and IT leaders are recognizing that when it comes to securing patient data, it takes a village—every team member at the organization needs to advance upon the organizational cybersecurity framework.
Pamela Banchy, R.N., is the CIO and vice president of clinical informatics and transformation at Western Reserve Hospital and Health System, a physician-hospital organization based in Cuyahoga Falls, Ohio, with Western Reserve Hospital serving as one of Northeast Ohio’s most advanced community hospitals. Banchy is slated to be a speaker at Healthcare Informatics’ Cleveland Health IT Summit at the Hilton Cleveland Downtown on March 27 to 28, where she will participate in a panel discussion on clinician and IT collaboration on cybersecurity and privacy practices. Banchy will share her perspectives on cybersecurity challenges and how clinicians and security personnel can collaborate to craft effective incident response protocols, among other topics.
Banchy is an experienced health IT and nursing informatics leader and has been in healthcare for more than 30 years. Before becoming CIO of Western Reserve, she was the system director of clinical information systems for Summa Health System in Akron, Ohio. Healthcare Informatics Associate Editor Heather Landi recently caught up with Banchy to discuss cybersecurity challenges as well as what her top priorities are right now and what her nursing informatics background brings to the CIO role.
There is often tension between security personnel and clinicians regarding clinical workflows and security elements. Is that changing, and are you working to address that at your organization?
It’s evolving, and it’s evolving through public recognition that that this is something that needs to be paid attention to and that there needs to be education and training. I think that the government has done a good job of leading organizations to awareness. Obviously, with Meaningful Use, and with the security aspect of walking through what that means from a regulatory requirement perspective, that was a first step. That was several years ago, and now it’s at a different level whereas, across the U.S., there have been some known risks and exposures, and with the expectation and confidence that those who are in IT value and respect that, and do everything they can to protect that information. From a tension perspective, security is an inconvenience and it is viewed that way by many, but it’s also seen as a necessary aspect of risk-adverse behaviors, with the recognition that there are people out there who want to cause harm. It is seen as an inconvenience; it’s extra steps, it’s extra clicks. The biggest area where we see that is communication, peer to peer, and secure texting. That, right now, is uppermost in many organizations, and CMS [The Centers for Medicare & Medicaid Services] just came out with a statement about texting and PHI, and the rules around that. I think a lot of that is difficult; it’s creating some challenges with respect to enforcement. And so, if I see any tension, it’s around the enforcing of the best practices from a security and safety perspective. [Editor’s note: In January, CMS released a memo clarifying its policies on whether healthcare providers can use text messages to communicate patient orders. CMS stated that texting patient information among members of the healthcare team is permissible if accomplished through a secure platform, but texting of patient orders is prohibited regardless of the platform utilized. CMS stated that providers should use Computerized Provider Order Entry (CPOE) to submit patient orders.]
What are your top priorities right now at Western Reserve?
Our biggest one is obviously security. We have a major undertaking, both with our internal and external security program. Another priority is to look at ways that we can continue to be efficient in providing our clinicians with the right information at the right time with the right method, and how do we do that, whether it’s through HIEs [health information exchanges] or dynamic tools. So, that’s a huge undertaking for us.
You are a CIO with a nursing and nursing informatics background. What does your nursing background bring to the CIO role?
I would consider it unusual [for a CIO to have a nursing background] and I’ve been in healthcare for over 35 years, as a nurse. I’ve been in IT for 25 of those years. I think it’s allowed me to understand the needs of the patient, and organizationally, our mission and vision of a patient-first, patient-centric focus. I understand what that means and I am able to translate that. I’m also what I would consider a transformational leader; I transform for those that are more technical in their skills, training and job functions as to what that means to the patient and the clinician. And that, I believe, lends itself to not only credibility to the organization, but also credibility to the IT and IS department.
What are some current initiatives that you are focusing on in that clinical transformation role?