On January 20, 2017, we will watch as power transitions from one president to the next. The new president will take an oath and speak to the American people for the first time as their elected leader. In his inaugural address, the incoming president usually tries to explain what he intends to accomplish over the next four years. Some, like these duds, overdo it, and belabor unimaginative points of policy and ideologies in a failed attempt to seem presidential. Others inspire and successfully demonstrate the executive leadership that will influence their term as president.
In light of the upcoming inauguration, let’s take a note from the more rousing inaugural addresses in American history and see what words of wisdom Healthcare CISOs can apply to daily operations at their organizations.
Have Nothing to Fear – But Fear Itself
“This great Nation will endure as it has endured, will revive and will prosper. So, first of all, let me assert my firm belief that the only thing we have to fear is fear itself—nameless, unreasoning, unjustified terror which paralyzes needed efforts to convert retreat into advance. In every dark hour of our national life, a leadership of frankness and vigor has met with that understanding and support of the people themselves which is essential to victory.” – Franklin D. Roosevelt, Thirty-Second President of the United States of America, 1933-1945
The best way to minimize fear is to be prepared. The best way to be prepared is to have a plan. FDR knew the value of a plan. With the New Deal, FDR enacted a series of programs intended to revive the U.S. economy and pull it out of the Great Depression.
Your healthcare organization can implement a plan to prepare against the greatest security threats facing the industry today. The following roadmap of security programs and solutions can prepare your organization so well that there won’t be anything to fear.
First, improve PCI compliance with a P2PE Validated solution. P2PE (point-to-point encryption) is a methodology for securing credit card data by encrypting it from the time a card is swiped or keyed until it reaches a secure endpoint where it is decrypted. In the case that there is a network breach, P2PE keeps payment information protected and makes it practically worthless if it were to be stolen. Leveraging a P2PE solution has added benefits for healthcare organizations, as it can significantly reduce PCI scope. Scope reduction saves an organization time and resources, and also offers the peace of mind that their networks are secure. Only solutions listed on the PCI SSC website have been audited and approved by the Council as P2PE validated solutions.
Next, implement a patient portal with embedded payment functionality that keeps payment data off your network servers. A patient portal might seem like an obvious solution if your organization is looking to deliver a more consumer-friendly payment experience. A patient portal enables consumer-friendly options like e-visits, self-service scheduling and check-in, and the ability to setup and maintain a digital wallet. However, if this payment option isn’t secure and makes you vulnerable to a breach, it can cancel out the benefits. A patient portal with embedded payments that keeps payment data off of your servers maintains the convenient features of a patient portal while saving you time, money and peace of mind when it comes to security and PCI compliance.
Reach Across the Aisle
“We are all Republicans, we are all Federalists. If there be any among us who would wish to dissolve this Union or to change its republican form, let them stand undisturbed as monuments of the safety with which error of opinion may be tolerated where reason is left free to combat it.” – Thomas Jefferson, Third President of the United States of America, 1801-1809
Every effective president has been able to reach across party lines and get bipartisan support for the goals they wanted to accomplish. Similarly, CISOs can work across departments and even beyond the limits of their organization to achieve security and compliance goals.
To work well with others in your organization, an effective CISO can appeal to other departments that will be affected by new policies and procedures the CISO wants to put in place. For example, if a CISO wants to implement new technology that will enable the organization to securely and compliantly accept credit card payments online, the CISO should work with representatives from the billing department to understand how new technology will impact their workflow. The best scenario is to implement payment technology that offers the highest level of security without sacrificing convenience and efficiency for the billing staff.
An effective CISO can also learn a lot by looking outside of their organization and taking a lesson from other healthcare organizations and vendors that have found success achieving their security and compliance goals. Since the healthcare industry has its own unique challenges to meet, it is important for a CISO to work with others who understand those challenges.
Know Your Weaknesses
“The magnitude and difficulty of the trust to which the voice of my country called me, being sufficient to awaken in the wisest and most experienced of her citizens a distrustful scrutiny into his qualifications, could not but overwhelm with despondence one who (inheriting inferior endowments from nature and unpracticed in the duties of civil administration) ought to be peculiarly conscious of his own deficiencies.” – George Washington, First President of the United States of America, 1789-1797
An effective CISO knows the security of their organization is only as strong as their weakest link. One way to eliminate weak links is to use the best payment security technology available. However, it is also important that the people who interact with that technology on a daily basis have the training and tools they require to be successful. Identify the areas where your team is strong and where you need to minimize weaknesses. Hold regular training and education sessions so every member of your team has the most up-to-date knowledge about payment security at your organization. You should also attend industry conferences, such as the HIMSS Annual Conference & Exhibition, where you can learn about the latest enhancements and trends in health IT, including payment technology and security.
In summary, CISOs have plenty of examples of executive leadership from former U.S. presidents. If you’re unsure about whether you or your CISO are effective leaders, I’ll leave you with one final quote from John Quincy Adams, sixth president of the United States of America from 1825-1829: “If your actions inspire others to dream more, learn more, do more and become more, you are a leader.”