Balancing Strong Security With Clinicians' NeedsOmar Khawaja, CISO at Highmark Health, Discusses Key Challenges
What are some of the critical considerations for aligning strong security controls with the workflow needs of clinicians? Omar Khawaja, CISO of Highmark Health, which includes health plans and the Pittsburgh-based healthcare delivery system Allegheny Health Network, discusses key issues.
Doctors and nurses sometimes push back on security measures that they perceive as preventing them from quickly accessing patient information needed to make important treatment decisions, the CISO says in an interview with Information Security Media Group. Measures that can generate resistance unless the need is carefully explained, he says, include default timeouts in electronic health records systems and certain authentication methods.
"Too much security can hinder the business from achieving its objectives - and conversely, too little security can also disrupt the business in surprising ways and therefore prevent the business from achieving its objectives," Khawaja stresses. "Ultimately, it should be about security serving the needs of the business."
In this interview (see audio link below photo), he also discusses:
- Other challenges in aligning security with business needs in healthcare;
- Balancing compliance with broader security risk management issues;
- Mistakes to avoid in implementing security risk management strategies.
Khawaja is vice president and CISO for Highmark Health, a national health and wellness organization that employs more than 40,000 people and serves millions of Americans in all 50 states. Khawaja has spent more than 15 years delivering, developing and managing security solutions for startups, service providers, consulting firms and enterprises. Previously, Khawaja was with Verizon Enterprise Solutions, where he was responsible for a portfolio of security solutions.