By Aine Cryts
What matters is how you educate your people about preventing data breaches, says George S. Conklin, senior vice president and CIO at Dallas, Texas-based CHRISTUS Health, one of the nation’s largest Catholic healthcare delivery systems.
Conklin notes that talking about his organization’s success with data security is like “waving a red flag at a bull.” He acknowledges that CHRISTUS Health is never going to have a 100% secure environment.
AXIS recently spoke with Conklin about his strategy for preventing data breaches.
AXIS: Tell me about CHRISTUS Health and why preventing data breaches keeps you up at night.
Conklin: CHRISTUS Health is a multinational corporation. We have hospitals in the United States, Mexico, and Chile. Soon we’ll announce a partnership in another Latin American country. We have over 60 hospitals and we’re expanding and growing in the domestic United States and in Latin America. My responsibility is for IT infrastructure and the systems environments across all of those locations.
The United States is a big magnet for all of the folks who are engaging in health data theft— whether they’re doing so for criminal or political (including terrorism) reasons. We see evidence of this every day when we’re doing our own perimeter protections. There are lots of [hackers] out there trying to get into our information systems to steal information. And what we’re seeing is probably only the tip of the iceberg.
AXIS: What do you keep in mind as you keep your systems secure?
Conklin: Our strategy for preventing data breaches entails designing the technology and the underlying network infrastructure that ensures that we’re able to meet the mission of CHRISTUS Health, which is to extend the healing ministry of Jesus Christ to everyone we serve in every one of our markets. We want to have the very best in clinical and operational capabilities in those markets, and we want to be able to effectively manage those from our corporate headquarters here in Dallas.
We want insight into how well those operations are running—or aren’t running. And that implies a level of connectivity and transmission of information. Whether it’s file transfers or real-time data access or data that’s stored in our data warehouse that’s reported on in real-time ways. We are concerned about the fact that people are trying to get into U.S.-based systems but are also very likely trying to get into our [Latin American] partners or our subsidiaries if they’re not equally as well protected as CHRISTUS Health
AXIS: How much is technology part of the strategy…and how much are people part of it?
Conklin: Both are equally important. What matters is how you educate your people about preventing data breaches. How you acculturate your people and your technology is critical.
The reality is this: The largest number of violations occurs because people do something careless. Helping to prevent data breaches is about sensitizing people as to what they need to do. It’s making people understand that security is really everyone’s job. For example, I go home at night and I lock my doors and turn on my alarm every night. That’s my responsibility. When I wake up in the morning and I see that the security system has a green light on it— which means that my wife didn’t set it when she came upstairs the night before—I get a little twist in my stomach. My point is that there’s a piece of security that’s everybody’s responsibility. Everybody has to have ownership of that.
We could, from an IT perspective, lock up our systems. We could make them impossible for people to get to, and secure them as best we could. We could do a lot more than we do today, and then utilization of those systems would deteriorate. And the value that those systems would bring to the clinician practicing at your bedside would go away. We have this balance that we have to strike between providing ease of access and being secure.
About George S. Conklin:
George S. Conklin is senior vice president and CIO at CHRISTUS Health, one of the nation’s largest Catholic healthcare delivery systems. He is responsible for all aspects of the delivery of information management and communications systems services. Conklin supports the hospital network across four states, in two countries, and in more than 300 locations.
In 1997, Conklin received the Smithsonian Institution Face of Innovation Award. He writes and lectures frequently in the areas of healthcare informatics, systems implementation, ROI, clinical quality, and the management of complicated information systems, biomedical, and operating environments.